From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Hardware Buying Considerations Date: Wed, 05 Aug 2020 12:41:12 +0100 Message-ID: <4D35212C-E911-4292-B8CF-D0863FD14947@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0854184421242470869==" List-Id: --===============0854184421242470869== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hey Jon, > On 4 Aug 2020, at 23:17, Jon Murphy wrote: >=20 >> Please let me know your thoughts or where I am absolutely wrong. >=20 >=20 > You know I am more than happy to tell you that you are wrong! ;-) Great! I love a good debate. > From the Doc side=E2=80=A6 (sorry I know this is before the Devs weigh in) Oh no, absolutely not. I just wanted to start somewhere and before we talk ab= out phrasing it nicer, we should make sure that we get the message right. > All looks good to me except for one item - recommendation That is why the title is considerations and not recommendation. If I were to recommend something it would be the Lightning Wire Labs applianc= es. There is a reason why we are selling them: They are the best you can get. https://wiki.ipfire.org/hardware/lightningwirelabs >> I am too tired of people buying - often cheap - stuff that simply does not= work and they will end up unhappy with. Hopefully we will make the experienc= e better for them and us by getting fewer questions like these. >=20 >=20 >> I do not want to recommend - at all - any specific hardware here, because = that dates very very quickly and still does not work for everyone. What I wou= ld rather like to achieve is that everyone is asking themselves the correct q= uestions before they purchase something. >=20 >=20 > I believe recommendations must happen to help keep users from buying the wr= ong stuff. It probably won=E2=80=99t be an exact part number or link to Amaz= on, but it should be something along the lines of buy this Intel i5 xyz or In= tel i7 xyz or AMD xyz. Buy this network chip and avoid that network chip. Yes, but that still does not lead you to buying something that works well. I wasn=E2=80=99t sure to include it, but what we have seen is that vendors tr= ied to save money on the board design. Therefore they connected four (or some= times even more network adapters) to one PCIe lane. That gives them all about= 1 GBit/s that they share between them, although the chipset and processor wo= uld be lot better without that limitation. However, they connected a sound device with the other ones or so. Or sometime= s a powerful GPU. A classic problem of all all-purpose servers or desktop sys= tems that are used for a firewall. The spec sheet alone doesn=E2=80=99t help you to select a good system. It mig= ht be down to trial and error. That is something we cannot do for all hardware out there. I have done that j= ob for the LWL appliances. Hence I recommend those. For other people other th= ings might work too. All those pages that we had with reviews before aged very quickly and people = where looking for long outdated hardware. The market is evolving very quickly= . So I am not trying to keep up with it. > Recommendations can come from users (via thus the IPFire Community or the W= iki) if there is no "official" recommendation. (In my mind an "official" rec= ommendation would come from Michael or a senior Dev. And yes I realize this = does not/may not really exist today) I guess if they are from the community they should be posted on IPFire Commun= ity. They are not peer-reviewed there, and I am sure that people do not spend= hours and hours of benchmarking and testing. So it is more of a recommendati= on from the =E2=80=9Cgut=E2=80=9D. > Yes, hardware dates quickly, but so does software. True, but software can easily be changed and updated. Hardware can=E2=80=99t. > And so does everything else. I realize the hardware I bought new was disc= ontinued by Intel 7+ years old but it works perfectly for my use-case (home u= se, internet 200 Mb by 10 Mb, 2-4 users, 3 computers, 15 other devices, less = than 1 hour per month VPN in). To buy my current device I ended up reviewing= the pfSense website for suggestions and recommendations. How crazy is that?= !? LOL. The BSD-based distributions have a very limited selection of hardware. I= PFire runs on basically anything. The question is only how well? I need a working internet connection in my office. So I do not want to rely o= n something that is a decade old. But I do not need a 19=E2=80=9D rack mount = appliance, because I do not have the users nor bandwidth for it. In this cate= gory I could have bought a lot of stuff, but I wanted something small and wen= t for the Mini Appliance :) In the category of more than a gigabit of throughput everything matters. -Michael >=20 > Just my 2 cents worth. >=20 > Hope everyone is healthy! >=20 > Jon >=20 >=20 >=20 >> Message: 2 >> Date: Tue, 4 Aug 2020 09:55:04 +0100 >> From: Michael Tremer >> To: "IPFire: Development-List" >> Subject: Hardware Buying Considerations >> Message-ID: <26741AC9-EA07-4684-A864-89745DCC2479(a)ipfire.org> >> Content-Type: text/plain; charset=3Dutf-8 >>=20 >> I have edited the wiki a bit and removed large parts in the hardware secti= on. >>=20 >> Although this email is about documentation, I would like to have the dev?s= opinions first before I pass this page on to the doc team. >>=20 >> Please read this: >>=20 >> https://wiki.ipfire.org/hardware/considerations >>=20 >> This is an article that should give people some guidance on what to buy. O= r rather what not to buy. >>=20 >> I do not want to recommend - at all - any specific hardware here, because = that dates very very quickly and still does not work for everyone. What I wou= ld rather like to achieve is that everyone is asking themselves the correct q= uestions before they purchase something. >>=20 >> I am too tired of people buying - often cheap - stuff that simply does not= work and they will end up unhappy with. Hopefully we will make the experienc= e better for them and us by getting fewer questions like these. >>=20 >> So what I have changed in the content is this: >>=20 >> * I am no longer recommending to have a HWRNG. I consider them pointless a= nd potentially rather harmful than helpful. >>=20 >> * I am recommending to think about security first. That means Intel is bec= oming a difficult buy, but I do not give any solutions either. >>=20 >> * People really buy oversized machines. I have seen firewalls with 256G of= RAM using about 1. What a waste of resources. >>=20 >> * I assume that accelerated AES is now the default. >>=20 >> * And finally, I put an emphasis on the network interfaces. It over-simpli= fies things quite a bit, but I think it is still more important to think abou= t those than having the latest i7 processor. >>=20 >> Please let me know your thoughts or where I am absolutely wrong. >>=20 >> Best, >> -Michael --===============0854184421242470869==--