Hey Jon,
On 4 Aug 2020, at 23:17, Jon Murphy jcmurphy26@gmail.com wrote:
Please let me know your thoughts or where I am absolutely wrong.
You know I am more than happy to tell you that you are wrong! ;-)
Great! I love a good debate.
From the Doc side… (sorry I know this is before the Devs weigh in)
Oh no, absolutely not. I just wanted to start somewhere and before we talk about phrasing it nicer, we should make sure that we get the message right.
All looks good to me except for one item - recommendation
That is why the title is considerations and not recommendation.
If I were to recommend something it would be the Lightning Wire Labs appliances. There is a reason why we are selling them: They are the best you can get.
https://wiki.ipfire.org/hardware/lightningwirelabs
I am too tired of people buying - often cheap - stuff that simply does not work and they will end up unhappy with. Hopefully we will make the experience better for them and us by getting fewer questions like these.
I do not want to recommend - at all - any specific hardware here, because that dates very very quickly and still does not work for everyone. What I would rather like to achieve is that everyone is asking themselves the correct questions before they purchase something.
I believe recommendations must happen to help keep users from buying the wrong stuff. It probably won’t be an exact part number or link to Amazon, but it should be something along the lines of buy this Intel i5 xyz or Intel i7 xyz or AMD xyz. Buy this network chip and avoid that network chip.
Yes, but that still does not lead you to buying something that works well.
I wasn’t sure to include it, but what we have seen is that vendors tried to save money on the board design. Therefore they connected four (or sometimes even more network adapters) to one PCIe lane. That gives them all about 1 GBit/s that they share between them, although the chipset and processor would be lot better without that limitation.
However, they connected a sound device with the other ones or so. Or sometimes a powerful GPU. A classic problem of all all-purpose servers or desktop systems that are used for a firewall.
The spec sheet alone doesn’t help you to select a good system. It might be down to trial and error.
That is something we cannot do for all hardware out there. I have done that job for the LWL appliances. Hence I recommend those. For other people other things might work too.
All those pages that we had with reviews before aged very quickly and people where looking for long outdated hardware. The market is evolving very quickly. So I am not trying to keep up with it.
Recommendations can come from users (via thus the IPFire Community or the Wiki) if there is no "official" recommendation. (In my mind an "official" recommendation would come from Michael or a senior Dev. And yes I realize this does not/may not really exist today)
I guess if they are from the community they should be posted on IPFire Community. They are not peer-reviewed there, and I am sure that people do not spend hours and hours of benchmarking and testing. So it is more of a recommendation from the “gut”.
Yes, hardware dates quickly, but so does software.
True, but software can easily be changed and updated. Hardware can’t.
And so does everything else. I realize the hardware I bought new was discontinued by Intel 7+ years old but it works perfectly for my use-case (home use, internet 200 Mb by 10 Mb, 2-4 users, 3 computers, 15 other devices, less than 1 hour per month VPN in). To buy my current device I ended up reviewing the pfSense website for suggestions and recommendations. How crazy is that?!?
LOL. The BSD-based distributions have a very limited selection of hardware. IPFire runs on basically anything. The question is only how well?
I need a working internet connection in my office. So I do not want to rely on something that is a decade old. But I do not need a 19” rack mount appliance, because I do not have the users nor bandwidth for it. In this category I could have bought a lot of stuff, but I wanted something small and went for the Mini Appliance :)
In the category of more than a gigabit of throughput everything matters.
-Michael
Just my 2 cents worth.
Hope everyone is healthy!
Jon
Message: 2 Date: Tue, 4 Aug 2020 09:55:04 +0100 From: Michael Tremer michael.tremer@ipfire.org To: "IPFire: Development-List" development@lists.ipfire.org Subject: Hardware Buying Considerations Message-ID: 26741AC9-EA07-4684-A864-89745DCC2479@ipfire.org Content-Type: text/plain; charset=utf-8
I have edited the wiki a bit and removed large parts in the hardware section.
Although this email is about documentation, I would like to have the dev?s opinions first before I pass this page on to the doc team.
Please read this:
https://wiki.ipfire.org/hardware/considerations
This is an article that should give people some guidance on what to buy. Or rather what not to buy.
I do not want to recommend - at all - any specific hardware here, because that dates very very quickly and still does not work for everyone. What I would rather like to achieve is that everyone is asking themselves the correct questions before they purchase something.
I am too tired of people buying - often cheap - stuff that simply does not work and they will end up unhappy with. Hopefully we will make the experience better for them and us by getting fewer questions like these.
So what I have changed in the content is this:
I am no longer recommending to have a HWRNG. I consider them pointless and potentially rather harmful than helpful.
I am recommending to think about security first. That means Intel is becoming a difficult buy, but I do not give any solutions either.
People really buy oversized machines. I have seen firewalls with 256G of RAM using about 1. What a waste of resources.
I assume that accelerated AES is now the default.
And finally, I put an emphasis on the network interfaces. It over-simplifies things quite a bit, but I think it is still more important to think about those than having the latest i7 processor.
Please let me know your thoughts or where I am absolutely wrong.
Best, -Michael