<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On May 23, 2018, at 3:09 PM, Pete Wright <<a href="mailto:pete@nomadlogic.org" class="">pete@nomadlogic.org</a>> wrote:</div><div class=""><div class=""><br class="">On 05/23/2018 13:04, Mark Saad wrote:<br class=""><blockquote type="cite" class="">Charles<br class=""> I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it’s been good .<br class=""><br class="">They do not have a complete rest api yet but it’s been easier t deal with opnsense for various uses.<br class=""><br class="">Also as someone who uses both FreeBSD and pfsense in a large corporation, the irrational belief that Linux is better at something ; just because it’s Linux , is rampant .<br class=""><br class=""> As to Jim’s site where they say tnsr will do 10g and beyond. I am already doing it and it didn’t require a strange setup to get there . But hey bullshit sells .<br class=""></blockquote></div></div></blockquote><div><br class=""></div><div>(To Mark Saad):</div><div><br class=""></div>You’re not doing 10gbps forwarding with 64 byte packets. Let me know when you do. Maybe you’re doing 10gpbs IP forwarding with 1500 byte packets, but that’s only around 880,000 packets per second.</div><div>To do 10Gbps the hard way, you need to be able to forward 14.88 million packets per second. We’re far beyond that, Mark.</div><div><br class=""></div><div>Meanwhile, TNSR can do </div><div>42.60 Mpps (note: not Mbps, Mpps) IPv4 routing, with 700K routes and 500 ACLs,</div><div>15.93 Gpbs IPsec (AES-GCM using AES-NI) or 36.32 Gbps IPsec (AES-CBC-128 + HMAC-SHA1) using quick assist offloads.</div><div><br class=""></div><div>All these on a i7-6950X with Intel 40G NICs, and QAT offload where noted.</div><div><br class=""></div><div>You can’t do this with kernel networking on any platform. What you’re seeing with TNSR is the (near) culmination of over two years of work. That’s why it’s on the website.</div><div>It’s announced. Finally.</div><div><br class=""></div><div>The “defend your bullshit if you can” token is now in your lap, Mark.</div><div><br class=""></div><div><br class=""></div><div><br class=""></div><div>Now Pete:</div><div><br class=""><blockquote type="cite" class=""><div class=""><div class="">man this is rough - i know jim can be crusty at times,</div></div></blockquote><div><br class=""></div>Guilty. <grin></div><div><br class=""><blockquote type="cite" class=""><div class=""><div class=""> but i've been happy with pfsense for ages despite some design choices i wouldn't have made.<br class=""></div></div></blockquote><div><br class=""></div>Care to enumerate these? I’m always listening.</div><div><br class=""><blockquote type="cite" class=""><div class=""><div class="">i'm confused as to if/why centos-7 is only supported platform. centos is not something i'd ever want to run as a router or firewall - even if i had to run linux a rhel variant would be beyond my last choice.<br class=""></div></div></blockquote><div><br class=""></div>Because the enterprise market knows and accepts RHEL/Centos. Ports to Unbuntu are underway, and yes, we’ve investigated running all this on top of FreeBSD, but time to market is a thing, as this is all 100% self-funded. The long pole in the tent is porting VPP to FreeBSD. Want to help? Pick up a keyboard, pull requests accepted: <a href="https://github.com/gonzopancho/vpp-fdio" class="">https://github.com/gonzopancho/vpp-fdio</a></div><div><br class=""><blockquote type="cite" class=""><div class=""><div class="">my bet is that this setup requires some sketchy binary blobs from a hardware vendor which only supports centos...which makes it even worse in my eyes :(<br class=""></div></div></blockquote></div><br class=""><div class="">Your bet is wrong. It's 100% pure source code make of:</div><div class=""><br class=""></div><div class="">DPDK (Open Source, <a href="https://github.com/DPDK/dpdk" class="">https://github.com/DPDK/dpdk</a>)</div><div class=""><a href="http://FD.io" class="">FD.io</a>’s VPP (Open Source, <a href="https://github.com/FDio/vpp" class="">https://github.com/FDio/vpp</a>)</div><div class="">Using Clixon (open source, <a href="https://github.com/clicon/clixon" class="">https://github.com/clicon/clixon</a>) for CLI and RESTCONF.</div><div class=""><br class=""></div><div class="">See also: <a href="https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile" class="">https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile</a></div><div class=""><a href="https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile" class="">https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile</a></div><div class=""><br class=""></div><div class="">Plus Strongswan and FRR (I’ll assume people here know what those are, but they’re also both open source).</div><div class="">And a bunch of our own code (not open source).</div><div class=""><br class=""></div><div class="">I didn’t come here to make an ‘ad’ out of our for-sale product, but when people go off on a tangent about how I’ve “abandoned” FreeBSD, when, point-in-fact, I have not, it makes me wonder what their agenda might be.</div><div class=""><br class=""></div><div class="">To be absolutely clear, no we have not abandoned FreeBSD.</div><div class=""><br class=""></div><div class="">Three of us will be at BSDCan in a couple weeks. Why would I attend a conference in Canada sans a commitment to BSD?</div><div class=""><br class=""></div><div class="">We continue to bring support for new hardware to FreeBSD/pfSense</div><div class=""><br class=""></div><div class="">- Marvell Armada 38x NIC, SD/eMMC and interrupt drivers.</div><div class="">- Mavell Armada 37x0, via support for espresso.bin <a href="http://espressobin.net" class="">http://espressobin.net</a> <a href="https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48" class="">https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48</a></div><div class="">- Various bits and pieces for Intel C3000</div><div class="">- future boards I’m not ready to talk about.</div><div class=""><br class=""></div><div class="">As well as maintenance to various ports that might matter to you. Example: <a href="https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c" class="">https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c</a></div><div class=""><br class=""></div><div class="">I think I’ll stop there, except to note to Izaac, we get calls from PAN customers all the time. pfSense can’t line up against PAN. This can.</div><div class=""><br class=""></div><div class="">Jim</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></body></html>