[talk] So Netgate bails on FreeBSD

Jim Thompson jim at netgate.com
Wed May 23 17:08:06 EDT 2018 


> On May 23, 2018, at 3:09 PM, Pete Wright <pete at nomadlogic.org> wrote:
> 
> On 05/23/2018 13:04, Mark Saad wrote:
>> Charles
>>  I like opnsense, I moved my office off pfsense to opnsense about 24 months ago and it’s been good .
>> 
>> They do not have a complete rest api yet but it’s been easier t deal with opnsense for various uses.
>> 
>> Also as someone who uses both FreeBSD and pfsense in a large corporation,  the irrational belief that Linux is better at something ; just because it’s Linux , is rampant .
>> 
>>  As to Jim’s site where they say tnsr will do 10g and beyond. I am already doing it and it didn’t require a strange setup to get there . But hey bullshit sells .

(To Mark Saad):

You’re not doing 10gbps forwarding with 64 byte packets.  Let me know when you do.  Maybe you’re doing 10gpbs IP forwarding with 1500 byte packets, but that’s only around 880,000 packets per second.
To do 10Gbps the hard way, you need to be able to forward 14.88 million packets per second.  We’re far beyond that, Mark.

Meanwhile, TNSR can do 
42.60 Mpps (note: not Mbps, Mpps) IPv4 routing, with 700K routes and 500 ACLs,
15.93 Gpbs IPsec (AES-GCM using AES-NI) or 36.32 Gbps IPsec (AES-CBC-128 + HMAC-SHA1) using quick assist offloads.

All these on a i7-6950X with Intel 40G NICs, and QAT offload where noted.

You can’t do this with kernel networking on any platform.  What you’re seeing with TNSR is the (near) culmination of over two years of work.  That’s why it’s on the website.
It’s announced.  Finally.

The “defend your bullshit if you can” token is now in your lap, Mark.



Now Pete:

> man this is rough - i know jim can be crusty at times,

Guilty.  <grin>

> but i've been happy with pfsense for ages despite some design choices i wouldn't have made.

Care to enumerate these?  I’m always listening.

> i'm confused as to if/why centos-7 is only supported platform. centos is not something i'd ever want to run as a router or firewall - even if i had to run linux a rhel variant would be beyond my last choice.

Because the enterprise market knows and accepts RHEL/Centos.   Ports to Unbuntu are underway, and yes, we’ve investigated running all this on top of FreeBSD, but time to market is a thing, as this is all 100% self-funded.  The long pole in the tent is porting VPP to FreeBSD.  Want to help?  Pick up a keyboard, pull requests accepted: https://github.com/gonzopancho/vpp-fdio

> my bet is that this setup requires some sketchy binary blobs from a hardware vendor which only supports centos...which makes it even worse in my eyes :(

Your bet is wrong. It's 100% pure source code make of:

DPDK (Open Source, https://github.com/DPDK/dpdk <https://github.com/DPDK/dpdk>)
FD.io’s VPP (Open Source, https://github.com/FDio/vpp <https://github.com/FDio/vpp>)
Using Clixon (open source, https://github.com/clicon/clixon <https://github.com/clicon/clixon>) for CLI and RESTCONF.

See also: https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile <https://github.com/freebsd/freebsd-ports/blob/d49a37a725669f8ce60da2f3072ffd34be28c25d/devel/cligen/Makefile>
https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile <https://github.com/freebsd/freebsd-ports/blob/e00c85c4bcb88042122d21a763b3dbbe3d461fc7/devel/clixon/Makefile>

Plus Strongswan and FRR (I’ll assume people here know what those are, but they’re also both open source).
And a bunch of our own code (not open source).

I didn’t come here to make an ‘ad’ out of our for-sale product, but when people go off on a tangent about how I’ve “abandoned” FreeBSD, when, point-in-fact, I have not, it makes me wonder what their agenda might be.

To be absolutely clear, no we have not abandoned FreeBSD.

Three of us will be at BSDCan in a couple weeks. Why would I attend a conference in Canada sans a commitment to BSD?

We continue to bring support for new hardware to FreeBSD/pfSense

- Marvell Armada 38x NIC, SD/eMMC and interrupt drivers.
- Mavell Armada 37x0, via support for espresso.bin http://espressobin.net https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48 <https://gist.github.com/gonzopancho/760ab9ecee9dfbc1b6033e48647a4b48>
- Various bits and pieces for Intel C3000
- future boards I’m not ready to talk about.

As well as maintenance to various ports that might matter to you.  Example: https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c <https://github.com/freebsd/freebsd-ports/commit/2f71ec69391e42b6a81ff849a50ae297d97d105c>

I think I’ll stop there, except to note to Izaac, we get calls from PAN customers all the time.  pfSense can’t line up against PAN.  This can.

Jim



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20180523/01782c9a/attachment-0001.html>

More information about the talk mailing list