[conspire] Quiet, Freedom-compatible NAT/firewall/misc box?

Rick Moen rick at linuxmafia.com
Mon Mar 16 03:38:22 PDT 2015 

Quoting Don Marti (dmarti at zgp.org):

> I'm looking for a small, preferably fanless, Linux
> system that has 2 or more Ethernet interfaces, which
> I can use for NAT, firewall, DHCP, and DNS for a
> home/small office network.  I don't need a wireless
> AP, since I already have that.

At the most recent CABAL meeting, Dana Goyette ( /me waves from Hilo,
HI) suggested that the AMD Kabini SoC (socket FM1) on a mini-ITX form
factor motherboard might meet my needs for a multi-purpose silent, small
machine on our inside network:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813157574&cm_re=mini-itx_amd-_-13-157-574-_-Product

That's a ASRock QC5000-ITX motherboard bundled with an AMD A4-5000
Quad-Core CPU -- more than powerful enough that people use these suckers
with SSDs as home-theatre PCs.  32GB RAM maximum.  To get the multiple
LAN interfaces, you'd have to add a Mini PCIe card, though.  It does
have a CPU fan that's said to be not often needed and not obtrusive, but
I'll bet you could swap that out for an aftermarket passive alternative.

The more I study up on even cutting-edge ARM designs like the Novena
(http://www.kosagi.com/w/index.php?title=Novena_Main_Page) & Cubox-i
series, and wildly popular ones like the Raspberry Pi 2, the more I'm
frustrated by some characteristic problems -- which Nathan Willis's
write-up about Stephen Arnold's SCALE talk captured beautifully: 
https://lwn.net/Articles/635289/

To wit:  Every bloody ARM device requires out-of-tree kernel patches 
that aren't necessarily very current at all and may introduce severe
pecuilarities.  For devices where you care about graphics (which
obviously doesn't include SOHO routers), you are stuck with a
binary-only, proprietary BLOB.  And there's wild variation in what
bootloader is required.  The more I look at this mess, the more I think 
splurging a few additional watts on an x86_64 alternative makes better
sense for many applications.  Like, for example, the missions of
the inside-network host would include being a backup target and running
network IDS software to watch everything else for signs of security
problems, so impliedly it needs to be kept high-security.  It would be
kind of sad to unable to fix a serious kernel security hole because some
ARM platform's oddball kernel fork hasn't been brought up to date.
Nathan Willis's LAN.net piece points out that ARM machines' supported
kernel versions tend to be seriously behind the times.  This problem
doesn't exist on low-power x86_64 alternatives.

AMD's Kabini series of 'APUs" draw anywhere from 15W to 25W, and their
'Temash' series brethren draw from 3.9W to 9W.  These figures are the
newish measure TDP, thermal design power, the maximum heat that any
related cooling system needs to be able to dissipate.  Here's a
fascinating little bundle with a fanless quad-core Temash spec'd with
TDP of 8W:
http://www.newegg.com/Product/Product.aspx?Item=N82E16883218035&cm_re=A6-1450-_-83-218-035-_-Product
Only one LAN port, so not qualified for your project, but look at the
size of that thing!

AMD's Kabini and Temash ('Jaguar' SoC, Socket AM1 or Socket FT3)x) were
their low-power APUs for notebooks in 2013.  Looks like these were
succeeded in mid-2014 by 'Beema' as the high-power 15 watt series, and
'Mullins' as the 4.5 watt one ('Puma' SoC, Socket FT3b).
http://www.tomshardware.com/reviews/amd-tablet-processor,3813.html


Mullins:
Family    Model  TDP   Cores
A10-Micro 6700T  4.5W  4
A4-Micro  6400T  4.5W  4
E1-Micro  6200T  3.95W 2 

Beema:
Family    Model  TDP   Cores
A6        6310    15W  4  
A4        6210    15W  4  
E2        6110    15W  4  
E1        6010    10W  2

Unfortunately, so far as I can see so far, Beema/Mullins seem to have
been ignored by the OEMs except for some HP Pavillion tablets and
netbooks.

More information about the conspire mailing list