@MrBigbanan 😂

@MrBigbanan AI trained on what? embedded stuff is all secrets, NDA and whatever

Thank you! 🙌

Thank you! Regardless if we choose to go with our own solution or a 3rd party, I want to be able to offer plenty of documentation how each and any of those solutions can also be used on our hardware.

Honestly, I didn't even think of installing VyOS from packages. Good one, thanks for the suggestion!

I can't answer that yet - I would love it to not only support it but also be relatively performant in it, but haven't gotten around to test any of the IPS (Suricata/Snort) solutions yet. Will do so sometime in the future, of course!

Ubiquity EdgeOS was a Fork of Vyatta... en.wikipedia.org/wiki/Vyatta

@@gondrom and an older one than VyOS forked from as well from what I have read 6.3 vs 6.6

@@tomazzaman If the hardware accelerated packet processing is implemented as nftables flowtable hardware offloading, it "should just work" in VyOS as long as the drivers support it.

Thank you!

That's a good point! :)

Development of the official VyOS web interface has been stopped a while ago since they didn't see enterprise customers asking for it, which is their target market. Unless Tomaž implements it himself, don't hold your breath for that to ever see the light of day (sadly). To be fair, the CLI is pretty straight forward. It still took me a few days off and on to configure everything for my dual stack home setup. Works great now though. 😀

@@blunden2 That's a shame to hear, from the previews it looked so polished and well designed, I was looking forward to seeing it some day but I understand the reason. Would be amazing if Tomaž used it for this project and was able to fund completion of the interface, I think Tomaž's target audience being prosumer would benefit from it a lot

Yup, planned.

Some systems already to that (VyOS in particular), and yes, it's definitely a good idea, because it makes backups super easy, just one file!

Thank you!

Even better - looks like it support uboot! At least fresh one on my system 2.12-r4

Sorry for the confusion, I meant PCB prototypes, which are primarily for us to develop a "bring-up" - in this process, we will take everything we have been working on so far and adapting it so that we can get the PCB up and working correctly, then proceed to install an operating system. I'm also hoping first iterations of the case design will be ready by then, which means I'll be able to show you an early version of how the final product will look like. But don't hold me to it :)

Thank you!

It's not that big of a deal really, for two reasons, this was a just done in a "proof of concept" kind of way, and second, it's very common to reconfigure kernels with fragments, which granted, are normally smaller, but I'd argue nobody really looks at each and every item. Even the "specialized" kernels, like the one from NXP, needlessly include support for chips that aren't even in their portfolios, simply because they'd have to manually go in and remove thousands of options.

I have not, no. So far, only OpenWRT and VyOS. Other solutions will unfortunately have to wait for now as I have to put my focus elsewhere.

@@tomazzaman they already have ARM64 kernels, and is tested. It’s just one more option, if VyOS becomes a nuisance.

@@tomazzaman they already have ARM64 kernels, and is tested. It’s just one more option, if VyOS becomes a nuisance.

There will be a GPIO expander on the board, I2C bus included :)

Many videos have the link in the description and I'll also add one in the upcoming update, so if you're subscribed, you're golden :)

Don't want to bother the man, he just got a baby! :)

@@tomazzaman And let the baby take his precious time and erode his passion away! How could I...?

Uncompressed kernel is around 40MB. We'll ship with 8GB of RAM. Not a problem :)

I think this is mostly, just to get stuff running, I'm certain someone in the future will check it.... hopefully ? right ?

@@tomazzamanKernel in my current AON gateway/router: 1.4 Mb.

It's fairly common for manufacturers to have out-of-tree drivers in addition to the mainline ones. That doesn't necessarily mean that they are not open source or that patches from them can't be upstreamed. Companies like Mediatek implement hardware offloading for their networking SoCs to be compatible with nftables flowtable offloading (which can use either hardware or software offloading), which is why OpenWrt can support it with their fairly modern kernels. Hopefully NXP did the same. 🙂

Not yet, but we did have an internal chat about it the other day. No conclusions yet :)

@@tomazzaman genuinely excited by this project. I'll for sure be taking a founders edition model.

"Threatening" is probably not the word you meant here. 😉But yes, that sounds like a good idea. They have Figma design drawings for many of the UI screens available already. They might also have some code available from the Web UI implementation project from before they cancelled it.

I don't care for support anymore. I had the same mindset 20 years ago. I have to replace the firewalls and VPN servers at my customers sites every 5-7 years anyway because Linux does not support the old hardware anymore. Now i have started to use general chinese Intel based small boxes. They have decent performance an seem to work just fine. I do not believe they will last longer than 3-5 years at most. But what is the alternative?

​@@wolfgangpreier9160 Linux does not drop support for a very long time. They are just discussing dropping 486 support. Your devices like does not run vanilla linux, but some shite your vendor hacked together, and they stopped supporting their own proprietary crap, never cared upstreaming anything to the actual kernel codebase. Very typical and unfortunate.

@@csabasipos6525 I had to switch about 10 times since DLD 1.0 in 1994. Maybe more, it was a long time. Every roughly 5 years i have to get used to a new OS, new tools, new everything. There is no consistency. I can not even upgrade. And, frankly said, besides special services like web or mailservers, mysql, MS SQL, Oracle, acounting and others specific to one OS i do not see any difference between Windows and Linux. Sometimes Windows is easier and more stable - e.g. for virtualization since VMWare has been killed, sometimes Linux is easier for e.g. DNS, Mailservers, Firewalls. And please do not start with KVM or containers and other such complicated nonsense. Sometimes i believe men invent such complicated thingies to impress on their bosses and other men. Useless junk. When i need the processing power and storage, containers do not work and KVM is only good for Linux clients. Or could you tell me how i can provide Office 365 for 100 customers in a container?

It's a downstream vs upstream thing. The hardware is supported by both kernels Linux upstream and Linux-qoriq, however you can develop more quickly on the linux-qoriq fork because you don't have to send in patches for each change. Typically once things stabilize the downstream changes end up back in upstream. It really depends on development cycles. Also technically you can simply take the linux-qoriq drivers as patches on top off the linux upstream kernel and that should just compile.

@@encryped Would be nice, but not in reality. The fact you can boot a vanilla kernel on a SoC does not make all the functions to work. That is the common misconception when you say "the hardware is supported by both kernels", in reality far from all parts of the HW is supported, and in relation to a "high end router" most of the proprietary stuff that makes HW offloading works also breaks the netstack so it will never get merged usptream, and once the proprietary support is over, you are f*cked. This is the sad reality. The second part is also not true: if you look at a relevant example of adding offload support for the IPQ807x platform, it is a heroic struggle for the devs to keep compatibility even between minor versions of kernel, almost every time something breaks, not to mention between major versions, as the glue code is complex and intertwined on so many components of the low level operations of the netstack. Definitely not some easy to apply patches.

No idea, it shouldn't from what I've seen so far, but I'm no VyOS expert, so can't say definitively yet. Of course, this will be tested in the future.

You have to first understand the parts involved then you can learn how to do upgrades

TIL! Thanks!

As long as the kernel has drivers for the CPU's data path architecture, then it should work.

@@tomazzaman its a really fun project to follow 👌

There will be evaluation boards that we'll sell - but it'll take a bit. :)

Honestly? Yes, absolutely. Their DPAA architecture is pretty sick. The only alternative I'd personally go with if price wasn't an object, I'd go with one of Marvell's Octeons. Talking in the context of routing.

I have 0 experience with it.

VyOS is "open" as in it's a Linux kernel that is made for routing packets. It's not inherently set up as a firewall

Yes. We will even prepare tutorials so that you'd be able to do it yourself without much fuss. We'll only ask you test it thoroughly and report back :)

As I understood it he wont use pfsense or opnsense cause they are FreeBSD based and dont work with ARM. Or work very poorly with his chip or not at all. That is why he is going the Linux route.

@@tomazzaman ah that's great. So I guess I should hold off on getting a mini PC off AliExpress for my router and buy yours rather, yeah? 😁

definitely. :D

Yep, unfortunately.

Fewer and fewer companies contribute to FreeBSD so it becomes less and less feasible to build products around it. I don't really see that changing unfortunately.

Don't be. I like a good challenge! :)

Thanks for the feedback - although I disagree with you (and so does more than 5k people on the wait list as of this moment). Some of the Cisco Meraki products for example, use the same CPU.

It is. AC is off while recording and it gets insanely hot.

Because of how VyOS is made, he spoke about it multiple times

The only problem is that there are no readly available ARM processors that have speed for 2.5gb routers (they at that speed can just barely do simple routing without any firewall). To be able to do, for example, router and firewall at 5gb speed, you would need i7 12gen (which is 20 times faster than ARM he choose), but probably you could do it with slower ARM/x86 if you pick some high end compiler to compile OS (for example in this for ARM to use IAR, but most linux diatro are made for GCC compatible compilers and IAR is not so you are in trouble there).

@@mrlazda thats where off loading comes in there is much more to such hardware then just you know raw compute

​@bigpod offload don't help you. At least offload, you can find off the shelf, they are TCP (or even more specialised for example iSCSI) offload what is for routing useless bacouse routing only use IP and have nothing to do with TCP. You can do offload in some custom FPGA/ASIC, but again, it is not a solution that is readly available. Edit: from pfsense "TCP offloading splits network traffic into MTU size parts. This should only be done from the end-point server. A firewall should not use TCP offloading because the servers behind it are already performing TCP offloading."

@@mrlazda You are way off on your performance estimates. Even an Intel Atom C3758R (used in the Netgate 8200 for instance) happily routes 10 Gbps with NAT + firewall (I speak from experience) unless we're talking solely minimum packet sizes (which it can handle too if you use VPP). An Intel N100 can also do 10 Gbps routing as long as you give the NIC the PCI-E lanes it needs. A 12th gen i7 would probably be closer to 15-20 Gbps. Actually, there are several ARM SoCs that have no problem handling 2.5 Gbps routing + firewall. If you also run IDS/IPS on all traffic, that's a different story.

@@mrlazda You clearly don't know what kind of offloading people are talking about here. We are talking about network focused ARM SoCs that have hardware packet processing engines. The MediaTek FiLogic 880 is one example, the NXP SoC used here is another. Different SoCs like that have been used in network products for many years at this point, although some of the older ones were MIPS SoCs. TCP offloading is something else and not relevant to this discussion.

I think there's a company that bet big on ARM when everyone one was screaming x86. Can't remember the name right now, but it's a fruit,... :D

I consider myself a power user and I'd not buy a router without a UI. Too useful to not lose time. I also need CLI and/or API for the exact same reason.

@@alexandrequemy it must have both I think. Easy clickable like pfSense/OpenSense, but also able to change settings via ssh/api, and SNMP for monitoring.

Well, this whole experiment was done because people literally asked for VyOS, so not true. That being said, I agree with you do a degree, which is why I have also tested OpenWRT and can confirm it's working just fine, regardless if I'm personally not a fan of their UI.

Did you test it with RouterOS maybe ?

I would certainly buy a router with TUI only, so long as it is a good one (which I believe this will be). Your statement is wrong.

Why are you bothering with a new KZbin comment, when other people already made perfectly good and extremely useful comments?

Not everyone likes RouterOS. Also, their options in this performance class are mostly rack mounted with noisy fans last time I checked. The one model that wasn't didn't actually route at full 10 Gbps last time I checked.

Care to explain?

​@@tomazzaman TL;DR: VyOS is just a fork of Vyatta, but it still carries too much old baggage from past project; read some controversies for not cutting down on some modules from the past.

@@leandrogaleano1771 quit spreading old outdated useless info.

@@leandrogaleano1771 this is being heavily worked on. The team is doing great work to modernise and simplify the Vyos ecosystem.

Not true, support costs money, and pre build images need a subscription, but the source is open and you are free to build yourself.

Test

@@tomazzaman I was trying to reply to you about VyOS in the comments and it didn't seem to be posting

Wrong.

@@Fubarist im not wrong, this is called an opinion since its all subjective. I have found opnwrt has worked better in my projects. Every time I have used vyos I have had endless issues.

@@ShadowDev6969 Well, openWRT did pose problems to him, and it's less performant. 🤷‍♂

Had it, sold it.

He's better off with a network focused SoC. 🙂The Rockchip RK3588 looks more focused to multimedia playback to me, based on an admittedly very quick glance. Rockchip also isn't known for network SoCs, so I would probably pick a vendor that is more experienced in that product category.