ill be that insane person that will install linux server distro on it and then not do routing on it but builds and kubernetes :) so if you will need to get rid if hardware my buildfarm could use ARM builders 🤣🤣🤣🤣🤣🤣🤮

Well, that said. The mentioned data path acceleration, how exactly that is going to work? As pretty much all the known similar solutions from Qualcomm, MTK or Marvell never made it into the vanilla kernel, thus it does not work on Openwrt. So are you going to upstream the proprietary driver of NXP into the kernel to make this work? How will that affect the linux network stack as most of these solutions actually cutting through it. Otherwise this is not going to be high end at all. And if you use the proprietary vendor SDK to build the firmware to actually utilize the data path acceleration, it will not be Openwrt, it will just look like it due to the gui, as we have seen many "Openwrt" like crap built around vendor SDKs. The fact you can install Openwrt on a device is true for many routers, yet without the proprietary acceleration techniques, the performance is limited to around gigabit speeds, definitely nowhere near 10 gigs. So it would be very useful to hear how all that is going to come together.

I'm keen to see what you build on your own although I am a fan of dd-wrt... hopefully you can send one of your routers to Brainslayer so he can add official support for it. Cheers from Maribor

@@csabasipos6525 Actually, you can already download OpenWRT build for our very CPU! NXP provides the kernel on their GitHub page and I did manage to run OpenWRT on the NXP development board.

@tomazzaman: FreeBSD has sample networking kernel modules that can serve as excellent starting point so you see what would it take. One of the most commonly referenced examples is the "if_em" driver, which is for Intel PRO/1000 Gigabit Ethernet adapters. And you'd get help. BTW, I know I am preaching to the choir here, but there is a reason why all decent networking appliances use FreeBSD and not Linux. The reason is pf (packet filter) that has no equivalent in Linux world. Just do the processing math - multiple 10 Gbps streams pushed through 1,000 filtering rules... Without pf your firewall will have some minor choking issues.

The best fan is no fan, but otherwise it should be an easy to find size.

Yes, please use a 40mm fan. It will be so much easier to source replacement parts for.

I also agree with this, 40mm is a pretty common size that is easy to find replacements.

(Haven't gotten to the point in the video yet) Additionally, make sure the required voltage is easy to find Fan manufacturers like Noctua have both 5V and 12V 40mm variants

Thanks for the feedback. This is exactly why I voice my plans and concerns here. So that I don't make any stupid decisions :)

@@mhn23visual exactly my thoughts. As someone who’s maintained a custom Linux distro, there is a lot of work that goes into building and maintaining infrastructure to keep up with your upstream packages and handle release engineering in an efficient manner. Im sure you’d rather spend resources doing more interesting things. :) As a BSD fan, I’d love to see the NXP drivers written for OpnSense and contributed back to the community. This would also eventually make it available to pfSense via FreeBSD, which I’m kinda partial to.

Yes, openwrt/... + private drivers and UI.

Makes no sense to me. He has no idea of the rabbit hole he is headed down but I bet future investors can figure it out!

As he explains in the video, OpnSense uses OpenBSD as the base, and as such he cant use the hardware offload features of the ARM cpu platform they have chosen. Now, he did say they provided firmware and drivers for linux, but I didn't catch if they were open source or not, if they are then they could potentially try to port those over to OpenBSD however if they are just binary blobs then that's a no go. Ultimately this comes down to choosing a non x86 platform to build from.

There is a third way - fork opensense, and add support for the arm cores. You don't need to reinvent the wheel, but you still have the dedicated hardware for networking.

@@yoloninja4798even forking vyOS or IPFire would be better than porting FreeBSD-based OPNSense in this case Why? Because the firmware is ready for *Linux* not any BSD. You cannot just run ELF-compiled files in BSD or NT-based systems, and reverse engineering that ain’t that easy as you’ll have to look into the binary file with a hex editor and at least check out each interrupt or system call. Any call utilizing the Linux API/ABI has to be modified to call an equivalent FreeBSD API/ABI function, assuming a 1:1 translation is possible (and we cannot assume that) Using OPNSense just makes zero sense in this specific case..

Good comment, I'm thinking the same. Reinventing wheel.. Contribute community and make openwrt Frontend better. With optimizations you've mentioned.

Totally support your statement. The effort of developing an own OS is huge and will most likely delay the router project a lot. @Thomasz: I would prefer to use existing software. What about starting with it (even if not optimized) and developing and maintaining either some kind of optimization "add-on" or an own OS afterwards? You could benefit from router hardware sales and sell the optimized software as an add-on? This would ensure stable revenues during the early stage of development. Maybe start some performance testing with existing software first before deciding how to proceed. Thank you for discussing these things openly with us!

@@Hyde-Jahf Agreed. Better to put the effort into making something existing work. VyOS for example.

There are also significant security risks. Writing a whole lot of low level networking stuff from scratch is a recipe for security vulnerabilities.

Thanks for the feedback, and of course, a project like this won't happen overnight and certainly not yet at this point, it's more of a question to where do I see the company (provided we succeed) in 5-7 years?

@Hyde-Jahf: This! Actually, I was a bit disappointed that the CPU/platform choice did not take this into consideration in the first place. Considering the amount of work that has gone into FreeBSD-based versions of firewalls like pfSense and OpnSense, I would have liked to see an X64-based platform for this to give even more freedom of choice. It will become especially complex if you have to tailor the software to support specialized hardware features like the networking acceleration present in that NXP chips. It is a venture in itself to create a decent router hardware platform that can do more than the usual N100 box from china, but I think you are looking at a 20+ times bigger effort by adding the software part. You will find it needs a whole infrastructure of people willing to test, develop add-on features and such. I do not question your will to do it, but consider that all of those people will have nothing to start with, i.e. they cannot use a basic set that "just works". When I just look at the discussions going on with OpnSense about how one could group firewall rules in the GUI and this is a big problem because of the GUI framework architecture, I cannot imagine that a CLI-only, restricted version would be enough incentive for people to use it. After all, people use platforms like OpnSense because besides the usual firewall and routing features, they can have: - VPNs: OpenVPN, Wireguard, IPsec - and even then, they ask for Tailscale - Traffic introspection in order to be able to protect their children - Suricata or even Zenarmor - Crowdsec - IP Blocklists - GeoIP blocking - VLAN segmentation - Running a Unifi Controller in a jail to control their access points - etc. (this list is potentially endless, just look at the OpnSense plugin section) If they do not seek for this, they choose something simpler, like a Fritzbox. There was a similar approach by Ugreen earlier this year to get into the NAS market. While I think they build great hardware, their attempts at coming up to par with market leaders like Synology and QNAP is a little pathetic with their own Ugos software. However, they made a wise move to support different NAS OSes by choosing an X64 platform, such that current customers have the option to use Unraid, TrueNAS (Scale or Core), Proxmox or OpenMediaVault, just to name a few. I would seriously re-think that decision.

Thank you!

Thank you!

The grill should be at the top, or whatever ”top” the orientatipn of the router whould be, because heat rises.

There is already a Linux distribution for routers. It's called VyOS. 😄 It's pretty awesome, although it lacks a GUI since its an enterprise distro.

LuCI has a lot of features the UIs of much more expensive routers don't get. For example, with LuCI changes aren't applied immediately, so you can make large, conflicting changes and apply them all at once, revert. It will also automatically revert any changes made if you dont access the web UI within 90 seconds.

@@blunden2 aren't Unifi Gateways and Edgerouters basically Vyatta/VyOS with a nice GUI?

I haven't watched yet, but I know thay LuCI has skins

Yeah I already use VyOS wherever possible. We need to find a way to make this work.

VyOS doesn't provide stable images for free, which could be a pretty major road block. Though it does seem like a cool system.

​@@hexlocation This would clearly be a custom build anyway so that doesn't matter. There will also be VyOS Stream soon, that is free.

yeah commercial use would probably require a license

Yes, that would be great! They could even implement the GUI design concept images that were released.

Thanks for the tips!

I was like, 300? 😂

sprinkle capacitors like salt in a meat you're cooking

I swear I saw a video like that, but youtube can't find it because its search sucks, all that stupid investment in stupid AI and it can't find videos

Oh no, I value my mental health way too much for something like that :)

And the Edge Router can only manage to do a subset of what pfSense and OPNsene are capable of and they have been developing that for years!

Agree! There’s a lot of scope to build a great web ui around this and also let people leverage all the tools that work with VyOS (e.g. Ansible)

VyOS has come a long way recently and will only get better with more people using it. I think you should definitely look at it.

This is the answer. Extend/modify OpenWRT - it's open after all - don't recreate it!

​@@sid.hI think vyos would be a much better base. It has more advanced features supported e.g. BGP/VRF etc without needing any packages. It already has some support for hardware offloading although I've never properly tested it. It also already has a web api.

Actually, this one seems to be favored the most in the comments so I'm literally downloading VyOS to try and build it for our hardware right this moment! 💪

​@@tomazzaman Also worth a note, they announced in June that they would be adding a "Stream" branch similar to CentOS stream. Not raw bleeding edge but not the paid LTS. Haven't seen anything since but a quick Google search will bring that up. I've been waiting for that one to really dig deep into VyOS.

This router is DOA, he just doesn't know it yet.

Glanced at it would be a better term. In fact, NXP provides support for DPDK, and I do plan to look at it more in depth in the upcoming months.

By the way, if building from scratch, please ensure that every setting and function is API first. The GUI should be just a stupid API client - its always annoying if there is no easy way to automate things or not all functions are exposed in the API.

@@BirknerAlex Absolutely!

Thank you! 🙌

I have been using and deploying pfSense for over 16 years and it can take a decade or more for a firewall OS to reach a stable, secure, and feature rich distribution. Also, it took me years to become some what competent supporting it so you can count me out on this project!

You can load it but it would be limited because of freebsd support in terms of the chip

@@sebastian05000 -- yes, he mentions that in the video. I'll stick with pfSense on Protectli hardware.

Fair enough. I love OPNsense as well, but, well, no official support for our hardware :/

ARM has been here for years and if freeBSD cant make a good stake in that world sorry it just isnt worth our while maybe opensesnse needs to recosider its base like truenas did

Yes, wholeheartedly agreed. This is no simple task.

Comes with the job - and I love it. And also all of you who comment to help me steer these choices in the right direction!

And then you spend all your time developing kernel code to handle all the offloading hardware. As opposed to Linux where all that code already exists. I mean ARM architectures aren't even officially supported, there isn't a massive community dedicated to maintaining an arm core. This would hit you right into the CVE patching response, because you don't have a OEM or wider community targeting the architecture.

I have not, not reason other that I consider them more a consumer brand, which means they likely can't match Sunon's prices (for the same level of quality).

Oh no, don't get me wrong, you will be able to install Linux on the device and run pretty much whatever you want! So regardless of what we decide to ship ip with, you'll have completely free hands with it!

This is exactly what we're testing these days! 💪

frr +1 VyOS is not fully opensource only night build

Wow 1500! 🤯

Se strinjam. I agree.

Simply because I have more experience with Buildroot and can achieve similar results.

@@tomazzaman I wanted to ask this as well. I was a Yocto dev for 5 years in Croatia, so next door, and in case you need some help maybe jump in to help.

the fact that they are going from build root onward kinda shows how bad they have it they should probably base on something like fedoras silverblue or properly ublue base as it would get them all features but they wouldnt have to maintian WHOLE of RootFS or packages plus it would come with immutability and such

"Super excited! Your energy gives confidence for all" -- Even if his lack of critical thinking doesn't!

@@rpsmith As per my understanding he always cover all possible risk factors. Sometimes Nike's slogan do the work.

No risk, no fun! :)

You are 100% correct!

Fair enough. I don't like it either honestly. (The vendors not providing drivers for FreeBSD that is)

​@tomazzaman, i think your response is beside the point. The problem here is that this project is based on an ARM cpu with a custom extension, which is not supported on ANY os. There is only drivers that you need to glue-patch into an os

Only reason people talk that way about noctua that way id because their pc fans are good and somewhat silent but in induatrial space they are juat one of the players and its hard to say which is actually the best