The "RARE/FreeRouter-101" series of article are articles is meant to help you quickly kickstart your very first RARE/freeRouter very first deployment deployment and understand via a series of tutorial tutorials how it can be powered by various dataplanedataplanes. 101 article series also explained also how RARE/freeRouter could be configured in order to be integrated to into the external network environment. 101- [ #006 ] introduced an interesting solution for SOHO (small office/home office). You'll see in this "RARE validated design" series of articles, an innovative implementation of a SOHO routing platform. This These articles will draw your attention to an exceptional SOHO router with features usually implemented only by commercial solution solutions in service provider environmentenvironments.
Requirement- Basic Linux/Unix knowledge
- Service provider networking knowledge
| |
...
Back in 2004, I deployed a 8Mbps ATM circuit that connected an airline company hub site. Traffic growth increased amazingly since then! In 2020, what does SOHO (Small Office, Home Office) means mean nowadays? In our use case we will consider a SOHO connected at 1GE link. This is for example:
- Primary schools, Secondary schools
- Small R&E institutions institution spoke sites
- Home office (especially considering the COVID context)
- Small company spoke agencies
...
In this article we will describe how to build a carrier grade SOHO router (aka CPE) from an actual real platform for the use cases listed above. In this example let me share with you my personal story and introduce you my SOHO hardware that I'm using at home. It is compliant to with the requirement requirements implied by the use cases listed above:
Warning |
---|
|
- requirement #0: n×1GE capable, ISP uplink is 1GE
- requirement #1: completely silent, the box can be moved to crowded room
- requirement #2: small power consumption, as it is meant to run 24x7. (I'm paying the bill ! )
- requirement #3: Run 64-bit linux
- requirement #4: native support of DPDK
|
Diagrams
[ #001 ] - Cookbook
Expand |
---|
|
Info |
---|
title | Hardware specification |
---|
| - 6x 6× Intel 211AT Gigabit Ethernet, support wake up on LAN
- Support 1x 1× mSATA SSD, 1x DDR3L 1.35V memory 1333/1600Mhz1600MHz, max to 8GB;
- 1x 1× VGA max resolution 1920x1080P
- 1x 1× COM RJ45 console
- Support add WiFi module ( Mini PCI-E half height size )
- Support automatically power on after power restore.
- Ultra compact measured at 180x175x34mm180×175×34mm;
- Low power requirements save money and be more eco-friendly.
- Fanless, passive cooling, noise-less
|
Info |
---|
| freeRouter is heavily multithreaded, so for 4 cores is appreciated, as a budget SOHO router, VPN hardware NIC assistance is not required. If VPN concentrator is needed, we can deploy in a SOHO environment a dedicated box that has a CPU with AES-NI support. freeRouter won't run as a VM, so VT-x nor VT-d and VT-c is not required. |
Warning |
---|
| - home office work
- regular 720p/1080p/4K (and more) on-line VC via RENATER RENDEZ-VOUS or ZOOM
- (intensive ground grown up kids) online gaming (2-3 2–3 persons can play an online game at the same time)
- these kids+wife can multitask and watch 480p/780p Youtube video at the same times (This is the digital natives ...)
- streaming video from MyCanal (French Netflix competitor)
Operating system/school educational material parallel downloads- Intensive social network usage via native mobile client having integrated video in the apps ...
|
Warning |
---|
| So all the above usage require a high amount of connectivity as all of the action above can occur in parallel. This is Speedtest test result during crowded working hours:
So my ISP was not totally lying after all, though I could not reach the theoretical 1GE that the ISP advertisement boasts.
|
Warning |
---|
| Please note that this hardware has no optical/SFP port. There are indeed similar configuration with 1 one as upstream optical uplink port in case you are also the service provider in your local contextyour environment. This hardware is specific to FTTH environment currently deployed in France. |
|
Expand |
---|
title | Operating system selection |
---|
|
Info |
---|
title | Operating system specification |
---|
| - Debian 10 (aka Buster) is used
- netinstall is used
- minimal vanilla installation
|
Warning |
---|
| - requirement #0: LTS operating system
- requirement #1: Benefit from LTS security patches
- requirement #2: Must be able to run dpdk
- requirement #3: (personal requirement) Must be familiar to me
- requirement #4: Able to run java software as freeRouter is run on written in Java
- requirement #5: small operating foot printsystem software footprint
- requirement #6: Support for IPv4/IPv6
|
Info |
---|
title | Additional nice to have features (but not not used here as we are not using VM nor require high VPN traffic load) |
---|
| - Virtualisation support: Check CPU support for VT-x (intel) AMD-V (AMD)
- I/O MMU virtualisation (Kernel bypass mechanism): Check CPU support for VT-d AMD-Vi (AMD) needed by dpdk with VFIO driver in order to ensure hardware NIC packet forwarding
- Network virtualisation: Check CPU support for VT-c (SR-IOV)
- Hardware Encryption: Check CPU support for AES-NI (Tunnel mechanism using AES such as OpenVPN, however this is useless for other tunnel type such as Wireguard
|
|
...
Expand |
---|
title | Design choice considerations |
---|
|
Though the traffic distribution is totally different from a school or SOHO site traffic patterns, we can consider this hardware platform as a viable choice. Platform considerations: - each 1GE port is wired to an Intel 211AT chipset. dpdk DPDK will take advantage of these chipset packet processing power burnt into the silicon in order to relieved the CPU load.
- WIFI is not mandatory and the hardware included is not bleeding edge but considering the uplink bandwidth 802.11ax is not necessary. At least for Northbound traffic we are safe for the moment. At some points if East-West traffic such as NAS to wifi client require 10G traffic rate it will be the moment to buy a new appliance. If WIFI improvement is needed, 802.11ac card can be purchased with a 15€ budget. For WIFI client to WIFI client traffic 10GE traffic you can still purchase a 802.11ax mini pci PCIe card for around the same budget.
freeRouter is supported on: - linux based system
- android → yes, you can install freeRouter on your mobile phone and wander around your house, IPv4/IPv6 WIFI roaming will occur automagically!
- freeRouter has a dpdk DPDK dataplane as well as a libpcap dataplane for older hardware
- in this example i I selected an appliance for convenient reasons but nothing prevent prevents you to recycle from recycling an old laptop/desktop PC with multiple DPDK NICNICs. we We can run a small PE (provider edge) router with multiple 1GE/10GE NICNICs. Nite Note that the appliance can act as a 6x1GE provider edge router. This is the edge of the MPLS Seamless architecture.
Operating system future considerations: - In SP environment, the ideal situation is to have a custom Operating System (We are studying the Yocto project in order to create this custom OS)
- This custom OS will encompasses the strict miminum minimum software thus reducing the sofwtare software footprint at its minimum
- A very promising and unique features is also provided by: NixOS/Nix package manager : This will enable atomic commit/rollback at the package management level
The combination of Yocto + Nix can help develop your own specific DIY hardware (or for your company/organisation/institution) based on the popular concept that French ISP ISPs love: "INTERNET BOX" |
Conclusion
...
Tip |
---|
title | RARE validated design: [ SOHO #001 ] - key take-away |
---|
|
- RARE/FreeRouter is a strong candidate for SOHO with multiple dataplane support solution.
If you are a company you run run RARE/freeRouter with a versatile P4 switch such as STORDIS BF25561Xas APS Networks® BF2556X-1T or WEDGE, but as a SOHO with a small budget you can run it with a DPDK dataplane and for older hardware you still have the possibility run it with a pure software dataplane - RARE/freeRouter is the first element at the very edge of the MPLS seamless architecture
End to end MPLS is now possible for the Service provider at a an affordable price - RARE/freeRouter design can coexist with Virtualisation technology
CPU extension such as VT-x/AMD-V, VT-D/AMD-Vi, VT-c can provide coexistence between RARE/freeRouter and a small amount of storage and compute node. (Such as micro-K8/docker) In the next article we will start our journey in creating a carrier grade CPE using the platform above. |
...