IPFire Planet

The official blog of the IPFire team

According to fireinfo, almost 10% of the systems that are running IPFire is an ALIX board by PC Engines. These system have been a common choice for many people who deployed IPFire at home or even at work with this hardware. Unfortunately, the ALIX is weak when measured by modern standards. It comes with a single-core CPU at 500 MHz clock speed and only up to 256MB of RAM. Persistent storage is only possible with a CF card and the network interfaces are only capable of 100 MBit/s.

This is not the kind of hardware you want for IPFire nowadays. The distribution provides a variety of features which demand more of the hardware and we all raised our expectations about how the Internet has to perform. Websites communicate with servers in real-time and voice/video communication over IP has become standard.

PC Engines’ answer to that is the so called APU. A system based on the AMD CPU of the same name with two cores and up to 1 GHz clock speed. It comes with 2GB RAM and three gigabit network adapters. Mass storage is possible with a mSATA SSD or a SD card.

The IPFire Project was lucky to get a device from the first batch for testing and development. I am trying to point out some of the great features and also weaknesses of the hardware from both, a developer’s and end-user’s point of view. Let’s start with setting up hardware and software…



Setup

We got a PC Engines APU1C with a case, an external power supply, a SuperSSpeed S238 SSD with 16GB and a Compex WLE200NX wireless module.

All parts were sent directly from Switzerland and despite the usual trouble with customs, the first job was to assemble the whole device. People who know this from the ALIX will find this slightly more complicated because the device creates a lot more heat (we will come later to this) and therefore needs some a piece of aluminium which needs to be glued to the bottom of the case. This is not extremely difficult, but a bit tricky. After the board itself is mounted to the case, the SSD and wireless adapter need just to be plugged in and wired and you are ready to go.

I installed IPFire 2.15 – Beta 3 by booting a live system from USB and then downloading the image and flashing it directly to the SSD. I was then able to boot into the IPFire system and begin with the network configuration. This is just the usual.

First impressions

When the system starts for the first time, it will create the necessary keys for SSH and the web interface. You will easily notice if a system has a random number generator or not. If it has got one, the key generation step is done within seconds. It took a good couple of minutes on the APU, which is disappointing, because the predecessor ALIX had a pretty decent HWRNG. But the HWRNG is not the only thing that is missing on the APU system because the ALIX had a co-processor for encrypting and decrypting AES-128. This made up for the slow CPU, which has to do this job on the APU. Benchmarks show that the APU is actually slower (44 MB/s) than the ALIX (53 MB/s).

Any way, the web user interface good to use although I have seen faster ones. On the console, the system is responding swiftly and nice to use. This was a problem with the ALIX which could only use slow CF cards that now have been replaced by a faster SSD. Could this be the reason? It turns out, it is. Although it reaches 170 MB/s reading speed, top speed for consecutive writing is only 20 MB/s and random writing speed drops down to only 1 MB/s. That is where the CF cards have been and makes using the APU as a proxy almost impossible.
Of course, the SSD can be replaced for a much better one. This one I had was cheap because somewhere you need to start when you want to save money. So maybe do not go for this one.

Heat

I have been warned in advance that the APU will make a lot of heat. And it does. A lot. Really.

The CPU has an internal temperature sensor which can be viewed in the IPFire web user interface. The average temperature is ~55° C when idle without any network traffic and will raise up to over 70° C when the CPU is under full load. I measured these values when I had a room temperature of about 20° C and I noticed that the temperature of the APU system strongly depends on the room temperature. If it goes up, the temperature of the system immediately increases and if you open a window it instantly goes down.

This comes at no surprise because even if you move the case slightly a breeze of air will go under it and cool it. There are no cooling fins, just the plain aluminium which is not able to get rid of the heat. Of course no one wants to install a fan that moves the air around a little bit and which fill for sure keep the temperature at a decent level.

My fear with the high temperature is not that the CPU would get damaged. Modern SoCs can cope with 70, 80 or 90° C although I suppose that this does not raise life expectancy. I fear that someone burns himself because almost all of the heat gets to the bottom of the case.

In comparison to the APU, the ALIX system did not even need a heat spreader on the CPU. That made it comparable to the hardware routers that you got from your ISP. Fanless and no worry. I guess we will see how this turns out for the APU in the long term. Maybe there is a vendor for better cases at some time.

Networking

It was no surprise either, that the networking was not the one with the best performance in the field. The system has got three network adapters with Realtek RTL8111 chipsets. I did some benchmarks with iperf which were all the let down as I would have expected it. Receiving and transmitting packets cause high load on the CPU, as the network chipset is not “active” and can deal with stuff like this on its own. It needs the CPU to process the data it sends and receives and that takes away a huge chunk of performance of the CPU. Sounds a bit complicated, but you will see what I mean. For most people, this is actually not a huge issue, but for me it is. I very much care for high throughput and low latency in data networks and I hope that in the future more people will see why this is so important.

So here is the plain data: In iperf client mode, the system is only able to transfer about 670 MBit/s. That’s it because the core of the CPU that is responsible for this network adapter is at full load and thus limiting the bandwidth.

[root@ipfire ~]# iperf -c 192.168.180.214 -d -t 60
...
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-60.0 sec  4.72 GBytes   676 Mbits/sec

When measuring the throughput from an internet network zone to an other, the system is able to reach almost one GBit/s, but there are no resources left for the remaining interface or services like QoS, web proxy, etc. I do not need to mention, that the latency increases drastically during the test.

So, who needs this kind of bandwidth in the network? I think that the answer to this is entirely up to you. Personally, I want my network to perform. The local network and the Internet connection get more and more tasks to do and almost nothing in my home is working any more when I pull the plug. TVs, phones, tables and all other sorts of devices are connected and constantly downloading and streaming data. I cannot live with bad quality voice calls when I am downloading stuff at the same time and so on. I think you get what I mean. There is so much the network does almost invisibly for us and it comes together at one single point which is the IPFire firewall. Don’t take me wrong. I don’t have a Gigabit Internet connection, but I have a DMZ where I store my files… Please take a moment and think about this.

The wireless adapter is great as it supports both bands and is rock-solid.

In summary, the networking performance is much greater than other systems that are commonly used with IPFire. It just depends on how you use it. It certainly reaches more throughput than the ALIX did with its 100 MBit/s network adapters.

Software Issues

When first installed with IPFire 2.15 – Beta 3, the LEDs at the front did not work as they used to with the ALIX. Arne already added the driver to the development tree so that those will work with the final release. Also the beeper did not function, which could be resolved, too.

Open Hardware!

A thing which probably does not belong here, but which I would like to mention any way is that there are some documents with the internals available. The board has some expansion headers and GPIO ports usable for all sorts of things and all of it is well documented. Good job!

Cost

The price for the APU1C in online stores in Germany is about 150 – 160 EUR at the moment. You will get the entire bundle without wireless for just under 200 EUR (including 19% VAT, excluding shipping). That’s about +50 EUR in comparison to the ALIX, but there is much more you will get.

I recommend to not chose the SSD mentioned above, but to go for a better one. Otherwise features like the web proxy would become painful to use. That would add another 30 EUR, but it is definitely worth it. I wouldn’t want to miss the wireless, either. Only with that the APU becomes a nice replacement for your the router that your ISP sent you, but with all the goodies IPFire has to offer.


In conclusion, I have to say that this is a nice piece of hardware which is almost perfect for IPFire. The performance issues with the network are to be evaluated by everyone for him/herself. It is not my cup of tea. I am a power user and I don’t think that my local network should slow me down. I would certainly recommend the APU for home users that want to replace their ISPs routers, but not business use.

If you want to see more benchmarks and other technical details, please head over to the wiki where I created a page about the APU1C. Please feel free to add anything you are missing or think is worth mentioning.

This is a sponsored post, as the IPFire project received testing hardware from PC Engines. Thank you very much for that!

Posted by Michael Tremer on March 20