This is rather cool, and I'm glad to see some work being done in the networking gear space utilizing open designs and firmware like this. Unfortunately, unless I find myself needing to network a datacenter in the near future, it's not immediately useful to me.
That said, I do hope other developments in network gear that will be useful in other markets emerge from this effort.
From my perspective, there's a gap in network gear between the unmanaged, low port-count switches in plastic enclosures, targeted to home and small office consumers, and the lower tiers of Cisco's catalog, targeted toward top-of-rack or wiring-closet-of-a-larger-building type uses. I would love to see a managed switch with say, 8-24 ports, supporting features such 802.11Q VLANs. I would love to be able segment my network at home so different devices with different performance and security needs aren't all stepping on each other's toes. And I'd like the firmware and hardware designs to be open source, so it can readily patched when bugs are found, and easily adapted to new use cases.
I realize that I'm an outlier and that my needs are not common, or there'd probably be equipment on the market that met them. But it is my hope that as a result of Facebook's work here, and similar efforts, that building such a device will become feasible.
I've the exact same needs, and by occasion got hold of cisco SG300-10 switch, which I think fits the description - so I thought to share my experience, in case it is useful.
I use it for the home lab, where I have a one-armed router serving multiple VLANs, and I have 3x MacMinis running Linux as a "server farm" (The latter I use because they are quite a good gear power-management wise, scaling from ~18W at idle up to ~250W when all cores are busy, and because they are very very quiet, which is handy when the "lab" is next to the bedroom).
The biggest complain I have about this box is that the only way to manage is the Web UI, and especially the 802.1q configuration is a bit unintuitive (though I just learned the firmware is actually upgradable to something with decent IOS CLI, so I will try it out and update here the impressions).
Otherwise, needing just a very simple L2 switching and 802.1q trunking at gigabit speeds, and fanless operation - I am pretty happy with it.
8 ports works well in my setup (the main segmentation/trunking is really in the lab, the rest is either wireless, or directly connected to the "border router").
EDIT: the upgrade to the latest firmware indeed unearthed the checkboxes to enable telnet/ssh, as well as quite a few new features, comparable if not more than the "bigger brothers". What's pleasant is a quite comprehensive IPv6 support.
The specs on this look very nice indeed. I'll be taking a closer look at this.
My main hesitation is the proprietary firmware. Now I'm not going to disagree with anyone arguing that Cisco knows what they're doing and is competent at putting together firmware for the hardware they sell. Nor will I disagree with anyone arguing that open source is not a magical talisman ensuring quality. No, my main concerns are a) timeliness of critical updates, and useful lifetime of the hardware vs support lifetime.
Being open source cannot prevent bugs, but once found, fixes tend to become available quickly. Also, I have found that the useful lifetime of computing and networking hardware tends to exceed the period of time the vendor will offer support for it. I have gigabit ethernet switches I bought years ago that still work just fine, even though they're no longer sold. That's what I love about OpenWRT. The hardware my home router uses is discontinued, but still does the job just fine, and I can still get updates when I need to.
That said, I think I will be checking the SG300 out. Thanks for the recommendation.
I've sent the software download link in the other comment - so far the history shows quite regular software updates for this box. But I share your concern and can not say much about this box besides what I can infer from the software publish history.
+1 on the OpenWRT. Building a custom package that allows you to get a $20 specialised networked appliance is a breeze. That platform absolutely rocks.
It's a normal checkbox in the gui "Enable SSH" / "Enable telnet", so I would suppose it is.
But further tinkering revealed it seems to be a quite-close approximation of IOS, but not the same IOS you'd get on the "older brethen" boxes.
It's about 95% the same, with differences in small details - the format of the output, the behavior on "more" prompt, the look of that prompt, the way the certs are stored, etc.
Nonetheless should be close enough to be usable in a geek home environment.
One caveat I noticed is the ssh seems to not work when connecting from Ubuntu 14.04, works fine from OS X. When I have time, I'll debug it further. (I very rarely do any changes on it, the CLI was more an unexpected bonus I wanted to check out rather than a real need).
I also wanted something in the category you're describing and after shopping around a bit I stumbled across Mikrotik's products. I bought one of their 24 port smart switches and it was exactly what I was looking for. Not a lot more expensive than some of the nicer consumer-targeted gear, but it has way more functionality.
Looks like a very nice product (along with most of the other products). It's a little disappointing that they seem to do only the very minimum wrt the GPL:
I mean, sure, asking for 45 USD for a CD with the source is technically complying with the GPL -- but it does seem a bit strange in this day and age. Not to mention that for the source code to be useful, one would hope one could build a working routerOS image from it -- and it doesn't appear that the CD will enable a user to build a running image -- and therefore not facilitate changing the product.
But apart from that, my first thought was -- can this thing run BSD -- because pf is quite a bit friendlier than iptables (even if the latter has gotten a lot better lately).
Does anyone know if there are any recommended alternatives to soekris for running a bsd switch/router (preferably running at ~gigabit speeds) ?
Not sure if it can run BSD proper. It should be able to in theory, there's nothing preventing you from flashing your own OS image, but I can't find that anybody has actually done it. There is a facility for virtualization as well. Not sure how desirable it'd be to run on bare metal though, as it uses dedicated hardware for routing that I think is proprietary, so it wouldn't work. If I was going to try it, I'd probably pick up one of their cheaper products first to test it out on (most of the lower end stuff is similar internally).
I'm with you about the GPL though. It's my biggest complaint about it. Apart from the proprietary hardware (which OK, I guess I can forgive it), they definitely seem to be playing it pretty loose with the terms of the GPL.
Pf is indeed nice and it'd be cool to run OpenBSD on it. That said, as I mentioned I really like their configuration tools and they make iptables actually quite easy to configure.
Your best bet for a BSD router is probably to pick up a cheapish computer and put in one of the Intel or HP quad-port ethernet cards and then plug into a dumb switch. They can be had for surprisingly reasonable prices, I saw some on Amazon for ~$80 (the quad-port cards, that is).
At home, I replaced my Cisco ASA 5505 (which replaced a Cisco 1811) with a RouterMaxx 1106 [0] running OpenBSD (from CompactFlash), though it's certainly not cheap.
That's the exact one I have. It's definitely not a "plug and play" router, but I love it. My only real beef is that most everything on it requires a much larger level of network administration knowledge than any other hardware.
I'm also scared that I'm going to open up my home intranet to the world every time I tweak some of the advanced settings.
Not trying to dissuade anyone from using them, but it's light years away from a DD-WRT-based router.
OTOH, the ability to run VMs on your router is magical. I have yet to do that, but I'm itching to do something like putting the unifi management tools on it.
Yeah, it definitely isn't something I'd recommend for people who don't know what they are doing. It's feature set is more comparable to enterprise hardware like Cisco or Juniper. Their terminal configuration utilities are pretty easy to use, but I actually really like their webui. It exposes all the functionality (which is a daunting amount) but is clean and very responsive.
That said, RouterOS pretty well documented and isn't hard as long as you know the basics. Mikrotik actually has a pretty vibrant little community around their wiki.
Yeah it can. The firewall is standard iptables, so you can do whatever you want. It's also got DNS, http cache, SOCKS proxy and approximately 1 trillion other things that you may find handy as an all-in-one home/small business network device. Needless to say, it's maybe not the best idea security-wise to run all that stuff on one device, but I'm not terribly concerned.
I've heard people say it's not really powerful enough CPU wise to cope with a ton of rules (>hundreds), but I have a fairly involved firewall config on mine and it's no trouble.
Funny story, we use a firewall rule to punish roommates for not doing their share of the chores. If they get too far overdue on chores, we have an iptables rule to randomly drop a certain percentage of packets to their machine.
There are some good cheap managed switches out there. I have a Linksys SFE2000-something 24 port PoE switch for my PoE devices (security cams, IP phone, other stuff) and a TP-Link [something] 16 port switch. Both support basic VLANs, SNMP, etc.
I have 1 2port VLAN that connects my cable modem to my router on the TP-Link. From that switch I have 1 port cables to a machine with wireshark, and I can configure that port to monitor various VLANs for whatever reason.
I run MRTG for several things, including basic traffic graphing. I display the graphs from the router uplink port and a couple of other key ports in a window on the VMS that also has security cameras on it. From that monitor I can keep on eye on key things (cameras, Internet I/O, some home automation stuff).
Anyway, I haven't found an affordable "perfect" switch for home stuff, but there are a lot of cheap, decent managed switches that give you a lot more flexibility beyond "everything on 1 network".
My home net is essentially segmented into Primary LAN, Security Devices, Guest LAN (mostly just a wifi bridge) and LAB LAN.
Have you found an OpenWRT firmware equivalent for these devices? A lack of an open-source firmware for such a switch has been one of my hangups. I'm leery of the firmware that would come with such a device, especially given the history of the firmware of home routers being implemented poorly (bufferbloat, obsolete versions of software with known vulnerabilities, a lack of upgrades available from the vendor because they've EOL-ed support on the device to make room for the new shiny version -- which is also shipping with vulnerabilities).
I think what would be ideal is something in the vein of the Linksys SFE2000, with an open-source firmware akin to OpenWRT. AFAIK, that, or something approaching that isn't available. However, I would love to be wrong in that regard.
Got a used 24 port 2960 on ebay 10/100 ports for ~$65. Maybe doesn't mean the "open" portion, but the rest is definitely satisfied. Also, bought it 5~ years ago and still runs beautifully (Noisy fan though).
This isn't really suitable for the purposes you're describing, but it has a niche for firewalls and routers that may interest someone.
I've been using PC-Engines Alix[1] boards for this purpose since 2008. They are 1-3 ports depending on model, but with VLAN tagging a few ports can do a lot of routing or other traffic processing. I run OpenBSD on mine, but they should work well with anything that can run headless.
That said, I do hope other developments in network gear that will be useful in other markets emerge from this effort.
From my perspective, there's a gap in network gear between the unmanaged, low port-count switches in plastic enclosures, targeted to home and small office consumers, and the lower tiers of Cisco's catalog, targeted toward top-of-rack or wiring-closet-of-a-larger-building type uses. I would love to see a managed switch with say, 8-24 ports, supporting features such 802.11Q VLANs. I would love to be able segment my network at home so different devices with different performance and security needs aren't all stepping on each other's toes. And I'd like the firmware and hardware designs to be open source, so it can readily patched when bugs are found, and easily adapted to new use cases.
I realize that I'm an outlier and that my needs are not common, or there'd probably be equipment on the market that met them. But it is my hope that as a result of Facebook's work here, and similar efforts, that building such a device will become feasible.