Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: Weaver on August 02, 2015, 03:31:44 AM
-
This is a declaration of love and shameless plug for the Firebrick FB2500 and FB2700 routers. See firebrick.co.uk website. There's a lot around on the Andrews & Arnold support wiki too.
This IPv6 and IPv4 ethernet router has four ethernet ports on it, is a flexible firewall and has all the usual router functions in two software variants, standard basic version and the “fully loaded” version. My FB2500 is the fully loaded version because I needed to get the load sharing/bonding capability which is part of the top price version and performs outbound load sharing across three DSL modems (unequal speeds too, for some reason, which is a pain as it requires psychic powers to guess what the correct load split should be in the config to get it right for the lines’ link speeds, which could change for all I know).
The functions of the ethernet ports are software configurable, I use three ports for WAN pipes to DSL modems over PPPoE. Supports MTU/MRU 1508-8=1500. So I get three lines inbound IP which is merged together and then understood by the firewall function just as simply as if I had only a single line. Andrews and Arnold are load-spreading even single TCP connections across my three lines, in the right speed ratio too, the firebrick knows nothing about this.
It is an excellent DHCP server and a solid IPv6 router, although I don't fully understand it's DHCPv6 abilities if indeed there are any. It can do NAT and DNS relay/proxy caching. Mine uses a suitable-sized IPv4 address block so no NAT (shudders).
One of the things I love most is its XML config files, so clean and logical. They can be uploaded and downloaded using http, either by hand in the router’s web UI or using appropriate curl commands.
It has (optional auto) software updating over the internet, which is simply zero hassle.
I could do with better, longer documentation for very stupid people like me.
There are a couple of features I could wish for: much more sophisticated QoS being one, DHCPv6 being sorted out or documented, fancier IPv6 address association and management generally, rules and associations by mac address and named mac address groups including mappings from IPv6 addresses from mac to make IPv6 wandering addresses as easy to manage as IPv4 under DHCP locked assignments.
The FB2700 is definitely the one to go for, I should possibly have bought this top of the range device. It's faster and users with _bonded_ FTTx lines will certainly need the CPU performance. It also has a 3G (and 4G?) dongle interface which the lower model lacks. It can failover to this 3G interface, I'm not sure what else it can do with it.
There are rumours about faster new models on the way, which will be the way you need to go if you want to start bonding a load of 330Mbps FTTP pipes together, but then you'd soon need something faster than a single ethernet NIC to get it all out onto your LAN plus some scary switch and posh NICs all round on your machines everywhere.
-
There are a whole load of other features (some require the fully-loaded variant) which I have left out or will just briefly skim over: BGP, L2TP, VPN, IPSec, traffic shaping, VoIP back-to-back gateway.
-
I am indeed hooked on this box. If I put more time into understanding its huge range of capabilities then I would get more out of it. I do need more documentation especially more xml examples, and some handholding (as my brain is fried generally).
It’s not cheap compared to home user routers but then you definitely get what you pay for. I can't remember exactly what I paid for my fully-loaded FB2500 from the A&A shop. But compared to routers and firewalls from the likes of Cisco, Juniper et al it's a real bargain, while the evil brutes from the international big boys require you to spend weeks reading the manual learning incomprehensible command lines only to fail and have to pay for extremely expensive handholding to get anything accomplished. The boxen from VastCorp Inc. really require that you sacrifice a chunk of your life on expensive training courses having first plugged your brain into the mind-expanding machine of The Krell.
In addition I use a sixteen port Netgear gigabit switch which is getting a bit long in the tooth.
Wireless? Nope. For wireless I use several different 802.11n WAPs, almost entirely 5GHz with 2.4GHz WLAN too for occasional visitors with older kit. Silly idea, integrated wireless in soho modem/router combined boxes imho, as you don't get the freedom of placement, nor the opportunity of picking the best individual components unless you pay for wireless and then ignore it. I'd also prefer to keep wifi internal rf noise out of the same box which a sensitive dsl modem is living in. (Mindless paranoia.)
-
More wish-list things: as mentioned before, truly posh QoS would be very, very nice. As well as the usual traffic classes and speed lanes, I’d like to see things like TCP ACK queue-jumping, DNS request prioritisation, support for SCTP, QoS re-labelling, and QoS application in tunnels.
Another thing I would be interested in is some kind of support for a role as controller of an ISP-end remote firewall. (Does Plusnet have an ISP end remote firewall?) I could do more with a companion firebrick hosted at A&A who do a special hosting deal for these compact, ultra low power devices.
Anything that can help to combat buffer-bloat would be very welcome. Don't know if that makes sense, who's guilty? I get bad figures out of a couple of speed tester websites/apps that report this source of huge latency. (dslreports ? - I forget)
-
VoIP: I haven't got my A&A VoIP working properly, probably because I haven't been brave enough to implement the necessary xml config in the Firebrick to make the back-to-back VoIP feature work. I keep finding reasons to put this off and would probably need some handholding so as not to mess up other aspects of firewalling and routing.
-
As a FireBrick user, I agree it's just awesome. ;D
-
YouTube video of RevK, one of the directors of Firebrick telling the tale of how things got started after a few sessions in the pub:
http://www.youtube.com/watch?v=ouejyuDMyt
-
I love my smoothwall express router :P
-
YouTube video of RevK, one of the directors of Firebrick telling the tale of how things got started after a few sessions in the pub:
http://www.youtube.com/watch?v=ouejyuDMyt
I quote from YouTube --
This video does not exist.
Sorry about that.
-
I think I've now found it! ;)
[youtube]gqZ0ZBMBKrQ[/youtube]
-
If memory serves, there were a few refurbished Firebricks available (through A&A poss) a while back. I expect that some second hand units will become available if the rumoured faster models come out.
-
Naturally there are a lot of threads describing problems and complaints concerning kit, ISPs, bugs and so forth. I decided it might be helpful to write the odd thread that is basically a review, “I discovered x, and I love it” as a top tip for other potential users. I hope this style of thread will be found useful to other Kitizens?
-
Naturally there are a lot of threads describing problems and complaints concerning kit, ISPs, bugs and so forth. I decided it might be helpful to write the odd thread that is basically a review, “I discovered x, and I love it” as a top tip for other potential users. I hope this style of thread will be found useful to other Kitizens?
It's fine, by me. :) As for our Leader . . . just be aware that she has painted her "claws" purple, in the past. ;)
-
I use a programmer's text editor, "Textastic", on my iPad, to edit the XML config files. You could just do everything with the Firebrick's web UI and never go near any XML, so no need to have fear.
What I could really do with is a top-class diff tool for the iPad. I have however found a web-based tool that can take two uploaded files and difference them, which does a decent job, and will have to do for the time being.
-
As for our Leader . . . just be aware that she has painted her "claws" purple, in the past. ;)
Ulp please do explain. :o
I did not wish to transgress. If I have unwittingly violated etiquette then please feel free to delete this thread.
-
Relax, you certainly haven't violated etiquette. Reviews of significant equipment are welcome.
-
:'(
phew, nasty minute there. :-)
-
:'(
phew, nasty minute there. :)
:drink:
-
@Weaver. B*cat was just jk about my 'klaws'.. Normally I'm quite big on the nail & nail varnish thing, my latest fav is a magnetic blue where use of a magnet causes interesting designs. Youre safe just right now though as they are bare. ;D
A friend said to me recently its the first time in >15yrs that shes known me that I dont have painted nails. Thats only because the past few months have been so hectic I really havent had time to do them :(
PS no you most certainly havent violated etiquette, its us that have done that, by having a light hearted moment and digressing - apologies :)
-
We should perhaps take the bufferbloat thing to another thread. My fault, because I started it, ill-advisedly.
Interesting stuff indeed though, but very confused and ill-defined. The Wikipedia article imho isn't great. The vague use of the term "buffer" needs to be replace by "queue", and queue where, how many etc
-
Split the bufferbloat discussion to here (http://forum.kitz.co.uk/index.php/topic,15863.msg295277.html#msg295277) because it is an interesting topic it its own right :)
-
btw if anyone is interested, I could post my own xml config so that people can get an idea of what its all about. Its rather long unfortunately.
-
I wrote a wiki page on basic firebrick config...
http://support.aa.net.uk/FireBrick_2700_Configuration
But it can do a lot more.
-
Fyi, the entire user manuals are freely available at
http://www.firebrick.co.uk/manuals.php?PRODUCT=2700
-
The 2500 manuals are located here -- http://www.firebrick.co.uk/manuals.php?PRODUCT=2500
The 2700 manuals are located here -- http://www.firebrick.co.uk/manuals.php?PRODUCT=2700
I'm wondering what processor is used in those devices?
-
wondering what processor is used in those devices?
I believe it's ARM. There's a video on YouTube of a lecture given by RevK, one of the directors of Firebrick, where he talks about the origins of the group, and he mentions something about it there.
-
wondering what processor is used in those devices?
I believe its ARM. There's a video on YouTube of a lecture given by RevK, one of the directors of Firebrick, where he talks about the origins of the group, and he metions something about it there.
Ah, yes. You are correct. :) I only watched that video a day or two ago! (Brain fade. :-[ )
[off topic]
I am actually connected via a FireBrick 105 whilst making this post! And I've spent the last two hours attempting to upgrade its firmware . . . Without any success. :(
[/off topic]
-
I've heard reviews / people say its good, but is it really £500+ good? Does it really outperform similar £200~ budget routers?
-
is it really £500+ good? Does it really outperform similar £200~ budget routers?
Easily, and then some. The usability of it, the code quality and the vast range of functions. It's the wrong thing to compare it to £200 devices. It's a much cheaper and easier-to-use Cisco. It's a very serious business-grade device that has the ease of use that puts it into a class of its own.
Ask yourself, can you read, on approx one screenful, the entire config of your router, scan it for mistakes, and difference it to see what you changed? I can look at the config examples that CrazyTeeka pointed at earlier and copy-paste parts of them. The XML config is just sanity finally arrived. (And it's optional, if you don't speak XML, then you can simply use the web UI forms same as you would eith a home user router.)
I can't imagine ever going back to a SOHO-class router. It would be far too horrible. :-)
As for code quality, the Firebrick guys really know what they are doing, and bugs get fixed fast. The big difference compared to VastCorp's devices is that you can simply talk to the authors, they have names and are on irc and email and they will listen, no corporate paralysis.
Not six stars, but seven. Take a look at the XML config examples, the wiki and the manuals.
-
As another illustration of how serious this kit is: The devices (“fully loaded”? can't remember) offer VRRP.
The fully-loaded models speak BGP (and I think OSPF is coming), L2TP and offer easy VPN or (scary) IPSec VPN.
This illustrates my point about them being business-grade devices, not home-user ones. But their ease of use is better than home-user models anyway because of the XML config and copy-and-paste.
-
I've noticed something in the release notes for the April release of the FB2x00 software that leads me to think that
* the device now supports an attribute in a firewall rule called something like source-mac or mac-source which would allow you to write a rule based on the source mac address of a packet rather then its src IP. Very very handy and a big wish-list item for me knocked off. It's mentioned in the XSD description of types.
* I really hope there will be a symbolic value for a mac address, smae as there are symbolic named values IP ranges and lists of IPs.
For some reason, I suspect much much harder to implement, no sign of any companion dest or target mac attribute.
The documentation is very spotty, this is a perfect example. New features come out, they are a semi-secret, not well documented. The manual may or may not get updated. In this one case, the src mac address feature, it doesn't seem to be presented in the web forms UI, I suspect it's XML only. Someone needs to work on the docs at least part time, but regularly.
-
<snip>
The documentation is very spotty, this is a perfect example. New features come out, they are a semi-secret, not well documented. The manual may or may not get updated. In this one case, the src mac address feature, it doesn't seem to be presented in the web forms UI, I suspect it's XML only. Someone needs to work on the docs at least part time, but regularly.
I wonder if it would be worthwhile you offering your services to perform that task? To me, it appears that you are adequately qualified to do so, you have the relevant hardware and is something that can be done at a time that suits yourself . . . :-\
-
I just noticed this webpage, which gives potential users the ability to play with a Firebrick demo UI to see if you like it
http://fb2700.demo.firebrick.co.uk