[Bloat] What is the best firewall software/distribution for Cake/fq_codel?

Dave Täht dave at taht.net
Thu Jan 21 12:27:53 EST 2016 


On 1/20/16 8:31 AM, John Klimek wrote:
> I'm currently using pfSense on an x86 system and it's working great, but I'd like to use fq_codel and the upcoming Cake algorithm/system.

There is work going on to finally port this stuff to BSD.

> What is considered to be the best firewall software/distribution that will also be one of the first to support Cake?

At the moment cake remains under heavy development. (see the cake
mailing list) - but it does work on nearly every form of linux with a
little work. More benchmarking/testing is needed before the code can be
finalized.

it was my hope that "some vendor" - like ubnt, who were the first out
the gate with good fq_codel support in their edgerouter series - would
be tagging along this time - on cake, and actively tracking and more
importantly *financially supporting* the work. No such (visible) luck,
except from nlnet. Sigh.

Hardwarewise it looks like armada 385 based products are the most open
and hackable, so things like the linksys 1200ac and turris omnia will be
good choices * in the future *.

I still consider the state of the firmware on that chipset to be very
immature, but there is a lot of activity on it and it's getting better
rapidly.

There is a mt76 based board that is looking decent also.

> 
> It sounds like I can use OpenWrt and/or CeroWrt, but I'm unsure about the quality of the x86 version.  

CeroWrt, as we knew it, is "dead". Everything in it that was important
is in mainline linux now (and openwrt and derivatives). CeroWrt might
come to a resurrection of sorts as part of "make-wifi-fast".

x86 is not really a primary target for openwrt. Far too many variants -
I'd like to know of a good x86 board to use for openwrt, though - the
"quality" is there for sure - just have to find a decent embedded x86 board.

>Another suggestion I've seen was to use ipFire which supports fq_codel.

ipfire is pretty darn good for the x86 market.

> 
> Any suggestions?  Is there a "primary" firewall/distribution that Buffer Bloat recommends?

Not in the business of choosing sides. Goal in life is to make this
stuff and available default in everything so nobody ever has to think
about it anymore.

More information about the Bloat mailing list