IPFire hardware upgrade

calendar Mar 20, 2016 · 5 min read · ipfire  ·
Share on: linkedin copy

ALIX.2D13 during high network load

2016 seems to be the year of hardware upgrades for me. After replacing my ESXi host with a VSAN cluster recently, I also had to replace the D.I.Y. router after upgrading my internet connection. At maximum data throughput, CPU load and temperatur are increasing so heavily that other network traffic is slowing down unacceptably. Last year I migrated from IPCop 2.x to IPFire 2.x and feared that a hardware might be necessary in the foreseeable future.

APU product family

For 6 years, I have been using a ALIX.2D13 board by PC Engines as IPCop or IPFire. Because I was very satisfied with the hardware, I wanted to remain with the manufacturer. Some time ago, I already discovered the APU.1D product series. In comparison with the ALIX devices, they offer some interesting enhancements:

  • AMD Embedded G-Series T40E APUs - 64-bit dual-core
  • CF card slot was replaces by a SD pendant
  • 6 Gbit/s SATA and mSATA connectivity
  • Gigabit Ethernet instead of 100 Mbit/s network
  • Mini PCIe slots instead of MiniPCI card slots
  • SIM slot for UMTS modems

I was amazed when I discovered the even newer APU.2 family offering quad-core APUs, bigger cache and also ECC memory. But in my opinion these products are still beta as the BIOS firmware is not finished yet - there are plenty of missing functions:

  • SD card boot functionality
  • iPXE support
  • ECC memory support

In addition to that I stumbled upon websites on the internet reporting that there are driver issues on some Linux distributions. So - this is not a real option for me at this point, even if the price difference is quite small.

Model CPU Clock rate Cores Cache RAM
ALIX.2D13 AMD Geode LX800 500 Mhz 2 128 KB 256 MB
APU.1D2 AMD G T40E 1 Ghz 2 512 KB 2 GB
APU.1D4 AMD G T40E 1 Ghz 2 512 KB 4 GB
APU.2B2 / 2C2 AMD GX-412TC 1 Ghz 4 2 MB 2 GB
APU.2B4 / 2C4 AMD GX-412TC 1 Ghz 4 2 MB 4 GB ECC

Finally I decided to go for the APU.1D4. To bring it down to a round picture, I ordered a 802.11ac-capable WLAN card in addition to the bundle on my favorite online shop. Instead of using a SD card I also ordered a Kingston SMS200S3/60G mSATA SSD for additional tasks such as proxy server and update accelerator. 🙂

APU-Kit
IPFire-Set
APU.1D4 mit SSD und WLAN-Karte
Alte und neue Firewall

Installation on mSATA SSD

Usually, IPFire is installed on embedded systems by flashing an image to a memory card. For mSATA SSDs this is more complicated if you don't have an appropriate adapter. Fortunately, the APU boards have the CoreBoot BIOS and thus are able to boot from the network or USB. After powering-on the device, the boot menu is opened by pressing F10. Once the IPFire CD started, make sure to move to the "Serial console options" menu and select "Install IPFire (serial)" to start the installation. Otherwise, the serial console is not used and the installation won't work.

If a SSD is used, it is a common procedure to free unused blocks in periodic intervals. This requires TRIM support that is part of the Linux kernel for a couple of years. Freeing these blocks optimizes the SSD's durability and also write performance. In the IPFire board there is an example cronjob that I run weekly on my system:

 1# hdparm -I /dev/sda | grep TRIM
 2 * Data Set Management TRIM supported (limit 1 block)
 3
 4# vi /etc/fcron.weekly/batched_discard
 5#!/bin/sh
 6LOG=/var/log/batched_discard.log
 7echo "*** $(date -R) ***" >> $LOG
 8fstrim -v / >> $LOG
 9fstrim -v /boot >> $LOG
10fstrim -v /var >> $LOG
11
12ESC ZZ
13
14# chmod 0755 /etc/fcron.weekly/batched_discard
15# /etc/init.d/fcron stop ; /etc/init.d/fcron start
APU Boot-Menü
IPFire-Bootmenü
Dateisystem-Auswahl

WLAN

After the installation I saw that IPFire offers no WLAN card for the network configuration - but the device was detected anyway:

1# lspci|grep Qualcomm
205:00.0 Network controller: Qualcomm Atheros QCA986x/988x 802.11ac Wireless Network Adapter

The reason for this was, that the WLAN card driver (ath10k) was unable to load the required firmware - this can be seen in the boot log:

 1# less /var/log/bootlog
 2...
 3[   12.095632] ath10k_pci 0000:05:00.0: irq 47 for MSI/MSI-X
 4[   12.095723] ath10k_pci 0000:05:00.0: pci irq msi interrupts 1 irq_mode 0 reset_mode 0
 5[   12.372230] ath10k_pci 0000:05:00.0: Direct firmware load failed with error -2
 6[   12.372240] ath10k_pci 0000:05:00.0: Falling back to user helper
 7[   12.374067] ath10k_pci 0000:05:00.0: could not fetch board data 'ath10k/QCA988X/hw2.0/board.bin' (-2)
 8[   12.374321] ath10k_pci 0000:05:00.0: Direct firmware load failed with error -2
 9[   12.374326] ath10k_pci 0000:05:00.0: Falling back to user helper
10[   12.376061] ath10k_pci 0000:05:00.0: could not fetch firmware file 'ath10k/QCA988X/hw2.0/firmware-2.bin': -2
11[   12.376093] ath10k_pci 0000:05:00.0: Direct firmware load failed with error -2
12...

To fix the issue, the firmware needs to be copied to the system - the files can be downloaded from GitHub. There is also a list of required firmware files per hardware on the IPFire wiki. In my case, the following commands were required to make the WLAN card work:

1# mkdir -p /lib/firmware/ath10k/QCA988X/hw2.0/ ; cd $_
2# wget https://github.com/kvalo/ath10k-firmware/raw/master/QCA988X/board.bin
3# https://raw.githubusercontent.com/kvalo/ath10k-firmware/master/QCA988X/10.2/firmware-3.bin_10.2.2.39.6-1 -O firmware-3.bin

After a reboot the card was ready to use. Unfortunately, I found no way so war to utilize the 802.11ac standard.

Translations: