Chipset Integrates Gigabit Ethernet, RAID, Firewall 249
EconolineCrush writes "Tech Report has a review of NVIDIA's latest Athlon 64 chipset, the nForce3 250Gb. The 250Gb is especially interesting because it's the first core logic chipset to integrate a Gigabit Ethernet MAC, hardware-accelerated firewall, and RAID across four Serial ATA and four "parallel" ATA devices. NVIDIA is even working with third party developers to help their software take advantage of the chipset's hardware firewall components. Looks like we've reached a point where chipsets will differentiate on features more than performance."
Lotta features on one chip (Score:2, Interesting)
Re:Lotta features on one chip (Score:5, Informative)
No, if anything it will be arguably faster than traditional north/south-bridge pairs.
Ever hearD of a BIOS? (Score:3, Insightful)
Interesting (Score:5, Interesting)
Sun's Idea (Score:5, Interesting)
Skip the Firewall (Score:5, Interesting)
Re:Skip the Firewall (Score:5, Interesting)
Wrong application I think (Score:5, Interesting)
This may just be somehting that the people at compusa can read off the tag. "Integrated firewall firewall for increased security". Either that or another feature for power users to tick off. Possibly similar to how pentium ads talk about optimization for streaming internet video when any processor made after 1997 can stream anything on the net today.
The Windows XP Firewall (Score:3, Insightful)
That said, SP2 will ship with a much improved firewall that could be called a Zone Alarm lite, but honestly, my preference is still for a hardware level firewall. The reason for this is you're stopping the traffic before it ever touches the system, helping to stop a vulnerability in
Ummmm (Score:3, Informative)
Re:Skip the Firewall (Score:2)
So now they have a hardware firewall, XP's firewall, and often some additional software firewall. The only problem with monkeys having this type of stuff is that they often have problems with it and disable the functionality. I've seen this happen far too often.
Don't Skip the Firewall (Score:4, Informative)
Re:Don't Skip the Firewall (Score:3, Insightful)
This is a Windows thing I presume? Don't know how the rest of the world works, but when my firewalled servers start, everything is "denied" while the interfaces are brought up. Once that happens, it loads my ruleset.
He's talked about the board's embedded firewall (Score:3, Interesting)
Apparently the board's firewall is based on a modified Linux kernal in the firmware that boot's a embedded processor before the bios finishes loading & WinXP's bootloader start's running.
Re:Skip the Firewall (Score:3, Insightful)
I have an old computer doing firewall too. But I realize I'm in a minority on that.
Apparently, you're not in IT-Sec (Score:3, Interesting)
It's not like an on-chip firewall is going to slow down your box, and no one said you have to configure it to allow access to the rest of your network (like a gateway firewall), it's just an extra layer of protection that you can tailor much
Firewall Easily Disabled (Score:2, Informative)
If you aren't looking to use the firewall, it looks like it's pretty easy to turn it off.
In the Forceware screenshot [techreport.com] it shows a line labeled "Firewall Setup: Change firewall profiles including turning Firewall on/off." But, I guess if price was an issue, and you the firewall kept you from getting it, I could see that. Seems to me, this would be cheaper than a spare system in the closet. I guess you would have to test it with the firewall on/off to know if it was stealing your cycles, though.
The ForceWar
Re:Skip the Firewall (Score:5, Interesting)
Stop believing so strongly in perimeter-level security alone. If your nice router or outdated system gets compromised, it's always going to be better to have a secondary line of defense.
There are good practices for managing your security risks. The rule of thumb is that you can never be too paranoid.
-transiit
More... (Score:3, Insightful)
I have a feeling it's got to do with pointless features more than anything else.
Re:More... (Score:5, Insightful)
A hardware firewall implementation is intended to allow firewall software to process data at a much faster rate. Higher packet matching and filtering rates and less load on the CPU itself.
There are several such co-processing units available for encryption already. Just because you install a security co-processor doesn't mean your system is secure.
With Gigabit networks, it is very handy to be able to offload functions like packet matching to a chip other than the main processor. Even a with a very fast main processor, you will notice a severe system load with a complex firewall ruleset and a traffic load that can theoretically hit 120MB/s.
This is one of the reasons that ultra-high end routers and firewalls are so much more efficient at handing large traffic loads... they have processors specifically designed and dedicated to processing Ethernet/IP/whatever traffic.
My real question is how open is the spec? I would love to see security co-processor support in the Linux kernel. The Linux kernel is still lagging behind Free/OpenBSD in that it will not make use of crypto cards.
Re:More... (Score:5, Interesting)
Yes.
It is clear that edge firewalls are not sufficient. A network with squishy insides is doomed the first time some "salesrep" wanders in from who-knows-where and plugs his broken, virus ridden, misconfigured, obsolete laptop into your switched network. Every cotton pick'n host connected to a network needs a basic stateful packet filter, and wouldn't it be nice if it was entirely OS independent?
There will be a firewall built into your chipset, your OS, your router...
Nothing wrong with that. Since when has choice been a problem? If it's responsible for passing packets it should have a means of filtering them. A simple principle, really.
A basic stateful packet filter (a.k.a firewall) is a fairly simple, well understood mechanism. Firmware is the ideal place to implement it. It will work regardless of which operating system is installed/upgrade/misconfigured. It will work before the OS boots! Many good commercial firewalls are based on only low-power embedded CPU's and flash memory, yet provide very comprehensive firewall functions, multiple interfaces with complex routing, VPN, SNMP, etc.
wow! (Score:2, Funny)
I've always wanted a Mac inside my PC! I can't wait to pick up my nVidia G5/ia64-based computer!
Re:wow! (Score:5, Insightful)
Re:wow! (Score:2)
Re:wow! (Score:2)
Re:wow! (Score:2)
steve
Re:wow! (Score:2)
What if that built-in firewall has a future hole? (Score:4, Insightful)
Re:What if that built-in firewall has a future hol (Score:2)
Notice that the article mentions the possibility of 3rd party developers using the hardware component -- perhaps iptables can utilize it as well.
Re:What if that built-in firewall has a future hol (Score:2)
More tainted module ?? (Score:5, Insightful)
And as with everything... (Score:2, Insightful)
Complex systems (Score:2)
RAID, which is a totally distinct system, has no business being there.
It would be better still if we could believe the design will be properly tested and validated to the point anyone could have confidence in it.
Re:Complex systems (Score:2, Insightful)
You have the chipset being the bus's traffic cop and directing everything, and on top of that, its going to analyze, though probably very simply, and scrub every packet that crosses it. It just strikes me as something that the chipset shouldn't be doing, if you really feel the need for a firewall on chip, throw it on a special NIC. On top of it, how do you update it when every problem is found? Flash the
Re:Complex systems (Score:2)
If you're looking for that kind of testing and validation, don't hold your breath.
That kind of validation doesn't generally come on the inexpensive boards, and it's been my experience that even the higher-end boards (with correspondingly higher-end price tags) still aren't too much better than the low-ends.
steve
Re:Complex systems (Score:3, Insightful)
* And software is fast enough for SATA. If you're using Ultrafast FibreChannel or something then you might like the hardware RAID better...
RE: Yeah... Cool. (Score:5, Insightful)
Cause if it's like the early nforce boards, I was much better off with Via's stuff.
Nvidia's great suff, but I just haven't been impressed with their provided drivers yet. Comparing several build ATI+VIA systems to Nvidia core systems, I have far less problems, hassles, and overall better performace out of the ATI+VIa ones.
Like take the Asus offerings. The A7NX's rocked, but the nforce eqivalent.. sure it had like extra nic's, and other goodies, just didn't hold pace with a clean linux kernel and 3 gig's of ram.
I switched the $150 nforce chipset board with a $60 Via, and ended up with a MUCH better high end workstation.
Of course, I guess not everyone needs 3 gigs of ram.
Re: Yeah... Cool. (Score:2)
Great strides have been made since the first NForce.
Re: Yeah... Cool. (Score:2)
There's is no motherboard that I'm aware of called the A7NX. Asus does make the A7N8X, which is generally considered one of the better motherboards available, supports 3 gigs of ram, and is based on the NForce2 chipset.
The N in the product number reveals that it uses an NVidia chipset. If it was a Via board, it would have a V instead of the N.
(I personally own an A7N8X and love it. I haven't had much luck with Linux on it,
Good in theory, but how open? (Score:5, Insightful)
It doesn't say that they've published the necessary APIs and/or documentation for taking advantage of this feature, only that they're "letting" people take advantage of it. Does this mean it will remain closed and non-free like the nForce ethernet driver on previous chipsets? While they do release a "tainted" Linux driver, they don't allow groups like the OpenBSD project access to the documentation in order to write their own driver.
All that hardware off-loading of processing from the CPU is not going to benefit everyone unless they freely provide documentation for using it.
Here's hoping they release the necessary documentation instead of hoarding it like Intel has done with their on-NIC IPsec off-loading.
Other than that, I really like the integrated firewall for two reasons:
1.) It starts before the OS would have the ability to start a firewall
2.) It (apparently?) works regardless of OS (that's a big question mark)
Re:Good in theory, but how open? (Score:2)
Yes
drivers... (Score:2, Insightful)
oh wait, did you say nvidia? nevermind. buggy binary drivers, no support for advanced features, drm, and linux only (no bsd allowed).
linux raid support please? (Score:4, Interesting)
I hope manufactures start to notice that a lot of people who buy the high end motherboards are the same people who are likely to use linux exclusively or at least dual boot. Initially, most of the popular serial ata chipsets included with motherboards, silicon image 3112 comes to mind, had lousy linux support particularly for the raid features. 2.6 has come a long way with ide raid support mostly due to developer's working to reverse engineer, but maybe just maybe manufactures will start to realize that linux support early on is a good and profitable business practice.
Re:linux raid support please? (Score:5, Interesting)
Re:linux raid support please? (Score:2)
Re:linux raid support please? (Score:3, Insightful)
Most of the cheap 'IDE/SATA RAID' chips and cards (those that don't have on-board RAM) are nothing more than a glorified software RAID driver and a on-card BIOS that enables booting from the RAID.
Except for the boot support, you get exactly the same with Linux software RAID - and with the added bonus that you can use any SCSI and IDE/SATA disk connected to any c
Features v performance? (Score:5, Insightful)
I think we reached that point long ago. The chipset performance difference is often less than 5%, and usually less than 2%. Are you going to notice that in day-to-day activities? Not likely. Chipset loyalties, features, past experiences, these are the things that matter. After 2 years of rock solid performance on my Nforce 1, I would have to be hard pressed to switch to Via if they had a performance difference. Plus Nvidia's drivers generally work, and they try to make drivers that work no matter what board you have, just like their graphics cards.
Not that I'm a die-hard Nvidia chipset fan. At the time I bought the board two years ago, however, only the Nforce board provided all the features I wanted at the budget I was shooting for. The integrated video isn't horribe either, unlike Intel's Extremely Nasty solution.
Differentiating on features more than performance? I thing the legions of Small Form Factor junkies kind of make the argument that that bridge was crossed quite a while ago. They settle for less performance, and practially all reviews of those boxen focus on the features, and less on performance.
most importantly (Score:5, Interesting)
Worth it just for the network performance (Score:2)
Performance doesn't suffer... (previews) (Score:3, Informative)
http://www.gamers-depot.com/hardware/motherboar
http://techreport.com/reviews/2
My one regret... (Score:4, Insightful)
And the really nice part? When/if you DO stick an even better card in the AGP slot, you can still use the onboard for a second monitor.
For quite some time now, all of the machines I've built for our office have used NForce2 IGP chipsets, for precisely those reasons. A board that costs $100 (or less), is rock-solid, has terrific driver support, stellar performance, sound, network, etc. makes my life very, very easy. In fact, $450 will put together a VERY nice system (sans monitor) based on them.
Plus, the fact that they'll play quite a few games (Q3, WarCraft III, Counter-Strike) incredibly well makes staying late very enjoyable....
As a matter of fact, I'm going to upgrade my machine at home in the next month or two, and chances are that I'll keep using the same boards!
steve
Re:My one regret... (Score:2)
However, AFAIK, you could never use the integrated video with anything in the AGP slot.
-Erwos
Re:My one regret... (Score:2)
However, AFAIK, you could never use the integrated video with anything in the AGP
Ssshhhh! Don't tell my machines! ; )
Several of the NForce2 motherboards I have at the office are setup with a video card in the AGP slot, and two monitors. On the Asus boards, there were a few hoops to jump through, but on the Abits, it was a lot less hastle.
steve
Re:My one regret... (Score:2)
I've always wondered why motherboard manufactuers didn't use the mobile graphics chips and integrate them. Seems like an easy one chip solution, and you pop an ATI M11 (Radeon 9700 Mobility) and you'd have a nice little graphics chip for very little overhead. Heck, with the better cooling environment available in a des
If it's bad as the rest of nVidia's stuff,... (Score:4, Interesting)
And they're "good" about Linux support. That just underscores why open drivers are a must.
Graphics cards, chipsets - CPUs next? (Score:3, Interesting)
The next logical step would be an Nvidia CPU, perhaps integrated with other technologies. Wishful thinking?
Why didn't they go further (Score:2, Interesting)
finally (Score:2, Insightful)
Once we get past the "dumb beast" stage, the stage at which we believe bigger-is-better (in this field, more MHz), we reach a point where quality and smart features that are useful in today's world are what differentiates products. I've wished the market supported proper chipsatz (I just like how it sounds in German say it, so shoot me) development for a long time, now this news seems like bringing that a step closer to reality. It's a known fact that Intel, when they
nVidia to become a partner with MS and Phoenix? (Score:4, Interesting)
Re:nVidia to become a partner with MS and Phoenix? (Score:2)
Check if your system offers PXE network boot.
Nice networking advances.. (Score:2)
- Gig-E on the chipset. Most NIC's attach via the PCI bus. Even the integrated NIC's on the motherboard, they connect via the PCI bus. Since a standard 32bit/33MHz bus tops out at 1Gbps, you've got a bottleneck if you want to do anything else - like access the disk. They bypass that, and give it direct access to the system bus. Their performance results are impressive.
- The article claims that it supports "TC
Hey, iptables running in hardware? (Score:3, Interesting)
Wonderful! (Score:3, Interesting)
Re:Wonderful! (Score:3, Informative)
Re:I disagree (Score:3, Interesting)
Re:I disagree (Score:5, Interesting)
I thought the same as you.. but ever since I got my Asus A7N8X Deluxe, I've changed my mind about onboard audio. This baby has an amplified main output, 6.1-channel dolby digital capability, and an SPDIF output, onboard!
It also has *2* NICs onboard, an SATA controller (with RAID), Dual channel DDR 400mhz memory controller, AGP8x, 6 USB2.0 ports, 2 Firewire ports (both 4 and 6 wire), and something I thought had long gone missing from PCs: the midi/joystick connector!
This motherboard has everything, and the kitchen sink (the bus is actually 8-bit HyperTransport v1.0 from what AIDA32 claims), and it's ROCK SOLID stable.. what more could you ask.. oh yeah, it's relatively cheap too.
(Disclamier: I have nothing to do with Asus, just a very satisfied customer)
Re:I disagree (Score:5, Interesting)
Re:I disagree (Score:2)
Re:I disagree (Score:4, Informative)
BTW, since this is Slashdot I should mention to people that if you plan on running Linux, avoid this board like the plague. It is HORRIBLE under Linux. I've got one with 1 GB of Infineon DDR RAM and an Athlon XP 3200+. I've had to underclock my processor down to 2500+ and completely disable APIC support and compile a vanilla Linux kernel with absolutely no reference to APIC or ACPI before the system would run stable for more than an hour. Now I MAYBE get 2 weeks out of it before it just crashes hard... sometimes it locks up, sometimes it just reboots itself. memtest shows memory is fine, replaced video card, and am using the onboard ATA controller and an Intel gigabit ethernet card with onboard NICs disabled. 2.4.25 kernel still causes crashes. I don't know if it's temperature or what, but this system sucks ass. Average (remember, running at XP 2500+ speeds) is 48C idle. If I bump it up to 3200+ it sits at 52-53C idle and gets up past 70C on high CPU load and is probably going into thermal shutdown. This is with a huge Zalman flower cooler on it and 3 other fans blowing onto it. Piece of shit system.. I wanted a Mac G5!
Re:I disagree (Score:2, Insightful)
It'
Re:I disagree (Score:2)
Re:I disagree (Score:2)
I've been using the A7N8X running Suse 9 as my primary desktop at home since the board first came out. For the first month I had terrible stability problems, until I figured out it was a bad IDE cable. Since then this motherboard has been rock solid under Linux for months now. Of course, that might change now that I've bought this SATA drive... :-)
Re:I disagree (Score:3, Interesting)
Sad that these otherwise snazzy NForce3s don't have near as nice onboard sound as the NF2s though.
Re:I disagree (Score:2)
Ah, how the chickens come home to roost. The bottom line is quality of the parts on the motherboard.
I disagree with your disagreement (Score:2, Informative)
Then I tried this mobo in linux. SuSE did a normal install fine. As soon as I installed video and motherboard drivers, the whole OS was FUBAR. Pretty much the same thing in Red Hat... except I sorta got most of it usable (sound is
Re:I disagree (Score:3, Interesting)
Re:I disagree (Score:2)
Besides, people have trusted hardware firewalls for a long time now. If they're done right, they're better than software.
Re:I disagree (Score:2, Interesting)
Re:I disagree (Score:2, Interesting)
I'm all for integration - i think it will be more reliable, consume less power, and be more environmentally friendly in the long run. If you don't require all the 'features', then buy a motherboard with fewer integrated features. I just don't see the point of favoring a PCI NIC over an integrated one.
Re:I disagree (Score:2, Interesting)
Reliability... well, I don't really agree with you there.. KISS is the most reliable in my opinion.
Less power is a non-issue for me (yes, I suck as an environmentalist
Each to their own opinion...
Re:I disagree (Score:3, Insightful)
Re:I disagree (Score:2)
Then again, the majority of us will be buying the largest size, so maybe it's a non-issue.
Re:I disagree (Score:5, Insightful)
You say security is what you look for in a motherboard - how is this motherboard, with a well designed, built in, hardware level firewall, any less secure than any other motherboard that is the same except for the firewall. Or are you complaining about the SATA? Motherboards with SATA should be banned, and we should all still stick with ATA alone? Or maybe its the onboard RAID? Or is 100base onboard ethernet somehow better than GB?
The more I think about it, the more I realize that I shouldn't respond to this at all, but should have given you a -1:Flamebait. I mean if " Security, stability, and performance are the top features I look for in a motherboard", then RTFA and notice that performance is ahead of its class, and its very stable, not to mention the extra steps taken for security. Hopefully some mods will take care of this.
Re:I disagree (Score:2)
You know you can turn off these things in the BIOS and justuse a seperate card in a PCI slot. If the onboard networking, RAID or SCSI stops working, get a network, RAID or SCSI card and pop it in and away you go.
Re:I disagree (Score:2)
Actually, I do think that motherboards should come without Network cards, without raid controllers etc. If the network card stops working, replace the network card
Well yeah - except you can disable the onboard nic from the BIOS - so its still just a nice added value. My home is all wireless, but its nice to be able to use the onboard nic when the need arises. Its really
Re:I disagree (Score:2)
Re:I disagree (Score:2)
"Oh come on, its nothing like what Microsoft does" I was referring to Microsofts tendency to include everything and the kitchen sink with an Operating System, e.g. Media player, Internet Explorer, Games etc
Of all the operating systems that come to mind, linux distros, bsds, macOS and solaris I'd have to say that Microsoft includes the least number of programs with its OS. A typically linux distro has hundreds of applications compared to MS Windows's uhm... 10? Not that is relevant to the real
Re:I disagree (Score:2)
actually you've got that backwards.. windows utilizes a microkernel architecture where as linux has mucho crapo built into the kernel. much more to break, it's just well built. also, I know it depends on the distro.. but you can't say windows comes with more crap ou
Re:I disagree (Score:2)
Re:I disagree (Score:2)
Re:I disagree (Score:2)
Re:I disagree (Score:2, Interesting)
Assuming your motherboard has PCI slots, nothing is stopping you from putting in third party components. I'm perfectly content with the onboard nforce2 audio on the MSI board I have at home for gaming. It sounds the same, if not much better than the SB PCI 512 I had my old machine. The nvidia ethernet works fine as well under Windows XP. Now that I think about it, the only thing t
Re:I disagree (Score:5, Interesting)
And from a maintenance standpoint, I disagree with you. Yes, motherboards are cheap, but there's a considerable difference in the labor required to swap out a motherboard, and replacing a single card. That may not be important to you or me, but to a user that is dependent upon his local computer store (or a large corporation that has limited IT resources) it can be. Yes, you can just shotgun the entire motherboard, but the odds of the new one being register-compatible with the old one are low, and given that current Windows OSes aren't particularly drive-portable you're probably screwed.
A decent sound card goes for $30 and a decent NIC for $5 nowadays, so you really aren't saving much by going with onboard I/O. The idea is to save computer makers money, not necessarily to provide you with a better or more maintainable product. One of my favorite older motherboards was Abit's KT7A-RAID: no sound, no network, no video, just a bunch of PCI slots, AGP, and even an ISA slot. Their thought was that they were selling to people that wanted control. Ended up being one of the best boards I've ever owned.
Re:I disagree (Score:2)
Re:I disagree (Score:2)
Re:I disagree (Score:2)
For example, Tyan's S2707 [tyan.com] is a real nice P4 board with onboard video and dual gigabit LAN. No IDE Raid, though it may be an option.
Pretty fast, but more of a server board than a workstation.
Re:News? (Score:2)
good point.
Re:Features suck (Score:2)
I wouldn't mind seeing a real high-quality port that can be used for 10+ years and can be performed with all purpose. Imagine a USB-like port that can do scsi, network, VGA, and every thing in between.
Re:Wow? (Score:5, Informative)
No difference between an Asus and an Abit motherboard?
From the numerous Abit NF7-M and Asus A7N8X-VM motherboards I've used to build all of the office machines for some time, I can tell you that there's a BIG difference between an Abit and an Asus motherboard:
The Abit works.
Now, I know, that sounds a bit cynical. And I can't say that none of the Asus boards have worked. But I *can* say that the Asus boards have been quirky, odd, and just plain wankery. The Abit boards have been solid, reliable, and terrific.
As an example, I've had to add a PCI NIC to most of the Asus boards. The onboard LAN is just too flaky. I've watched as users rebooted, only to have their onboard NIC disappear, even though still enabled in the BIOS.
I'm by no means anti-Asus. In fact, the Asus boards have some tweaks in the BIOS that I really like. But my time is valuable, and the Abit boards take a lot less of my time.
steve
Re:OffTopic: Digital Camera w/Upgradable Image Sen (Score:2, Interesting)
I once found on Canon's website a manual on how to clean an digital SLR sensor.
Basically a digital SLR is a body+electronics+sensor and you can screw on your own lens. Note that while professional camera bodies are expensive, good lenses are also very expensive, so it makes sense to keep your lenses when you change body to a new camera. And, of course, if you are going to change the sensor you need to change the electronics too - which leaves the metal case which is not