IPCop and Intel Quad PT Gigabit Ethernet Card

ipcop-logo1000pt_quad_port_server_adapter_off

IPCop is a great little Linux-based firewall distro I use for many reasons. It is really easy to work with and some modules are really great to have around for minimizing bandwidth waste and handling content-filtering as needed. The distro is designed to work on older, basic hardware and it does a great job with that. I remember a few years ago, I had it running on an old Gateway 500 mhz pentium and it ran like a champ.

But, as you get more and more users, it is nice to get some decent hardware for it. The new version if IPCop is around the corner, but until it arrives and because it is currently still based in the 2.4.x kernel, nicities like SATA and some more complex hardware options like SATA RAID, SATA CD-ROMs, etc. are not super easy to deal with. This is a distro that works well with an old PC, a bunch of PCI Intel nics, and some RAM and away you go. Well, when I bought a basic HP Proliant DL 120 1U server with native SATA and a PCI-X slot and the Intel Quad PT nic with the hope of getting a slick firewall box going, it was not a breeze.

The HP DL 120 can do SATA RAID via software but that is kind of off the table if I you want to do a hardware install. Getting IPCop running in a virtual image with VMWare Server or VMWare ESX is fine, but really I was not going to use those boxes for anything more than dedicated firewalls and routers and needed at least the four interfaces and didn’t want a huge 5U box in the server room, much less a few of those 5U PCs on their side.

So, enter the Intel Quad PT nic. IPCop sees and understands it just fine after you can get 1.4.20 to install. I had to hard-set the drive in the DL 120 BIOS to manual settings since it really didn’t have a legacy mode so IPCop’s 2.4.x kernel could easily deal with it. I also had to boot off the IPCop CD and have the IPCop installer media on USB to get things going, but once I did, I was able to see my 1U firewall on modern hardware running nicely. Except, I noticed a real problem on network latency.

My first idea was that the IPCop drivers for the Intel quad pt nic was just crappy. I started to go down the road of posting to the IPCop user list on whether it made sense to recompile the drivers from source available at Intel site. But, REALLY didn’t want to go down that road if I could help it. I was able to limp along on the system to be able to get the IPCop 1.4.21 update. I also played around with all teh various settings in the bios thinking perhaps the IRQs were more complex so perhaps the BIOS could better and more effectively dish the IRQs to the kernel.

None of that really did anything. It was only after I chose the kernel with ACPI did it really perform like it should. I then went through a bunch of high volume transfers to make sure the quad nic was going well. So, if are you going to try and build something like this and have performance issues with your Intel quad nic, ACPI is probably your friend on this.