The WYSE 5070, a perfect little VyOS device

The WYSE 5070, a perfect little VyOS device

As a bit of a networking nerd, I’m always on the hunt for cheap and powerful hardware that I can toss VyOS on. The WYSE 5070 thin client is my latest find.


For a while now, I’ve been looking for a replacement to a Supermicro E200-9B that I had an “accident” with. By accident, I mean I killed the box by messing around on it with a FlashCat.

I wanted something that was similarly low power usage, and I wasn’t really looking to spend too much, especially since it was my own silliness that killed the last one.

The Hardware

After a bit of hunting, I found the Dell WYSE 5070.

This is a Intel Pentium Silver DDR4 platform based on the J5005. There are two versions, the thin and the thick version, with the latter having room for a PCIe card. I found some for $60 locally, but they can easily be found online for only a little more.

front

The versions I bought were the thin version, which only have a single Realtek NIC. But they have USB-C on the front, which means a second gigabit NIC can easily be added. And as I’m running VyOS, Realtek NICs aren’t a problem at all.

rear

The Goods

Inside, the version I have came with:

  • A single Realtek NIC. This isn’t a problem for me because I have a managed switch for router-on-a-stick.
  • Three DisplayPorts
  • A variety of USB ports. Don’t ask me about revisions as that USB naming scheme is a mess that I can’t be bothered to look up. I do know there is a USB-C port at 5Gbps. The other USB ports are blue, meaning better than USB2.0.
  • Serial port. It would have been nice to turn this into a console redirection port for a sort of out-of-band access, but I couldn’t figure it out.
  • 16GB eMMC storage. I’m pretty sure I could just install straight to this, but for now I wanted to leave it intact in case I wanted to play with ThinOS. Though I do know that it’s generally recommended to skip eMMC storage for anything that might do lots of writes, like a firewall logging a bunch.
  • 4GB of DDR4 RAM. Officially these only support 8GB, but I added another 8GB for a total of 12GB. Apparently 16GB and even possible 32GB will work, which I have sticks for, but I haven’t had a chance to rearrange things to test. Confirmed. Currently running 32GB in it without an issue.
  • An M.2 storage slot. I tossed a Crucial MX500 in here because eventually this thing might become a tiny VM Host. Plus, I got it cheap on Black Friday.

A peek inside and this thing is surprisingly expandable.

  • Towards the left, you see the blue USB internal header that could be used for an internal USB drive.
  • The top has the unused M.2 WiFi slot.
  • Above the battery, you can see the PCIe header which would be populated if this was the thick version of the box.
  • And then of course the M.2 SSD and extra RAM that I added.
the guts

Power Consumption

The idle power consumption on this device is amazing:

killawatt

The highest usage I saw was during boot where it hit a whopping 15 watts. Oh, and I’m dangling an additional SSD off a SATA wire to use temporarily as a boot drive since I was doing other testing with this server, so that 5.7 watts includes this guy:

sata wire

VyOS

Installing VyOS is pretty standard. In this case, I just used Etcher to put the latest VyOS Rolling ISO on a USB, and ran through the quick install.

As mentioned above, I’m just doing a router-on-a-stick setup with the single onboard NIC, but I also tested out a USB-C Gigabit Ethernet adapter and it worked identically.

Config

The config I used was almost verbatim from the VyOS Quick Start Guide, except I’m using VLANs and a static WAN IP. In my case, VLAN10 is the “WAN” and VLAN2222 is my test LAN here.

firewall {
    all-ping enable
    broadcast-ping disable
    config-trap disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name OUTSIDE-IN {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    name OUTSIDE-LOCAL {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            icmp {
                type-name echo-request
            }
            protocol icmp
            state {
                new enable
            }
        }
        rule 30 {
            action drop
            destination {
                port 22
            }
            protocol tcp
            recent {
                count 4
                time 60
            }
            state {
                new enable
            }
        }
        rule 31 {
            action accept
            destination {
                port 22
            }
            protocol tcp
            state {
                new enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    twa-hazards-protection disable
}
interfaces {
    ethernet eth0 {
        duplex auto
        hw-id 6c:2b:59:3c:f7:4e
        smp-affinity auto
        speed auto
        vif 10 {
            address 10.0.10.234/24
            firewall {
                in {
                    name OUTSIDE-IN
                }
                local {
                    name OUTSIDE-LOCAL
                }
            }
        }
        vif 2222 {
            address 10.222.222.1/24
        }
    }
    loopback lo {
    }
    wireguard wg0 {
        address 10.172.24.60/24
        peer edge {
            allowed-ips 10.172.24.1/32
            endpoint 10.0.10.1:2224
            pubkey ****************
        }
    }
}
nat {
    source {
        rule 100 {
            outbound-interface eth0.10
            source {
                address 10.222.222.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        route 0.0.0.0/0 {
            next-hop 10.0.10.1 {
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name LAN {
            subnet 10.222.222.0/24 {
                default-router 10.222.222.1
                dns-server 10.53.53.53
                domain-name internal-network
                lease 86400
                range 0 {
                    start 10.222.222.98
                    stop 10.222.222.200
                }
            }
        }
    }
    ssh {
        port 22
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            level admin
        }
    }
    name-server 10.53.53.53
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}

Tests

I ran a number of different tests to try and show how this thing might perform in real world usage.

Speedtest

The first test was just a normal speedtest. If someone were going to install this for their primary firewall and router, this is probably the first thing they would do:

basically gigabit speedtest

As I’ve mentioned a few other times, this is basically gigabit on my network. And what was the CPU doing during this?

70% on a single core with a speedtest

With about ~70% usage on a single core out of four, this little J5005 doesn’t do too terribly.

File Copy – CIFS

For this test, I copied a single large file from a fileserver elsewhere on my network over an CIFS mounted share.

copying at over 750Mbps

97.2MB/s or 777Mbps is pretty admirable for a simple file copy.

And the CPU usage on the WYSE 5070 during the copy:

Again, with only 60% usage of a single core, I think that shows this thing has lots of room for growth.

Simple iperf3

A simple iperf3 gives us gigabit performance:

[email protected]:~$ iperf3 -c 10.0.10.1 -P2
Connecting to host 10.0.10.1, port 5201
[  4] local 10.0.10.234 port 32910 connected to 10.0.10.1 port 5201
[  6] local 10.0.10.234 port 32912 connected to 10.0.10.1 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  57.2 MBytes   480 Mbits/sec    0    209 KBytes
[  6]   0.00-1.00   sec  56.9 MBytes   478 Mbits/sec    0    198 KBytes
[SUM]   0.00-1.00   sec   114 MBytes   958 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   1.00-2.00   sec  55.9 MBytes   469 Mbits/sec    0    209 KBytes
[  6]   1.00-2.00   sec  55.7 MBytes   467 Mbits/sec    0    198 KBytes
[SUM]   1.00-2.00   sec   112 MBytes   936 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   2.00-3.00   sec  56.1 MBytes   471 Mbits/sec    0    209 KBytes
[  6]   2.00-3.00   sec  56.1 MBytes   471 Mbits/sec    0    198 KBytes
[SUM]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   3.00-4.00   sec  55.7 MBytes   467 Mbits/sec    0    209 KBytes
[  6]   3.00-4.00   sec  56.1 MBytes   471 Mbits/sec    0    223 KBytes
[SUM]   3.00-4.00   sec   112 MBytes   938 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   4.00-5.00   sec  54.3 MBytes   456 Mbits/sec    1    228 KBytes
[  6]   4.00-5.00   sec  58.2 MBytes   488 Mbits/sec    0    240 KBytes
[SUM]   4.00-5.00   sec   113 MBytes   944 Mbits/sec    1
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   5.00-6.00   sec  54.7 MBytes   459 Mbits/sec    0    228 KBytes
[  6]   5.00-6.00   sec  56.9 MBytes   477 Mbits/sec   45    240 KBytes
[SUM]   5.00-6.00   sec   112 MBytes   936 Mbits/sec   45
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   6.00-7.00   sec  53.8 MBytes   451 Mbits/sec    0    228 KBytes
[  6]   6.00-7.00   sec  57.7 MBytes   484 Mbits/sec    0    240 KBytes
[SUM]   6.00-7.00   sec   111 MBytes   935 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   7.00-8.00   sec  54.2 MBytes   455 Mbits/sec    0    228 KBytes
[  6]   7.00-8.00   sec  58.2 MBytes   488 Mbits/sec    0    240 KBytes
[SUM]   7.00-8.00   sec   112 MBytes   942 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   8.00-9.00   sec  52.2 MBytes   438 Mbits/sec    0    230 KBytes
[  6]   8.00-9.00   sec  59.8 MBytes   502 Mbits/sec    0    247 KBytes
[SUM]   8.00-9.00   sec   112 MBytes   940 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   9.00-10.00  sec  51.7 MBytes   434 Mbits/sec    0    230 KBytes
[  6]   9.00-10.00  sec  59.8 MBytes   501 Mbits/sec    0    247 KBytes
[SUM]   9.00-10.00  sec   111 MBytes   935 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   546 MBytes   458 Mbits/sec    1             sender
[  4]   0.00-10.00  sec   545 MBytes   457 Mbits/sec                  receiver
[  6]   0.00-10.00  sec   575 MBytes   483 Mbits/sec   45             sender
[  6]   0.00-10.00  sec   574 MBytes   482 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec  1.09 GBytes   941 Mbits/sec   46             sender
[SUM]   0.00-10.00  sec  1.09 GBytes   939 Mbits/sec                  receiver

And similar CPU usage to the other tests, 50% usage on a single core:

50% usage on a single core

WireGuard

If you read through the config above, you’ll notice I dropped in the config for a WireGuard tunnel to my main router.

Even though WireGuard isn’t 100% vetted yet, it’s enough that I believe it will be officially part of the Linux kernel soon. And hopefully these results will demonstrate why:

[email protected]:~$ iperf3 -c 10.172.24.1 -P2
Connecting to host 10.172.24.1, port 5201
[  4] local 10.172.24.60 port 36752 connected to 10.172.24.1 port 5201
[  6] local 10.172.24.60 port 36754 connected to 10.172.24.1 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  54.3 MBytes   456 Mbits/sec    0    281 KBytes
[  6]   0.00-1.00   sec  53.9 MBytes   452 Mbits/sec    0    283 KBytes
[SUM]   0.00-1.00   sec   108 MBytes   908 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   1.00-2.00   sec  53.5 MBytes   449 Mbits/sec    0    281 KBytes
[  6]   1.00-2.00   sec  53.5 MBytes   449 Mbits/sec    0    283 KBytes
[SUM]   1.00-2.00   sec   107 MBytes   898 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   2.00-3.00   sec  53.5 MBytes   449 Mbits/sec    0    293 KBytes
[  6]   2.00-3.00   sec  53.5 MBytes   449 Mbits/sec    0    283 KBytes
[SUM]   2.00-3.00   sec   107 MBytes   898 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   3.00-4.00   sec  53.7 MBytes   451 Mbits/sec    0    293 KBytes
[  6]   3.00-4.00   sec  53.7 MBytes   450 Mbits/sec    0    283 KBytes
[SUM]   3.00-4.00   sec   107 MBytes   901 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   4.00-5.00   sec  53.3 MBytes   447 Mbits/sec    0    293 KBytes
[  6]   4.00-5.00   sec  53.4 MBytes   448 Mbits/sec    0    310 KBytes
[SUM]   4.00-5.00   sec   107 MBytes   895 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   5.00-6.00   sec  53.3 MBytes   448 Mbits/sec    0    293 KBytes
[  6]   5.00-6.00   sec  53.3 MBytes   447 Mbits/sec    0    310 KBytes
[SUM]   5.00-6.00   sec   107 MBytes   895 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   6.00-7.00   sec  53.7 MBytes   451 Mbits/sec    0    293 KBytes
[  6]   6.00-7.00   sec  53.6 MBytes   450 Mbits/sec    0    310 KBytes
[SUM]   6.00-7.00   sec   107 MBytes   900 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   7.00-8.00   sec  53.0 MBytes   444 Mbits/sec    0    293 KBytes
[  6]   7.00-8.00   sec  53.0 MBytes   444 Mbits/sec    0    310 KBytes
[SUM]   7.00-8.00   sec   106 MBytes   889 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   8.00-9.00   sec  54.0 MBytes   453 Mbits/sec    0    415 KBytes
[  6]   8.00-9.00   sec  53.8 MBytes   451 Mbits/sec    0    415 KBytes
[SUM]   8.00-9.00   sec   108 MBytes   904 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   9.00-10.00  sec  53.5 MBytes   449 Mbits/sec    0    415 KBytes
[  6]   9.00-10.00  sec  54.0 MBytes   453 Mbits/sec    0    415 KBytes
[SUM]   9.00-10.00  sec   107 MBytes   902 Mbits/sec    0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec   536 MBytes   450 Mbits/sec    0             sender
[  4]   0.00-10.00  sec   535 MBytes   449 Mbits/sec                  receiver
[  6]   0.00-10.00  sec   536 MBytes   449 Mbits/sec    0             sender
[  6]   0.00-10.00  sec   534 MBytes   448 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec  1.05 GBytes   899 Mbits/sec    0             sender
[SUM]   0.00-10.00  sec  1.04 GBytes   897 Mbits/sec                  receiver

Getting 900Mbps on a $60 thin client? That’s pretty amazing in my book.

Finally we are stressing the CPU a bit, 60%, 35%, 25%, 25% on the various cores:

all core usage

I think the screen on my kill-a-watt is dying as I’m having a heck of a time photographing it. But this 12.7 watts is the power usage when testing WireGuard, which is about the most amount of stress I was able to put on this little server:

12.7 watts

Conclusion

It’s amazing that these things are going for only $60. Well, a bit more since I added the extra drive and RAM. And this is for hardware that according to Dell, was manufactured in March of 2019. Practically brand new!

For the price and feature set, I would DEFINITELY recommend this device for anyone looking for a capable VyOS host. I’m really tempted to try and source a thick version now so I can toss a 10 gigabit NIC in one and see how it performs.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *