LanGuardian - A Brief History


The LanGuardian, as noted elsewhere, had two distinct hardware generations. The second generation unit is more interesting, and is described here. One of the primary reasons that the second generation hardware is more interestings is that the production run of the second generation hardware was much larger than the first generation hardware.

The LanGuardian has a Motorola 68LC040, operating at 33Mhz as the main CPU. It also has two ethernet ports (based around the Intel 82596CA ethernet controller chip), two T1 speed synchronous serial ports (based on a Hitachi HD64570, Serial Communications Adapter), an internal SCSI controller (built around a NCR 710 scsi controller), a floppy disk controller, two async serial ports (16450 compatible), a parallel port (all integrated on a single SMC FDC37C661 Super I/O controller chip) and a large number of software controlled LEDs. (Lots of blinking lights!)

It also has an onboard CEI SuperCrypt chip, which can do both DES and 3DES encryption in hardware, rather quickly. Finally, it has a couple of custom FPGA chips to ``wire'' it all together. There is a solder pad area on the motherboard for an IBM manufactured compression chip as well. But, the compression chip was never integrated into the final design and as far as I know, none of the machines ever produced had a chip socket attached to the solder pads, nor a compression chip installed on those solder pads.

The SCSI controller, the ethernet controller(s), the synchronous serial controller all have internal DMA controllers, so they can all move data into and out of main memory using DMA, without involving the main CPU. (The first generation LanGuardian had an additional Motorola DMA controller on the motherboard and could run the parallel printer port, the serial ports and the floppy completely via DMA as well. Cranking up all the I/O devices at once only required a few percent of the CPU to keep all the DMA transfers flowing through the machine on the original motherboard.)

In summary, the hardware absolutely rocks, taking its age into consideration.

The software that ran on the machine is a weird mixture of BSD/OS v1.1 and RTMX. The original LanGuardian hardware ran a port of BSD/OS v1.0. This port was later updated to BSD/OS v1.1 when that became available. The updated version of the operating system was extended to run on both the first and second generation hardware.

Basically the lower half of the kernel was a mixture of the BSD/OS device drivers (ported to run on the Motorola processor, instead of the Intel processor), and some of the RTMX device drivers. The upper half of the kernel was BSD/OS v1.1, through and through. Finally, there was some additional RTMX glue code to allow a process to map some of the hardware devices into user space. (I guess mmap() operations were too new for RTMX to have proper support for them.)

The user code that actually implemented the VPN functionality never got the development resources it really needed to be a ``best of breed'' product. The software was functional, it worked reliably, but it wasn't really what could be called ``pretty''. This was a shame, in that the user software was cobbled together over a very short period of time, whereas the hardware was slaved over for a much longer time frame. Having better user software would have made this a much better solution. No doubt, more of these units would have been sold too.

UUNET sold this as a VPN solution, before VPN was an industry buzzword. Too bad. The LanGuardian was great hardware, in its heyday.

The LanGuardian was first publically shown at the Internet World show in the spring of 1994. I think what was on display there was a real, hand-soldered, functional, version of the first generation motherboard. There was no case around it, but rather clear plexiglass covers over the top and bottom, held in place with some standoffs. This was done so that people could get up close and stare at the motherboard, without putting their fingers all over it.

The product was officially announced at some point in 1995 -- the press release seems to have disappeared from the world. Oh well. I'm pretty sure the second generation hardware dates from late 1995. UUNET officially killed this product in mid-1998, rather than having to go through a Year 2000 validation of the product and it's software.

Last Updated: $Date: 2003/08/07 22:57:07 $