Hello all,
My old companion, OpenBSD router/firewall (Intel Atom based and 5
Gigabit Intel network interfaces) died 2 weeks ago ... (Really think
motherbord is dead :( ).
I temporary replaced it by an unused old workstation based on AMD64x2
processor, 4GB Ram, and with a (unique) Realtek Gigabit card (I use vlan
for routing).
Installed it with OpenBSD 5.9 amd64, and works pretty well, but seems to
be difficult for this hardware to handle load.
So I try to get a better hardware.
Context :
Optic fiber with 200Mbits/s DL, 50Mbits/s UL came to home this week
(Tuesday) replacing 2 DSL connections.
(that I keep for now : network throughput is somewhat ridiculous
compared to Optic fiber, but stability is really great : being an
homeworker, Internet uptime is a prime goal, despite the throughput).
About 20 VLAN to handle ... and for most of them, PF rules apply.
Compared to delivered "router" from ISP (SFR in France, "NB6V box" for
those who know this provider), this temporary "router" seems to lack of
CPU/network interrupts while downloading at high speed (above 10
MBytes/s) on WAN.
ping on other hosts drastically increases (+50~200ms based from 4~10 ms
when link is not heavily used) while OpenBSD tries to route/firewall/nat
the WAN traffic.
I already used Routerboards/RouterOS for several customers : works
pretty great while using high throughput Internet connections.
Customer's need is achieved for all cases, but the inside RouterOS
doesn't feat my needs. (IPv6 policy based routing, and IPv6 NPT for
instance).
About hardware :
RB2011 (XXX) or RB3011 (XXX) can, I think, match my needs.
About software :
OpenBSD stands out for a while for being my privileged OS for a
router/firewall, and clearly feats my needs while it's simple to handle
some particular cases ... (compared to a Linux based router for instance).
Is there any one who tried this hardware/software association (excepting
the RB600A/soppc) ?
If not, what's the best hardware you know to operate an OpenBSD router
with high throughput networks and many (about 450~500, including
bridge/tag rules) PF rules ?
Best CPU, best known network driver (handling inside hardware
implementations), and so on ...
Thanks for reading :) .
Christophe.
