On Wed, Sep 28, 2022 at 11:05:35AM +0300, Kapetanakis Giannis wrote: > Hi, > > Looking for upgrading our firewall/router and thinking about switching > from Xeon to EPYC (73F3 - 16C @ 3.5 GHz). > > Anyone running on EPYC? Any problems? > > Alternative would be something like dual Intel Xeon Gold 5315Y - 8C @ 3.20
Note that hyperthreading (SMT) is disabled by default on OpenBSD. The EPYC Embedded 3201 (8-core) and 3101 (4-core) don't have SMT, so you won't pay a premium if you choose to not use SMT. The base clocks are lower on those models, but so are their TDP ratings. If you're not running any application proxies, the 3101 is probably more than enough. The base clock is higher than the 3201 so might even perform better as PF isn't (yet?) multithreaded. I can't confirm from experience, yet, as I put together a 3201 a few years ago to upgrade my main OpenBSD server (Xeon E3-1220 v3) but haven't yet gotten around to swapping it out. For firewalls I still use PC Engines APUs. The APUs are indisputably under powered (they can't crack 100Mb/s for IPSec), but plenty of us still get by with them. Any EPYC- or Xeon-class chip would blow them away and be more than enough for a router, firewall, and VPN gateway, at least up to 1Gb/s and likely much higher.
