> On 24 Aug 2024, at 10:23, jslee <openbsd.li...@internetemails.net> wrote:
>
> Hi,
>
> On Sat, 24 Aug 2024, at 09:15, Anders Andersson wrote:
>> I bought an 85 year old house in the woods, and apparently I can get 10
>> Gbit/s there. My good old APU4 firewall is barely keeping up with 100 Mbit/s
>> so I need to look for an alternative.
>
> It won't do 10Gbps but you should be able to do significantly better than
> 100Mbps
>
> My APU4C4 seems to have no trouble routing/filtering things at up to 450Mbps,
> plus hosting unbound+nsd. Not doing any IPSec/Wireguard. I don't know what
> its true limits are as I suspect I'm limited by my wifi APs.
Forwarding wise it can go quite far, at least with VPP where one is dedicating
cores to just packet forwarding:
https://ipng.ch/s/articles/2021/07/19/review-pcengines-apu6-with-sfp/
But indeed, they are getting a bit old unfortunately (the two I run are at
limit too often enough).
> What else are you running on it?
>
>> My goal is an OpenBSD firewall/router that can do the packet filtering and
>> some VLAN and routing without having to worry about adding too much. I've
>> never dealt with anything faster than gigabit, is there a "best" 10 gigabit
>> chipset for OpenBSD that supports all the hardware offloading features and
>> whatever multi-process functionality is already implemented?
>>
>> Something small and stand-alone would be nice, with 3-4 ports.
>
> It's unfortunate but it seems there's not really an obvious compelling
> APU2/3/4 replacement out there that ticks all the same boxes (well
> documented/supported, serial console, fanless, small, good ethernet chipset,
> can use NVMe storage) *and also avoids ticking the unwanted boxes*.
The market is getting better, many articles about decent boxes can be found on
https://www.servethehome.com <https://www.servethehome.com/> where many folks
are on the SFF bandwagon: buy a second hand previous-office-desktop machine in
Small Form Factor (SFF) that tends to be cheap and have decent grunt.
For the 'remote access' part, many do have serial, but indeed not BIOS access
or mounting of cd/usb etc, thus for that case one could add a PiKVM/NanoKVM to
get access to them. And many have the integrated Intel management tools (which
one might find scary :) )
Pim (from above) also reviewed some newer hosts recently that can be
interesting:
https://ipng.ch/s/articles/2024/08/03/review-gowin-1u-2x25g-alder-lake-n305/
https://ipng.ch/s/articles/2024/07/05/review-r86s-jasper-lake-n6005/
with a few others in the articles on https://ipng.ch/s/articles/
Yes, he focusses on VPP performance, but even with OpenBSD on them you will be
able to get close to it, it is mostly about finding hardware.
Another few articles to look at in the 10G+ space:
https://michael.stapelberg.ch/posts/2021-07-10-linux-25gbit-internet-router-pc-build/
https://michael.stapelberg.ch/posts/2021-05-16-home-network-fiber-10-gbits-upgrade/
Yep, again Linux focussed, but OpenBSD should not be much too off on similar
hardware.
Greets,
Jeroen
