| ▲ | ata_aman 12 hours ago |
| Wouldn’t all traffic be routed through the OS/processor on board? |
|
| ▲ | louwrentius 12 hours ago | parent | next [-] |
| A CPU from the last 20 years can route traffic at gigabit speed. It's only something to worry about for a Raspberry Pi3 or something similarly 'crippled'. |
| |
| ▲ | colinb 12 hours ago | parent [-] | | I think I understand why this is true for plain IP forwarding. There isn’t much to break the cache and the lookups are few and fast. What’s the cheapest (new) computer that can drive a 1Gb port with NAT? With a busy encrypted (wireguard?) connection? [I don’t think qos has a lot of use in the domestic environment; sure, someone here does it but I think it’s much less mainstream than the features I already mentioned. ] Such a device could drive my home. But in a couple of years I suspect I’ll want 2Gb or 10. In the past I’ve tended to use a device until its crappy power supply failed. So I guess I’m hoping for a >5 year life span/upgrade capacity. For all I know the answer to my question is one of those passively cooled four port n100 bricks from AliExpress. Anecdata happily accepted. | | |
| ▲ | toast0 11 hours ago | parent | next [-] | | > What’s the cheapest (new) computer that can drive a 1Gb port with NAT? What's the cheapest new computer you can find? That will work. If you have PPPoE, you need to be a bit more careful; depending on your OS and NICs, it's possible for inbound traffic to only use one core; low power laptop cpu may not have enough throughput from a single cpu, but my information is a little dated. I did 1G NAT on a dual core haswell [1] for a long time. [1] https://www.intel.com/content/www/us/en/products/sku/82723/i... | |
| ▲ | sophacles 5 hours ago | parent | prev | next [-] | | I can drive 2+ Gbps vrfs, nats, ipsec, complex firewall rules and several routing tables through an Atom C3558. This is just using stock linux kernel networking. There are other services running on that box too. Depending on details, it can go higher (e.g. without the ipsec being handled on the atom box, and using the 10G ports built into the chip, offload becomes helpful for TCP and UDP flows). This is traffic in one 10G port and out the other, in this case.
Multiport flows were not tested since they were out of spec for the use case. This is not a one off - this is a product I built and has been tested in many deployment scenarios. (I can't provide more details due to employment reasons, and I won't name the employer) | |
| ▲ | lstodd 11 hours ago | parent | prev [-] | | Wireguard adds nothing unless you'd want to terminate it on the router. In which case it adds so very little it's unnoticeable. About any n100 will do. Question is in their reliability which mostly comes down to power regulation components quality. Not performance. One of my installs runs on a repurposed old android phone. Which has about 100 times CPU capacity of the router I write this through, and that one being cheap tplink shit still terminates wireguard at link speed which is 100Mbps. You don't need fancy gear for routing. And you don't usually need gigabit uplink because speed is limited way upstream. But if you want "the right gear and damn the price" go get a Microtik. They are very good. |
|
|
|
| ▲ | estimator7292 12 hours ago | parent | prev | next [-] |
| You'd be shocked to find out how old and weak the CPU in your current router is. Typically they're on par with low end desktop CPUs from 10-15 years ago. |
| |
| ▲ | ata_aman 12 hours ago | parent | next [-] | | I assume the real router OS is extremely neutered to basically only route traffic and filter inbound with everything else being removed? But yeah I can definitely see that. | |
| ▲ | tuetuopay 11 hours ago | parent | prev [-] | | Except actual routers don't handle the traffic on the CPU, they have dedicated hardware to actually handle the packets. The CPU basically runs the OS, configures the hardware router, and does housekeeping tasks (e.g. ARP or FDB expirations, NAT cleanup, etc). The only packets that ever reach it are "trap to CPU" situations that don't require acceleration as those are rare or expensive to implement in hardware (e.g. better suited to a CPU). Those usually include management protocols (ICMP, ARP, NDP, STP, etc) or packets with unknown destination (e.g. the first packet to an IP that requires ARP resolution). That's how you can have multi-Gbps on a router with a 200MHz MIPS CPU. Or Tbps on a router with a quad-core Xeon. | | |
|
|
| ▲ | gsck 12 hours ago | parent | prev [-] |
| Wait until you hear about CAPWAP! |
