Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
louwrentius 9 hours ago

A CPU from the last 20 years can route traffic at gigabit speed. It's only something to worry about for a Raspberry Pi3 or something similarly 'crippled'.

colinb 9 hours ago | parent [-]

I think I understand why this is true for plain IP forwarding. There isn’t much to break the cache and the lookups are few and fast.

What’s the cheapest (new) computer that can drive a 1Gb port with NAT? With a busy encrypted (wireguard?) connection?

[I don’t think qos has a lot of use in the domestic environment; sure, someone here does it but I think it’s much less mainstream than the features I already mentioned. ]

Such a device could drive my home. But in a couple of years I suspect I’ll want 2Gb or 10.

In the past I’ve tended to use a device until its crappy power supply failed. So I guess I’m hoping for a >5 year life span/upgrade capacity.

For all I know the answer to my question is one of those passively cooled four port n100 bricks from AliExpress. Anecdata happily accepted.

toast0 8 hours ago | parent | next [-]

> What’s the cheapest (new) computer that can drive a 1Gb port with NAT?

What's the cheapest new computer you can find? That will work. If you have PPPoE, you need to be a bit more careful; depending on your OS and NICs, it's possible for inbound traffic to only use one core; low power laptop cpu may not have enough throughput from a single cpu, but my information is a little dated.

I did 1G NAT on a dual core haswell [1] for a long time.

[1] https://www.intel.com/content/www/us/en/products/sku/82723/i...

sophacles 2 hours ago | parent | prev | next [-]

I can drive 2+ Gbps vrfs, nats, ipsec, complex firewall rules and several routing tables through an Atom C3558. This is just using stock linux kernel networking. There are other services running on that box too.

Depending on details, it can go higher (e.g. without the ipsec being handled on the atom box, and using the 10G ports built into the chip, offload becomes helpful for TCP and UDP flows).

This is traffic in one 10G port and out the other, in this case. Multiport flows were not tested since they were out of spec for the use case.

This is not a one off - this is a product I built and has been tested in many deployment scenarios. (I can't provide more details due to employment reasons, and I won't name the employer)

lstodd 8 hours ago | parent | prev [-]

Wireguard adds nothing unless you'd want to terminate it on the router. In which case it adds so very little it's unnoticeable.

About any n100 will do. Question is in their reliability which mostly comes down to power regulation components quality. Not performance.

One of my installs runs on a repurposed old android phone. Which has about 100 times CPU capacity of the router I write this through, and that one being cheap tplink shit still terminates wireguard at link speed which is 100Mbps. You don't need fancy gear for routing. And you don't usually need gigabit uplink because speed is limited way upstream.

But if you want "the right gear and damn the price" go get a Microtik. They are very good.