I first stumbled on AstLinux in 2008.  Sixteen years later I am still using
it as my router, firewall and land-line phone system in my house.  Who
would have thought.  I love that I have full control and can add features
that improve how it works for me.

I'm writing this because I confess there are times when I think I should
use something more mainstream... maybe I should separate the
router/firewall from the phone system (which over the years has become less
and less important).  E.g. maybe I should just go with one of Unifi's
gateways.  Or use pfSense or OPNSense and a separate FreePBX or Asterisk.
But every time I look at it, I land back at AstLinux.

My home network is non-trivial.  I have a mix of 1Gbps, 2.5Gbps and 10Gbps
attached systems.  I have a proliferation of IoT devices on multiple VLANs,
I have Raspberry Pi's, A humongous NAS, and a Proxmox server on which I
have dozen+ containers and multiple VMs... one of which is AstLinux at the
center of it all.  A few months ago fiber-based internet finally arrived,
so multi-gig internet is now possible for me.  I started looking for a
system with 10Gbps NBase-T or SFP+ ports that could become my Proxmox
server.  I have not bought anything yet (because I don't *really* need it)
but it got me looking again at pfSense/OPNSense and I've again discovered
how good AstLinux is.

The core issue for those is that they are based on FreeBSD, and it has very
poor network support when running as a guest VM.  The maximum throughput on
a VirtIO network (to a Proxmox hosted Linux container or VM) is 2-3Gbps.
Which may sound okay, but is in fact lousy... AstLinux can achieve 10x
that, comfortably 25Gbps.  AstLinux can route between two subnets
(different VLANs) at >10Gbps... and may be able to do better if I separate
the VLANs into different interfaces (rather than VLAN tags on the same
interface).  I could pass through the SFP+ PCI h/w to FreeBSD, but then the
rest of my containers and VMs need to route through that to my network...
and run into the VirtIO limitation.  SFP+ devices support SR-IOV that
virtualizes the network device at the h/w layer... but no one appears to
have got that working with FreeBSD guests on Proxmox (whereas it works fine
with Linux).

Which left me looking for a Linux-based router/firewall of which only
OpenWRT comes close to being mainstream, but again it isn't a good fit
either... it's really intended to run directly on the h/w.  Support for VM
guest or even running in a container exists, but on investigation I
concluded it may be okay for dev/test, but really not for production (main
issue is how updates would be applied).

So... AstLinux turns out to be (in my opinion) best-of-breed.  It's a shame
that it is not more widely known.  Now it's not perfect... I would love it
if my enhancements were merged into the mainline, but that aside there are
a few things I would really like to see done...

1) Bring our build environment up-to-date with buildroot, so it is much
easier to keep in sync with updates contributed from the wider user base
that has.

2) Add a package manager (is that even possible with buildroot).

3) Modernize the user interface

Of course, that is a very large project for which none of us have the
time.  But some of the design decisions / constraints that applied to
AstLinux 16 years ago are really not relevant any more.

So there you have it... sixteen years in and AstLinux still rules for me.

David.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to