How does the Edgerouter compare in performance to an Atom 2358/2558 based system? Especially interested in firewall performance using site-to-site VPN's.
On Mon, Sep 3, 2018 at 8:01 PM Jordan Geoghegan <jgeoghega...@gmail.com> wrote: > > On 09/03/18 16:17, Bogdan Kulbida wrote: > > Ladies and gentlemen, > > > > I need to build a pf OBSD firewall for a small office. What minimally > > feasible equipment would you recommend in order to achieve this goal? > > > > Thank you! > I've ran multiple office networks on octeon devices. I've found the > Edgerouter and Edgerouter Pro to be quite performant. The Edgerouter Pro > can easily handle a 100/100 connection or even a 250/250 connection. I > like them because they're free of any spectre / fpu bugs as they use an > in-order CPU. OpenBSD also supports hw accelerated IPsec on them. I've > used them to run DHCP and DNS servers, used them heavily as jump > hosts/proxies and also ran my unbound-adblock and pf-badhost scripts; > with over 100,000 domains and IP/CIDR blocks being filtered while > pushing dozens of terrabytes in network traffic through them each month, > they've proven to be rock solid. If you have modest needs, then an > Edgerouter lite should suffice. > > Keep in mind, these are just my personal opinions, and I am biased. I > can't stand the thought of having an x86 machine exposed on the open > internet, much less trusting it to secure and segment my network. With > spooky management engine shenanigans and hardware bugs abound, I'm just > not interested in putting my faith in x86 again. Too much emotion, too > much garbage. > > Cheers, > Jordan >
