I've currently a Unifi USG at home with my 1gbps symmetric connection.
Generally it's pretty good.
However a recent software update has completely broken IPv6 prefix delegation.
So I've been thinking of replacing it with a more open router.
I've seen pfsense is popular, but OpenWRT also seems to be quite active and Linux based which I'm more familiar with. But also for smaller less power hungry machines.
My use case is a router so I don't need cores or ram, but rather being able to meet the network throughput for a low power consumption.
Is there anything that bits the bill?
Preferably something that was released recently to ensure software updates will be easy on it.
Does the AMD Jaguar GX-412TC SOC really handle full Gigabit with non-trivial rules and/or SQM? Also the 6W is the minimum, it goes up to 10 under load.
I've applied all of the tweaks and I haven't ever seen it sustain anywhere near 1 Gigabit on a single connection. That's using both a datacenter iperf3 instance and sites like speedtest.net.
Multiple connections can easily breach 1 Gigabit though.
I’ve been using APU2 systems for several years. It can handle gigabit if you’re using Linux and your ISP doesn’t use PPPoE. On PPPoE it tops out around 500mbps for download and 800mbps for upload.
But if you're comparing with products from Ubiquiti (especially the Unifi line) you're probably going to see similar performance anyway. I switched to a APU2 as my home router two years ago, and I've been very happy with it. Doesn't seem to break a sweat handling a gigabit connection in a typical home setting, running VyOS. I'd probably think about something more powerful in an office or data center.
I've ran pfSense on older ALIX and the APU boards. On the APU I sadly got nowhere close to my symmetric gigabit speeds. I'm not that knowledgeable on network stacks but from what I heard it's probably BSDs network stack that doesn't cut it on that hardware.
I've read that MikroTik's RouterOS delivers significantly more performance on an APU Board but I've not tried that yet (but plan to).
The H2, with a Gemini Lake Refresh CPU, is certainly much faster than the APU2 which somebody suggested and also much faster than any cheap ARM device that uses old ARM cores like Cortex-A72 or Cortex-A73.
I think that H2 is a good choice for a router/firewall, it is faster than anything in that price range, it is silent with passive cooling and the power consumption in normal use is much less than 10 W.
Being a standard PC, any Linux distribution, as well as FreeBSD, Windows or any other OS can be installed without problems.
I have used in the past a few older ODROID models and I have been content with them.
To be frank current versions of PfSense have been nothing but disappointing since the recent parent acquisition of PfSense. I got frustrated enough with errant problems that I just bought a proper enterprise grade router. Never looked back.
I tried OPNsense as well, but I'm getting to a point in life where I'm okay spending money to not become my own devops guy when I don't have to. Running a Saas company as a side gig will do that to you ;)
Since I run a lot of 10G fiber and use proper 10G switches (none of this Ubiquiti garbage) layer 3 routing from the router itself was an absolute must. I decided on the PaloAlto Networks PA-220 https://www.paloguard.com/Firewall-PA-220.asp .
Yes, I know - it's expensive. However, their support is fantastic and my employer agreed to pay for a portion of the licensing since I mostly require this for WFH. Zero issues, passive cooling, top notch security and this thing just freaking purrs.
This is likely off-topic but I am looking hard at having home 10Gbps network and I struggle to find noise-less switches that allow copper 10Gbps links. I am okay with buying one fanless Mikrotik 10Gbps switch with SFP cages and buy adapters but I am open to other ideas.
Can you recommend quiet 10Gbps switches that support copper links?
Copper links in the form of ethernet 10g base t or copper links as direct attach sfp+ cables? 10g base t ethernet uses quite a bit more power, so those switches are usually always loud. Also, 10g base t tranceivers when used long term can actually damage sfp+ switches and cost wise they make absolutely zero sense.
To be frank, in the long run if you plan to make any changes to your setup, buying transceivers from FS.com and fiber cables (even armored fiber) for that matter is about the same price as copper direct attach cables. Also much easier to cable manage and they can be used with cable lengths from 0.2m to 400m in most cases.
It's kind of loud but I keep my hardware in a closet and to be honest, enterprise hardware like this makes heat and needs fans for a good reason haha.
If you're looking for a more consumer entry and don't care about L3 routing Ubiquiti actually makes one hell of a damn good sfp+ "switch" for the money -> https://www.ui.com/unifi-switching/unifi-switch-16-xg/ and again - cannot recommend FS.com enough for their service and quality products. Even if it was a little weird that their sales rep immediately added me on LinkedIn?
Sadly I don't have enough free space currently so I have to bet on fanless tech (but I do enjoy it).
I meant normal Cat6 Ethernet 10Gbase-T cables, yep. If not, I can indeed buy a fanless Mikrotik switch with SFP+ cages and just buy 8-10 adapters from SFP+ to 10Gbase-T, I suppose.
Bookmarking your link, definitely will look into that switch when I have the proper closet space for server tech.
No worries! Keep in mind that sfp+ transceivers are "branded" - in that you have to buy the right sfp+ transceiver to match the brand of switch or interface you're using. For instance, intel NIC's generally require intel "marked" transceivers etc. They last a damn long time though. Those small MikroTik switches are also awesome!
Is that true of the ubiquity? I didn't think they required branded SFPs, they don't on some of their other hardware.
Similarly for mikrotik.
I usually find that companies with "licensable" features on their hardware are the ones locking their SFPs to their switches/etc in an effort to enforce what is basically a port license (aka buy our $80 SFPs instead of the generic ones we are rebranding so we can make $ on your port usage vs just adding a $$$/port license fee).
I haven't started redoing my home network in 10Gbps yet but after scanning forums for a few weeks (back in the summer), I've seen many people say that Mikrotik switches work without any issue with several non-Mikrotik DACs (not sure I'm remembering the abbreviation well but it's a small device that converts from SFP+ to 10Gbase-T Ethernet cable).
There are devices out there to rebrand a transceiver. Probably not worth it for home use, but my employer has one of these, so maybe ask around if you could get wrongly branded ones for cheap.
Another popular low-cost option is to run pfSense on an old thin client. The ideal hardware is something like the HP T610+ or T620+, which even have a PCIe slot for you to add a secondary ethernet interface if you don't want to get a VLAN switch and have to do a router-on-a-stick configuration. The form factor is nice because it's quiet, a lot smaller than a full PC, it's set up for wall/VESA mounting, and you don't need to muck about with buying specialty cases as you do for MiniITX motherboards or other SBCs.
Anyway, predictably these things are being constantly cycled out and can typically be had on ebay for $100-200.
$150 (roughly the cost of APU2+case+power brick+16GB SSD) for a t620 would be daylight robbery. I got the non-plus variant on the secondary market for $30 delivered and it works very well, uses roughly the same CPU as APU2 as well (4-core AMD Jaguar derivative, AES-NI & AVX extensions). Power usage is 6W idle (headless), 12W full-load. UEFI is basic but functional, I can boot Linux straight from the EFI boot entry.
t620 Plus has a PCIe riser so would be better suited for a network gateway.
The Wyse equivalents from that era would be Zx0Q/Dx0Q series although I don't think they had a PCIe version.
Another interesting option is something like Fujitsu Futro S9010/S940 (4-core Goldmont, you get SHA ISA extensions which is nice), has a PCIe riser as well, but there are fewer of these on the secondary market.
Yes, but it also super compact, draws very little power and it has multiple network interfaces. It's also fanless, which makes it ideal for long running set-up-and-forget scenarios that home routers typically are.
GX-420CA also has a GPU which GX-412TC lacks. In headless operation the difference would not be that much. For reference, I have a t620 with GX-415GA (TDP 15W) which draws 12W at the wall in a CPU load scenario.
Generally it's pretty good. However a recent software update has completely broken IPv6 prefix delegation.
So I've been thinking of replacing it with a more open router.
I've seen pfsense is popular, but OpenWRT also seems to be quite active and Linux based which I'm more familiar with. But also for smaller less power hungry machines.
My use case is a router so I don't need cores or ram, but rather being able to meet the network throughput for a low power consumption.
Is there anything that bits the bill? Preferably something that was released recently to ensure software updates will be easy on it.
Would the H2 work?