I have a firewalla purple. it’s idiot mode networking and I love it, but I have never been too thrilled with it’s cloud shit and really don’t to rely on it as my only option right now.
A while back I tried spinning up a VM with opnsense and never got good performance off my home ryzen server. I tried multiple NICs and even bare metal installs and while bare metal was a little more performant, it was never able to reach gigabit on WAN. the firewalla falls just a hair short of gigabit WAN but its still way ahead of my more muscular server. I notice the CPU load spikes high. it seems nothing I do can bring down that CPU load for opnsense. openwrt performed a bit better but still never hit gigabit speeds and was still below the firewalla’s performance. bare metal was again a bit better but still not matching the firewalla.
The firewalla is a heavily optimized amlogic based pi. it’s not special. but it works right and my crap doesnt. I have other SBCs I can use if folding into the home server as a VM just isnt practical but the server is always on anyway and already has extra resources I can throw into this so I’d like to just throw it all in there, snapshot a working config and be done with it if I can.
I walked away from this a while back thinking I would have a fix if I took a break and came back to it later but I’m still stumped. How are other people doing this?
What CPU? If it was hitting 100% then that was probably your bottleneck. It just couldn’t handle the packets that fast.
Also note that the more features you turn on (firewalling, routing, inspection, etc.) the more processing has to be done on each packet.
Also also note that due to network overhead, gigabit speed for a real-world download is about 800 Mbps.