I have a firewalla purple. it’s idiot mode networking and I love it, but I have never been too thrilled with it’s cloud shit and really don’t to rely on it as my only option right now.
A while back I tried spinning up a VM with opnsense and never got good performance off my home ryzen server. I tried multiple NICs and even bare metal installs and while bare metal was a little more performant, it was never able to reach gigabit on WAN. the firewalla falls just a hair short of gigabit WAN but its still way ahead of my more muscular server. I notice the CPU load spikes high. it seems nothing I do can bring down that CPU load for opnsense. openwrt performed a bit better but still never hit gigabit speeds and was still below the firewalla’s performance. bare metal was again a bit better but still not matching the firewalla.
The firewalla is a heavily optimized amlogic based pi. it’s not special. but it works right and my crap doesnt. I have other SBCs I can use if folding into the home server as a VM just isnt practical but the server is always on anyway and already has extra resources I can throw into this so I’d like to just throw it all in there, snapshot a working config and be done with it if I can.
I walked away from this a while back thinking I would have a fix if I took a break and came back to it later but I’m still stumped. How are other people doing this?
Damn sure seems special. WOW! What features are/were you running on Opnsense?
I looked for specs on the Firewalla Purple. However, to compare, I’m running pFsense on an Intel Celeron CPU J3160 @ 1.60GHz/4 core/32gb RAM with pfblockerng, suricata, ntopng, and Tailscale, unbound, with customized and publicly available DNSBL lists.
Load average 0.80, 0.51, 0.45
As @frongt@lemmy.zip said, the more ‘things’ you have running, the more load, and 800 Mbps is about what I can do even with a gigabit connection and CAT6 pulled for every connection. If I were try to run huge generic block lists, I will start peeking, which is why I run mostly slimmed down, targeted, custom lists. When you stop and think about it, the amount of list checking, resolving, etc, it’s really pretty amazing.
I tried a while back to see if I could better the 800 Mbps, but nothing produced any thing much higher than the standard 800 Mbps which frustrated me. I just finally accepted the fact that getting as close to a gigabit connection would be the best I could do with what I’ve got. Being the type of person I am, I was rather verklempt I couldn’t squeeze that extra 200 Mbps.