Neat guide but I'd much rather see a guide on how to set up a cost-effective 10Gbps WAN to LAN throughput router/gateway with NAT.<p>Those of us building our own routers (I've done so since about 2006 when I got 1Gbps fibre installed for the first time) usually have a quite large cross-section with people on bleeding edge internet connections, and with (pro-)consumer 10Gbps internet and networking becoming more and more common a router capable of such is also more relevant. I see very little information about what's the minimal/cost effective hardware requirements capable of routing with NAT at wirespeed for these applications. Most of the content I read is either geared towards slower speeds (e.g. 1Gbps) or using overly beefy machines which are both power hungry and most likely overkill for the purpose.<p>Something that would be interesting to see as well is high speed NAT routing performance comparison between Linux, NetBSD, OpenBSD and FreeBSD using Intel or other well supported 10Gbps nics.
Neat!<p>I already have an OpenBSD firewall running on a PC Engines APU 2. Despite this, I still learned a few things from this guide (namely that urpf-failed already handles antispoof and that scrub shouldn't just be littered without any consideration).<p>I was actually impressed at how well things perform despite the BKL of OpenBSD. I have only a 350Mbps down 35Mbps up connection and OpenBSD is nowhere near being a bottleneck.
My favourite is currently NixOS for a router, entire configuration (system packages, version, firewall rules, interfaces, VLANs, etc) is declarative and can be deployed with automatic rollbacks in the event of misconfiguration.
I spent some time a while back using this guide, along with some ansible to setup a home router. I ended up putting it on the back burner for a few reasons.<p>1) DNS reflection was an issue for some internal services I host.
2) Connecting to my Virgin Media (uk) router and handling PPPoE was confusing and I struggled with the documentation.
3) Just in general, having an internet connection is really importaint to troubleshooting problems. Having my internet down while trying to fix things was just too inconvenient for me.<p>In the end, I went back to PfSense. I have a bash script that backs up the config daily to s3. Was good enough to recover from a different issue recently. It's a real shame, I'd love to do this all my self but I may never pick this project back up.
OpenBSD on the APU2 has been the most reliable, solid, and lowest maintenance router I have ever owned. The thing never needs to be restarted, never hiccups, and just is really rock solid. Highly recommend, just wish there was a good wireless AP solution too.
Anyone know similar up-to-date comprehensive guide for Linux?<p>This book by Tony Mancill used to be an excellent guide for Linux routers but now after 20 years it is already obselete [1].<p>[1]<a href="https://www.amazon.com/Linux-Routers-Primer-Network-Administrators/dp/0130090263" rel="nofollow">https://www.amazon.com/Linux-Routers-Primer-Network-Administ...</a>
Is OpenBSD still largely single-threaded or have there been SMP improvements in the network stack over the years?
The feature set OpenBSD has is impressive, but is there a large gap in networking perf compared to Linux/FreeBSD?
Building a OpenBSD router has always been one of those projects in the back of my head but just never had the time. I plan on upgrading my home network in the next year and am considering MikroTik / RouterOS or a Ubiquity router. Anyone have experience with any of those and a custom OpenBSD build? What would be the advantage of going OpenBSD and is it worth it for your setup?