My internet connection is getting upgraded to 10 Gbit next week. I’m going to start out with the rental router from the ISP, but my goal is to replace it with a home-built router since I host a bunch of stuff and want to separate my out home Wi-Fi, etc onto VLANs. I’m currently using the good old Ubiquiti USG4. I don’t need anything fancy like high-speed VPN tunnels (just enough to run SSH though), just routing IPv6 and IPv4 tunneling (MAP-E with a static IP) as the new connection is IPv6 native.
After doing a bit of research the Lenovo ThinkCenter M720q has caught my eye. There are tons of them available locally and people online seem to have good luck using them for router duties.
The one thing I have not figured out is what CPU option I should go for? There’s the Celeron G4900T (2 core), Core i3 8100T (4 core), and Core i5 (6 core). The former two are pretty close in price but the latter costs twice as much as anything else.
Doing research I get really conflicting results, with half of people saying that just routing IP even 10 Gbit is a piece of cake for any decently modern CPU and others saying they experienced bottlenecks.
I’ve also seen comments mentioning that the BSD-based routing platforms like pfSense are worse for performance than Linux-based ones like OpenWRT due to the lack of multi-threading in the former, I don’t know if this is true.
Does anyone here have any experience routing 10 Gbit on commodity hardware and can share their experiences?
You must log in or # to comment.
Here are some results if anyone comes across this thread in the future.
The baseline result I need to achieve is a speedtest result of 7.5 Gbit that the ISP’s rental router gives me.
I ended up picking up:
- Lenovo ThinkCentre Tiny M720q, Core i3 8100T, 8 GB RAM ($70)
- Huawei SP310 (Intel X520-DA2/82599) dual 10 Gbit NIC ($20)
- 16x PCIe riser + Network Card Bracket ($20)
Initially I installed pfSense. I ran iperf3 to just get an initial sanity check that the PCIe card/wiring was working right but was getting results between 3-7 Gbit with the CPU pegging at 50%. Some quick googling returned results like “you can’t run iperf on pfSense!” and “pfSense isn’t a router, why do people keep using it as a router, it’s a firewall!”, so I decided to switch to OpenWRT since the Linux side of things always seems to make more sense.
On OpenWRT, iperf easily hit 9 Gbit with like the CPU at 95% idle.
It took like 2 hours to configure the weird IPIP6 tunnel my ISP uses for IPv4, but once it was set up, the machine has no trouble routing the same 7.5 Gbit speedtest the ISP router managed, with the CPU usage at 78% idle (the remainder in “sirq”)
Power consumption:
- ISP router draws a solid 16W both when it’s idle and when there is 7.5 Gbit of traffic
- The M720q draws 16W when idle and up to 29W when there is 7.5Gbit of traffic. This is with two copper SFP+
- This is without tweaking any power saving options in BIOS etc
I am saddened to see that this thread had no mention of how many horses it takes to run a router. What do y’all think? Would one be enough? It would need to work in shifts to keep up time at 100%. Maybe 3 to be safe?
We also need to consider the practical aspects. Who mucks after the horses? Who feeds them? Do we need a stall? Does it need to be air conditioned in the summer/winter?
If you connect via 10gbit PCIe extension cards it is often a question of how many PCIe channels the CPU has and if the mainboard you are using has these connected directly to the CPU or needs to pass them through the mainboard chipset which is much slower.
These ThinkCenter M720q machines I’m looking at all seem to have a single PCIe 3.0 8x card slot, regardless of the CPU, and that seems to be all that the Mellanox ConnectX cards need according to their spec sheets, so hopefully that is good.
Core i3 is fine, celeron can route, but you don’t have as much headroom, or room for firewall rules, etc. Recommend Intel x520 or mellanox cx3 or newer, though the cx2 is perfectly fine.
The bs about bsd being slower is maybe 15 years old at best?
Bsd is a monster for routing.
Run 25gbe routing, still can get by on your 4 core, but I throw some serious xeons at it anyway.
Thanks for the Intel x520 recommendation, those are looking like a much better deal right now than the Mellanox cards I was looking at.
Glad to hear it about the BSD networking!
I’m still trying to avoid the Xeons for power consumption reasons, hehe, although it would be a lot more fun for sure!
Your uplink capabilities are way different than your actuality. Get the service first, do some measurements, then start planning.
Yeah I’m not ordering anything until I have the connection up and running, which is why I opted to rent the ISP router to begin with, but looking at results online that others on the same ISP have posted, I can probably expect up to around 7 Gbit real-world so I’ve been thinking that I will at least want something better than the standard 1 Gbit or even 2.5 Gbit stuff out there, hence why I’m trying to research what the hardware requirements actually are!
I don’t know the answer, but I do know I’d at least start off looking for hardware with a dedicated ASIC for routing, not general-purpose PC hardware doing routing with the CPU.
The problem is that it all looks really $$$, even on the used market
many people just buy junk like this https://www.amazon.com/Mikrotik-Router-Switch-CRS305-CRS305-1G-4S/dp/B08437RDM1 it’s cheaper in the long run.
You will need a good 10Gb nic, I have been using Intel nic’s if you use a Intrusion Prevention System that can eat away at the CPU, also more RAM helps like 8GB’s or more for IPS, I use 16GB’s for IPS + ZFS and a nice Switch can help a lot as it can do DNS and the works, more or less i use a firewall box to a Switch and use a Layer 3 Switch for routing, some can do 20+Gb’s routing.
I can only look at Mikrotik gear in jealousy since they don’t have a reseller here, so all that’s available are overpriced, un-warrantied gray imports…
