How does the performance of OpenWrt compare to IPFire? Are there people here who have used both OSes on the same hardware? I am particularly interested in SQM with Cake.
Both should be about the same speed, since both are based on Linux (if the same features are used).
I am currently using IPFire 2.29 (x86_64) on a small x86_64 box (J3160) with Coreboot (similar to Protectli FW4B). When using Cake, my throughput is roughly halved (I have 600 down and 300 up). It would probably be no different with OpenWrt? The hardware is probably too weak.
But I'm also thinking of switching to OpenWrt for other reasons (e.g. VLANs).
The CPU cost of a qdisc like cake will not magically differ depending on the Linux flavor you run it under... my guess is simply that these cores are a bit on the weak side for 600/300... Maybe there is a bit tweaking that can help a bit but in the end, have a look at irqbalance and receive packet steering (which both should also work under non OpenWrt linux distributions...)
You can very reasonably boot OpenWrt from a USB stick on x86_64, without touching/ harming your installed system. So doing a realistic back to back comparison should be relatively easy.
Thanks for the info. I might even do that if I find the time.
Regardless of that, I will probably switch to OpenWrt, as IPFire lacks some features and options, such as VLANs. I'm also keen to try something new. I have OpenWrt running on two access points but have never really used it.
I would also like to buy new hardware. And with OpenWrt you have more options (probably BPI-R4 or maybe Nanopi R6S).
I did a few quick tests with IPFire. I do have IPS running, but I haven't been using it recently. Interesting that Suricata seems to use so little processing power on IPFire?
Something clearly is odd here (besides cake being a tad expensive CPU wise, which alas is expected). Could you please post the output of tc -s qdisc so I can see the cake configuration?
I am well aware that this is IPFire and not OpenWrt, but I am quite interested in understanding why you end up with ~250/90 Mbps with cake. (Unless this reflects your shaper settings, I would have expected 250/250 giving that even 250 is well below your true upload limit of 300 Mbps).
That at least implies that cake is doing what it is intended to do, so hurray...
Thanks, that looks complicated... so they likely create a HTB tree and attach one cake instance to each leaf. For that purpose the cake configuration looks sub-optimal, but I guess you inherited that from IPFire? And IPFire might have reasons for that configuration choices no matter how odd these look to me
Yes, I took this over from IPFire. That is the default setting in the GUI. I only entered my Internet speed. I'm not familiar with Cake.
In any case, I would probably like to use OpenWrt in the future. The possibilities of IPFire 2.x are limited. But as long as you use IPFire as intended, it's pretty good and easy.
I was just about to do that. My IPFire box is in the basement without a monitor. I brought the box up to my office, connected the monitor and keyboard and booted an OpenWrt image via USB. Everything worked and I was able to connect directly from my Mac via LAN. But of course I had no internet connection.
So I took the box back to the basement and got confused with my cables. Then I brought the box back up to the office. Suddenly I could no longer boot from the USB stick.
In Coreboot you have to press F11 at the beginning to be able to boot via USB. The USB stick was no longer recognized. I then swapped the USB port. Then the USB stick was recognized but it did not boot.
I suspect that the USB stick has broken.
The whole process cost me a lot of time and my children were annoyed because they wanted to play online.
I may try this again later or in the next few days with another USB stick.
SQM/Cake (Smart Queue Management): https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm
A+
Down: 262.9 Mbps
Up: 240.7 Mbps <= Significantly better than with IPFire. However, it may not be possible to make a 1:1 comparison. To do this, it would have to be ensured that the same or comparable services are activated.
i am saying that each of 2 DDR3 ram modules are too slow to store and forward between 2 gigabit cards. You have to make them work both at once cf raid0
I have a Yanling, but it is identical to the Protectli. I use CoreBoot and don't know if you can activate this feature in CoreBoot. The device also only has one memory slot.
I have also switched to a BPI-R4, but will perhaps look for the feature when I get the time.
Then you cannot forward at 2gbps. dual-channel memory setup supported by CPU could do it somewhat if little packet inspection/transform is done down the road.
