Thanks a lot, i'll take a look on VyOS as well!
I've set up my build now, currently an OpenWrt VM for routing, NAT, and IPv6 RA.
For DHCPv4 and DHCPv6 i use an Debian VM with isc-dhcp-server equipped which runs well with heavy load to up to 4500 leases per second.
Now there is some issue. I've set up an iperf3 server on the WAN facing subnets of the OpenWrt device, as well as on the LAN facing ones. So i send iperf3 traffic from LAN to WAN and vice versa using iperf3 to check the NAT performance, unfortunately i only get around 600mbps. Is there a way to troubleshoot this issue? CPU load is at around 15% on one core.
BTW. does someone have experience with pfSense?
Did you PCI passthrough the NICs or do you let your hypervisor let manage the NICs? If that is the case I had issues with low performance also in such a scenario which was solved by switching to PCI passthrough the NICs to the VM. That way I get NAT throughput of ~2gbit/s with a Intel J4115.
Also give the VM enough RAM, depending on drivers of your NICs you may need a gigabyte or more RAM for stable NAT throughput with 1gbps+.
Your problem is not that it is not possible to solve your scenario with OpenWrt but instead that nobody did that already so we simply don't can tell you if you hit that problem do that.
So some feedback would be nice if you also hit other roadblocks so we can all learn from it.
1 Like
Hey, thanks for your reply!
Well i was running into issues caused by my QLogic cLOM8214.
The bandwidth on untagged traffic was low, and when using dot1q tags they were not passed through the interfaces correctly. So it was a huge headache and took a whole day of troubleshooting, finding out it is the NIC.
Now i am running OpenWrt without hypervisor on the machine, but i am looking for some guide on how to install OpenWrt on mdadm RAID. Furthermore i only need to implement the kea-dhcp or isc-dhcp-server yet, and the server is ready.
Is the IPv6 service of OpenWrt more capable than dnsmasq, or do you guys recommend to replace it as well? I would like to keep it. IPv6 is nasty for me.
So i have replaced the NIC by an Mellanox Connect X2 card and now i am getting 9,8gbps through NAT, on 30% CPU load.
I think its a good result!
There is a mdadm package in OpenWRT that you can install and you can create a volume then with it if you want persistent log files or so. OpenWrt itself does not really be on a RAID IMHO, it boots and after that doesn't really read or write anything on disk so if your disk gets corrupted OpenWrt will run fine until you reboot I would say.
Regarding IPv6. I don't think you will run in problems, just plan your subnet sizes properly so you don't run out of IPv6 subnets with all your VLANs.
You may need to tune some sysctl values for your enviroment though, SOHO with a 64 MB RAM router, for which the defaults are set, is different to what you run, so you may want to tune some parameters.