On 09/10/18 08:22, Sonic wrote:
How does the Edgerouter compare in performance to an Atom 2358/2558 based system? Especially interested in firewall performance using site-to-site VPN's.
There's trade-offs for everything. The x86 platform is fundamentally flawed and contains innumerable backdoors and vulnerabilities. The C2000 chip series has issues with hardware/circuit degradation. On MIPS64 the mmu lacks support for W^X and the pmap module only supports 32 bit mappings resulting in weaker ASLR, there's also no rtc on octeon.
In terms of performance, I've found the Edgerouter Pro to be able to handle half a gigabit of traffic no problem. I've never owned an APU / soekris device to compare the performance to. Obviously a 2 or 3 Ghz x86 machine is going to push more packets through sheer brute force, but for the average home or office connection, there will be no difference unless you're among the lucky few with a synchronous gigabit connection. For my clients or family/friends with their measly 30/5 or 80/8 connections, an ERL running fq_codel QoS runs great, and pulls less than 10 watts of power. Something like a soekris device would be unnecessary overkill. Even in situations where I was working with 100/100 or 250/250 connections, the ERPro handled it like a champ. A buddy of mine has been running a PowerMac G4 as a OpenBSD router/firewall for his 150/150 fibre connection for many years just because he doesn't like x86. I've seen benchmarks of the early beta octeon IPsec hw accleration being able to push around 50Mbit/s on an Edgerouter Lite. There should be better performance on the ERPro, but I have yet to see any benchmarks.
