Re: A FreeBSD-based Router

Fully agree. A high-end processor will surely be a bit of a waste for a router/firewall, unless you’re moving around tons of traffic with tons of firewall rules, traffic shaping, VPNs, and intrusion detection; and, on the other hand, a low-end processor will simply not let you scale up if at first you’re not doing any of those things, but then you develop a need to.

One of the biggest benefits of running my router in a VM has been having the ability to almost magically tune its resources to its evolving responsibilities, affording me a simple reboot of the VM to adjust the amount of threads/cores/ram the underlying host allocates to it (provided, of course, the latter has to spare). The downside is of course putting too many eggs in one basket, resulting in the full loss of all my custom networking whenever the host needs to undergo any kind of maintenance. One strategy against the latter is gauging over some time what your hardware router should look like, then multiplying the resulting resources by some factor for scalability and growth purposes (e.g. four NICs instead of three, 4GiB of RAM instead of 2, 10Gbps instead of 1, etc.), and then fleshing it out to real hardware.

Regards,

> On Apr 5, 2025, at 5:39 PM, John Howie <jhowie@msn.com> wrote:
> 
> Hi Juan,
> 
> Any cheap PC will do,  but I would stay away from those with low-end processors. No point buying one with a high-end processor either. You will never get the performance that you would have with a purpose-built router using special hardware.
> 
> Best regards,
> 
> John
> 
> Sent from my iPhone
> 
>> On Apr 5, 2025, at 12:09, Juan Manuel Palacios <jmpalacios@gmail.com> wrote:
>> 
>> Other than talking about the appropriate hardware for the task at hand, I find it rather odd that no one has yet mentioned either the pfSense or OPNsense distributions. They’re both router-oriented, FreeBSD-based, web-administered, text-based-managed, and, above all, extremely versatile.
>> 
>> Mind you, I’m not talking to any degree against rolling out raw FreeBSD plus packages plus some orchestration solution to manage changes, I absolutely love that approach. But if what you want is a turn-key, ready-made solution to provide router-related functionality to your home network, then either of those two more than fit the bill.
>> 
>> I’ve been running pfSense here at home for the last… what, 6 years already? And it’s been rock solid! And on that router I run a DCHP server, DHCP6, radvd, unbound, HAProxy with a few ACME certificates, OpenVPN, a whole bunch of VLANs, plus of course pf with a bunch of rules for each of those VLANs, and probably other things I might be forgetting.
>> 
>> Furthermore, that pfSense router runs in a VM, sitting atop a Supermicro MOBO & a not super powerful Intel CPU, leveraging PCI passthrough for three NICs, and sometimes I just get bored at having almost nothing to worry about because it just works 24/7/365 without skipping a bit.
>> 
>> Again, other than discussing what would be the appropriate hardware for your setup, an appliance-like solution like that is definitely what I’d recommend.
>> 
>> HTH!
>> 
>>> On Apr 5, 2025, at 2:47 PM, Polarian <polarian@polarian.dev> wrote:
>>> 
>>> Hello,
>>> 
>>>> There are ARM based SBCs (smaller than a mini PC) purposely built
>>>> as routers ie. with multiple ethernet ports. Since FreeBSD can run
>>>> on ARM (in theory), I would look into those. Very low power :-)
>>> 
>>> There is a limited number of supported ARM boards. [1] provides a list
>>> of them, but this page has not been updated in years so I am not too
>>> sure about the status of it, maybe ask the arm mailing list if you are
>>> interested in an ARM router?
>>> 
>>> If you are willing to take some additional energy usage for modularity
>>> picking up old desktops such as optiplex's can provide you something
>>> which can be upgraded very easily. SFF Optiplex's despite being small
>>> (not as small as some of the arm options) can fit 1 or 2 network cards
>>> in it, which can have up to 4-6 ports on a single card giving you more
>>> than enough ports to make as many subnets as you like. Old desktops
>>> tend to be cheap on ebay too, along with order gigabit network cards,
>>> and the more beefy cpu gives you more than enough compute headroom for
>>> anything you can think of. It does come at a power cost though, which
>>> in the long run could be experience.
>>> 
>>> You could also look at protectli [2] which provide minipc sized
>>> routers, however these come at a big cost, and will only save a small
>>> amount of energy using newer more efficient chips than old desktops,
>>> but they do pack a punch. I am not sure how well they support FreeBSD
>>> however.
>>> 
>>> At the end of the day, you need to decide on how much performance you
>>> need. If you only need a few hundred mbps of throughput then a
>>> raspberry pi 4 with a usb NIC can provide you that performance for a
>>> very low power draw, and reasonable cost. If you want something
>>> performance which can do gigabit (or more in the future) then old
>>> desktops or protectli boards might be the better way to go.
>>> 
>>> Take care,
>>> --
>>> Polarian
>>> GPG signature: 0770E5312238C760
>>> Jabber/XMPP: polarian@icebound.dev
>>> 
>>> [1] https://www.freebsd.org/platforms/arm/
>>> [2] https://eu.protectli.com/
>>> 
>> 
>>