D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Fwd: 🎉 Raspberry Pi 4 (2GB) PRICE CUT! Plus a FREE gift!


On 29/02/2020 15:00, Simon Avery wrote:

> Funnily enough I was pondering this myself (Rural and my once fine Wifi 
> internet provider's performance has now dropped to sub adsl levels at 
> peak, so I'm going to try 4g and wanted something to load 
> balance/failover between two WANs whilst I decide which is better)
> I've used pfSense in the past and thought about it, downloading onto a 
> vm a couple of days ago. It's had a lot of the rough edges knocked off 
> the interface now, and the upselling for support isn't too intrusive 
> (yet) - so feels like a good product. I may use it like that whilst I 
> twiddle, but would prefer it to be homeserver or homedesktop independent.
> There is some talk about it running of Rpis and the hardware should be 
> ample for it, and there is an ARM version - but I don't know if it's 
> really been used in anger yet, and the single-nicness is a sticky point 
> (although VLANs might be a thing). I think some of the negativity on the 
> following is probably a lack of understanding, or an unwillingness to try.
> https://www.reddit.com/r/PFSENSE/comments/c6if8f/would_pfsense_run_well_on_a_raspberry_pi4/
>     I don't have good history with RPis for doing "proper" work
>     unfortunately, much as I love them. Stability sucks :[
> I do have a Pi4 that I use for Pihole and Backuppc (with a usb hdd caddy 
> attached). I spotted some voltage underrun errors in syslog and switched 
> to a beefier USB feed and they went away, and it's been a lot more solid 
> since. In fact, 100% uptime for about two months, barring power cuts 
> (which exposed a dead battery on my desktop one, so that's now powered 
> by an old tractor battery that has a quoted runtime of 35 minutes 
> according to the UPS, but I'd be surprised if it quits sooner than six 
> hours...)

I end up saying this every time but have a look at opnsense before you 
get too invested in pfsense - I'm convinced that people only end up 
using pfsense because of it's visibility (it's the one general purpose 
turnkey firewall/gateway/router distro that everyone knows of off the 
top of their head). I've been using both quite heavily for years and 
years and there is nothing to particularly commend pfsense over 
opnsense. Quite the opposite actually (in my opinion, obviously).

I only used pf/opnsense as an example - both are freebsd based 
appliances and not necessarily a good fit for the RPi ecosystem anyway. 
Just installing a regular lightweight linux distro and doing the 
routing/iptables/masquerading/DNS/DHCP stuff myself would probably work 
better on RPi. OpenBSD on RPi is in pretty good shape these days so 
that's an option too and a better fit for this kind of network job - 
it's not the software side that is going to be the problem though, it's 
the hardware limitations.

You'd be ok I think for all the wrong reasons - your internet is slow 
enough that even a RPi3 with a USB gigabit adaptor could shunt traffic 
between it's two NICs fast enough (for now, hopefully you'll get higher 
speed internet eventually!) that it won't bottleneck. My home internet 
is currently managing just shy of 25MBps downstream and that's very 
close to the maximum throughput people have been measuring through RPI3 
with gigabit USB adaptors - I know plenty of people on considerably 
faster fibre connections than that at home. Additionally scanning the 
forums/reddit/etc for the various distros that support this kind of role 
on RPis it seems pretty unanimous that the USB throughput limitations 
are pretty severe and that's before any CPU intensive stuff like VPNs or 
wireguard, complex firewall rules, etc. Basically all the stuff you'd 
obviously want on an all-in-one gateway box doing pfsense-like work.

There's not a lot of reports for the RPi4 yet though, which hopefully 
might push performance up to a level where it wouldn't bottleneck doing 
24/7 moderate pfsense-type loads even on increasingly typical high speed 
broadband. It's a lot to ask to be fair - especially at the price point. 
But I'm clearly not the only person really interested! I'd guess for 
your available bandwidth a RPi3 probably would be sufficient and a 4 
surely would? Long term stability is the next issue though.

For my scope of interest, dual NIC is critical - my use case is for a 
single dirt cheap "box of tricks" that I could drop into any basic SOHO 
network to physically isolate the cursed ISP supplied router from the 
rest of the intranet completely and take over standard network duties, 
just like you'd use a pfsense type network appliance for normally. This 
absolutely presumes a typical SOHO environment so zero chance of any 
layer 2 management features.

As usual I'm looking for super cheap options basically! RPi4 plus a 
gigabit adaptor and a cheap-ass SSD would weigh in at under £100 and 
that's a much easier sell to people than convincing them to let you put 
in a full x86 box running pfsense and a new VLAN capable switch.

There's clearly nothing else to do except test it I guess and I've got a 
pile of RPi3s next to me... So far I've downloaded ipfire and opnsense 
RPi images and will try out a handmade arch linux based setup as well I 
guess. I've had every generation of RPi so far (and loved them) so I'm 
definitely going to get a couple of 4s but will hopefully wait for Pi 
day sales I guess. It was puzzling me why I hadn't already bought some 
but then I remembered that there was an issue with the USB-C design 
wasn't there? I was probably going to wait until it had been fixed and 
the old supply backlogs had been used up and then just forget about it.

If you decide to try out for doing your dual WAN tests definitely let us 
know, it would be really interesting to see how you get on.

The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq