![]() ![]() You may want to create a separate partition to avoid "/" filling up or crashing openwrt. There is an arm64 image that we can run on NanoPi R4S - this works fine in friendlywrt 19 but fails to run on OpenWRT 21.02 vanilla.Īfter some debugging I have found the root cause and fixed it. I'm also experimenting with using Ansible for configuration management and deployment of OpenWRT devices. NanoPi R4S ntopng install as a container inside openwrt on FriendlyWRT 19 or OpenWRT 21.02 using my image.NanoPi R4S openwrt build (not yet ready).This repository may have a combination of items, all related to my nanopi R4S effort to run openwrt+ntopng.Īt the moment the following components exist: This repository are my public notes and contributions towards this effort, no guarantees or support provided. Attempt to leverage the magic of containers to tie it all together. Migrate away from opnsense firewall + ntopng which runs on a VM to a pocket router running OpenWRT. NanoPi R4S is not yet officially supported in OpenWRT official builds (only in snapshots code base) this requires you to build your own OpenWRT build or use FriendlyWRT image which I found to be missing critical items like IPv6 NAT6 kernel modules and its also an older openwrt release. When using multiple interfaces in the same system, the bandwidth of the PCI bus can easily become a bottleneck.OpenWRT + ntopng support on a pocket router nanopi R4S In environments where extremely high throughput through several interfaces is required, especially with gigabit interfaces, PCI bus speed must be taken into account. Remember if you want to use your pfSense installation to protect your wireless network, or segment multiple LAN segments, throughput between interfaces must be taken into account. Server class hardware with PCI-e network adapters. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than a modern Intel or AMD CPU clocked at 2.0 GHz. We recommend a modern 1.0 GHz Intel or AMD CPU. We recommend a modern (less than 4 year old) Intel or AMD CPU clocked 500MHz or greater. All of the following numbers also assume no packages are installed. The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. Above 1Gbps, other factors, and other NIC vendors dominate performance. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s). A quality NIC can substantially increase system throughput. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. Selection of network cards (NICs) is often the single most important performance factor in your setup. Requirements Specific to Individual Platforms: You may be able to get by with less than the minimum, but with less memory you may start swapping to disk, which will dramatically slow down your system. Note the minimum requirements are not suitable for all environments. The following outlines the minimum hardware requirements for pfSense software version 2.x. PfSense Hardware Requirements and Guidance Snort and ntop are two that should not be installed on a system with less than 1GB RAM. Packages - Some of the packages increase RAM requirements significantly. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. The default state table size is calculated based on 10% of the available RAM in the firewall. ![]() Large State Tables - State table entries require about 1 KB of RAM each. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.Ĭaptive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above. The number of connections is much less of a concern than the throughput required. Encrypting and decrypting traffic is CPU intensive. VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization: The following outlines the best practices for choosing the appliance best suitable for your environment. 2.5 Gigabit, and 10 Gigabit SpeedsĤx Intel 2.5 GbE i226 Discrete (unswitched) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |