Unfortunate, but at this point I'm starting to give up for doing routing/firewalling on low power consumer hardware anyway.
At 10G and above, it's just very hard for such CPUs to keep up, and reasonable power usage seems to require hardware acceleration.
I think part of the issue is the tiny ethernet frame size. Dealing with millions of packets per second is just hard on a low power CPU. And unfortunately due to the internet, jumbo frames are only a viable thing on the inside.
So now the equation swings towards purpose-built devices that can actually accelerate routing, bridging and firewalling in hardware.
Most ARM cases would mean a tremendous amount invested in reverse engineering of binary blobs required to configure network and crypto-accelerators. Also, in most cases, it means no support *BSD like OPNsense and pfSense. That leads to fully proprietary designs, lack of transparency, and limited trustworthiness.
What we were able to realize over the years of writing firmware and researching new solutions for network appliance vendors is that support for accelerators is considered a premium feature and typically is available only behind paywall corporate unobtanium. Consider very respected silicon vendors, such as Marvell [1] or NXP [2].
If you have in mind hardware (no matter if x86, Arm, RISC-V, or POWER) that would be able to mark all checkboxes that PC Engines score [3] with 10G performance, then it would be exciting competition otherwise, we are very far from community expectations, where most BSD users with open-source firmware based hardware choose PC Engines or Protectli [4].
Did I just get a message from ChatGPT? Because this comment doesn't quite make sense. I said nothing about ARM, and those links don't lead to quite where I'd expect.
No, just from not native English speaker. You mention high performance 10GbE hardware without being precise about CPU architecture or vendor/model of the firewall. Apparently high power non-consumer grade hardware, but such hardware lacks PC Engines properties. You also mention accelerators and this is what my comments is about: reality of build firewalls.
My comments is about designs that potentially could meet the requirements, but surprisingly those have different problems. How we know those designs? We consult for firewall vendors doing research. We would be glad to be wrong by being pointed to viable competing solution which can reach score close to PC Engines. Performance is not the only factor for small ISP and security-concious privacy-concerned infrastructure builders.
So it is not that trivial to purposefully build firewall these days that can compete with PC Engines low power consumer/SOHO design.
At 10G and above, it's just very hard for such CPUs to keep up, and reasonable power usage seems to require hardware acceleration.
I think part of the issue is the tiny ethernet frame size. Dealing with millions of packets per second is just hard on a low power CPU. And unfortunately due to the internet, jumbo frames are only a viable thing on the inside.
So now the equation swings towards purpose-built devices that can actually accelerate routing, bridging and firewalling in hardware.