Very specific hardware? An Intel NIC (x520 variant) is about it which can be had for cheap off eBay. If you’re trying to do line rate IPS, you’re going to need a modern cpu, but that’s the case regardless of OS.
The NIC is an Intel x520. pfSense/opnSense both maxed out at routing about 5-7 Gbps with about 20% CPU usage (I'm assuming one core maxed) with the default config (so no IPS or QoS or anything configured, just basic NAT)
Tried a bunch of the random tunables people were posting on forums, tried turning on the hardware offload the manual says you shouldn't touch, it made no difference.
Modern OPNsense shouldn't be single threaded on routing. I guess without knowing the exact CPU it's tough to say, but a xeon-d will easily do 10Gbe routing which is ~1700 single core passmark, 11k for all cores.
Might have to do with the tunnel? If much of the traffic is going through a tunnel, that's probably all hashed to the same rx queue and could overwhelm a less capable cpu?
I've always had good experiences with the Intel x520/x540 10G nics on FreeBSD though, and given the eBay pricing, there's been no reason for me to explore any other offerings. Sadly, my recently installed fiber internet is 1G only, but maybe one day they'll update; but I can't really test if my system can do 10G without a proper upstream.
