OPNsense Forum

Hi,
does anybody have experience in running Zenarmor at Intel Atom C3758R? What internet troughput can this CPU handle? The CPU-list at Zenarmor's website give me not an clear answere.

Thank's!

Since Zenarmor still is limited to one thread only, you can simply relate any known CPU's single-thread performance against the C3758R's single-thread perfomance on one of the many CPU-Performance comparison sites. The kind of work Zenarmor is doing here cannot be easily accelerated by a proprietary chip, unlike encryption.

So, choose a CPU whose performance you know and compare it.

I know that Zenarmor only use one core. That's the cause of my question. On their roadmap, multi-core operation would be implemented in the next 1-6 months(or so).

So badly I need experience from working devices... My personal experience: 1 GBit without TLS-inspection is nearly possible in my lab. 1 Core @100% Iperf3 with 10 parallel streams + OpenSpeedtest. But that's lab. Not repesentive for an company's Internet-Traffic-Mix.

I keep hearing that multi-threading support is on the top of the priority list for some years now. Sounds like when Trump says "in two weeks".

And yes, you would be hard pressed to find a low-power (embedded) CPU with a high enough single-thread performance to run Zenarmor at >= 1 GBps speeds. Only desktop or high-performance server CPUs (many server CPUs have many cores, but low single-thread performance) would do that.

And even then, you would only use a fraction of the potential power, but have the high cost (both purchase and consumption) until multithreading will be supported.

I thought multithread was available in one of the paid versions?

The faster the clock speed, the better ZA will run, kind of the only rule of thumb we currently have. I'm looking at an n355 device for my next hardware, something with at least 6 i226 ports and maybe trade a couple for some SFP+ (10g lan to lan would be NICE). I only have gigabit out to wan, so don't need the i226, but it's what I'm finding because it's what most people want going forward.

Also looking at a different model with 8 i226 ports, not seeing anything with "cheaper" i350 ports anymore, and I'm not going to try Realtek for real work.

Quote from: Greg_E on March 26, 2026, 02:33:50 PMI thought multithread was available in one of the paid versions?

The faster the clock speed, the better ZA will run, kind of the only rule of thumb we currently have. I'm looking at an n355 device for my next hardware, something with at least 6 i226 ports and maybe trade a couple for some SFP+ (10g lan to lan would be NICE). I only have gigabit out to wan, so don't need the i226, but it's what I'm finding because it's what most people want going forward.

Also looking at a different model with 8 i226 ports, not seeing anything with "cheaper" i350 ports anymore, and I'm not going to try Realtek for real work.

the roadmap (https://www.zenarmor.com/roadmap) has it 90% complete and has it listed under business and higher licenses, so no paid home license.

(https://i.imgur.com/uNXhrXj.png)

Correct, the MultiCore is still not available for ZA.
Correct, the Multicore if released will be most likely a paid feature (Higher paid tiers) per the roadmap. Even tough several times people asked ZA to clear this point they did not. and only side tracked the question. But assuming whats on the roadmap this looks like the case.

Quote from: Greg_E on March 26, 2026, 02:33:50 PMI'm looking at an n355 device for my next hardware, something with at least 6 i226 ports and maybe trade a couple for some SFP+ (10g lan to lan would be NICE).

I have one with 2x10G AQ NICs + 4x2.5G i226V, and its rock solid. Still looking for a good 10G switch option thou....

Regards,
S.

Quote from: Seimus on March 27, 2026, 01:21:01 PMI have one with 2x10G AQ NICs + 4x2.5G i226V, and its rock solid. Still looking for a good 10G switch option thou....

Define good. I have a Mikrotik CRS 326-24s+2q+ that works well, 24 sfp+ and 2 qsfp+ ports (mine are broken out to 8 more 10g ports). I also have their smaller CRS309-1g-8s+in (or something like that) which also work very well but I outgrew it, needed more ports. Those are really the cheapest options I would personally look at. I don't have much for 10g copper, generally I don't like it due to module heat, a DAC or fiber works better for a lot of things. My NAS has an AQ copper 10g connection, so I do have a hot module in the CRS 326.

Quote from: Greg_E on March 27, 2026, 04:27:50 PMDefine good.

I need a 24P switch with at least 2x10G ports and with at least 8x2.5G ports.

The only switch that did fulfill this is Mikrotik CRS326-4C+20G+2Q+RM, but its expensive. But on the other hand it was QSFP support which makes it bit future proof.

Regards,
S.

I have the USW-Pro-HD-24-PoE, which offers more ports, 4xSFP+, 2*10 GbE, PoE. I like the centralised management for Unifi Gear. Their routers are crap (https://community.ui.com/questions/UDM-Pro-SE-design-issue-Mixed-speed-port-bridging-breaks-TCP-transfers/1114a18f-ab79-4c8c-89f0-0d404dd849d9), but you can have the network management on a VM (https://ui.com/download/software/unifi-os-server).

There are smaller offerings available as well, with and without PoE:

https://geizhals.de/?cat=switchgi&xf=13283_2%7E16696_8%7E2270_Ubiquiti&sort=p#productlist

Quote from: meyergru on March 28, 2026, 01:33:15 PMI have the USW-Pro-HD-24-PoE, which offers more ports, 4xSFP+, 2*10 GbE, PoE. I like the centralised management for Unifi Gear. Their routers are crap (https://community.ui.com/questions/UDM-Pro-SE-design-issue-Mixed-speed-port-bridging-breaks-TCP-transfers/1114a18f-ab79-4c8c-89f0-0d404dd849d9), but you can have the network management on a VM (https://ui.com/download/software/unifi-os-server).

There are smaller offerings available as well, with and without PoE:

https://geizhals.de/?cat=switchgi&xf=13283_2%7E16696_8%7E2270_Ubiquiti&sort=p#productlist

Woo thanks for the link! I will look thru it.

The CRS326-4C+20G+2Q+RM compared to yours USW-Pro-HD-24-PoE, has the same amount of ports 20+4 Combo, but it has extra 2xQSFP minus the PoE. From my point of view this Mikrotik switch is more targeted as a CORE/Aggregation where the Unifi is more of an access switch.

I will not lie, I did look on the Unifi switches, they have good performance/cost ratio and lot of variations.
But the main beef I have, and I know this is sounding stupid, is the central management/orchestration. I do not own any other Unifi product, thus I would have to run the Management platform for only one device which sounds to me unreasonable.

So basically I am bit torn apart between getting Mikrotik or getting Unify.

Regards,
S.

I got hooked by their APs many years ago, so adding their switches is a no-brainer. The management is more "prosumer" than what Cisco or Mikrotik offer, but quite effective and easy to manage. Of course it depends on if you already have one of their router-type appliances or can use all of that on a VM.

Matter-of-fact, the network controller is also available on iOS and Android as standalone apps, because apart from the guest portal, you do not need it running 24/7. I never tried those, because IMHO, you need a bit of screen real estate to easily use the interface.

My main gripes about them are:

1. The dream boxes are crap.
2. Unify protect is only available on their hardware (dream boxes and NVRs) - they stopped the VM versions.
3. In the last 2 years, they started way too many variants of their products, leading to a confusing portfolio and, with the many new offerings, degraded support for any of them (https://community.ui.com/questions/Bug-802-1x-port-security-does-not-work-for-IPv6-on-USW-Pro-HD-24-POE/3280a2d8-43ff-49da-88e0-445af74e203e).

@meyergru many thanks for all of this awesome info.

Personally I use OpenWRT for APs.

If I already had some Unifi HW the decision would be simpler :D.
Anyway, I will consider all the great info you provided into my decision making.

Regards,
S.

Quote from: meyergru on March 28, 2026, 01:33:15 PMI like the centralised management for Unifi Gear.

To be honest I am more and more leaning towards getting rid of it in the future when something needs replacing!

Maybe by then OpenWRT in combination with my In Wall Accesspoints will actually keep all functionality instead of break half of it :)

Quote from: meyergru on March 28, 2026, 02:07:54 PMI got hooked by their APs many years ago

Same here with the old 2.4 GHz UAP models :)

QuoteMatter-of-fact, the network controller is also available on iOS and Android as standalone apps

It's missing soo much Settings that it's basically hopeless and not something I would recommend !!

QuoteI never tried those, because IMHO, you need a bit of screen real estate to easily use the interface.

That's what I keep telling people :

Ditch the stupid app/phone/tablet and grab a PC or Laptop with a nice big screen and a regular browser to manage your UniFi Controller !!

QuoteMy main gripes about them are:

1. The dream boxes are crap.

QuoteTheir routers are crap (https://community.ui.com/questions/UDM-Pro-SE-design-issue-Mixed-speed-port-bridging-breaks-TCP-transfers/1114a18f-ab79-4c8c-89f0-0d404dd849d9)

I DOUBLE AGREE !!! ;)

Quote2. Unify protect is only available on their hardware (dream boxes and NVRs) - they stopped the VM versions.

There were some workarounds by stealing the Containers it ran and moving it to standalone DIY solutions, but not something I would completely trust...

DIY Server + ONVIF Protocol based products are IMHO the way to go for now.
#NeedsMoreReading and stuff...

Quote3. In the last 2 years, they started way too many variants of their products, leading to a confusing portfolio and, with the many new offerings, degraded support for any of them (https://community.ui.com/questions/Bug-802-1x-port-security-does-not-work-for-IPv6-on-USW-Pro-HD-24-POE/3280a2d8-43ff-49da-88e0-445af74e203e).

100% TRUE !!!

Quote from: Seimus on March 28, 2026, 07:06:22 PMPersonally I use OpenWRT for APs.

Keep it that way if you are happy with the performance and stability ;)

QuoteIf I already had some Unifi HW the decision would be simpler :D

The UniFi Controller has the following needs and issues :
- AVX/AVX2 compatible CPU
This puts older Intel NUCs and Raspberry Pi models in a weird corner where you need to do really weird things to keep it all running !!
- Linux OS
Which is not an issue.
But in certain situations you need to install old unsupported libraries that are no longer available in newer distors and thus also no longer patched/maintained and have open CVE's and that sucks!
- Java such as OpenJDK.
Now the crap starts...
- Mongo Database
This is linked to the AVX/AVX2 story above and gets even weirder :
Certain versions of the UniFi Controller are linked to certain versions of MongoDB that you need.

So the more we move into the future and use newer UniFi hardware the more chance you have got to run into the AVX/AVX2 issue !!


So think about this VERY CAREFULLY before you buy anything... ;)

Quote from: nero355 on March 29, 2026, 10:36:59 PMTo be honest I am more and more leaning towards getting rid of it in the future when something needs replacing!

Mikrotik is great, IMHO. Cheaper, and very feature rich. And reliable, at least in my environment - using only layer 2, switches and APs. It's still called "Router OS" but I only use the layer 2 features. Plus, if you happen to live in the EU ... they are from Europe, too. Sovereignty, customer protection, GDPR, something something ...

They lack a central management solution but if you actively seek to get rid of something like that ... SNMP works great and RANCID supports Mikrotik so you can automatically pull and version configurations in e.g. git.

Quote from: Patrick M. Hausen on March 29, 2026, 10:42:49 PMMikrotik is great, IMHO.

I know and forgot to mention these two :
- https://tweakers.net/pricewatch/1280173/mikrotik-cloud-router-switch-305-1g-4s+in.html
- https://tweakers.net/pricewatch/1324602/mikrotik-crs309-1g-8s+in.html

Simply AMAZING value IMHO :)

CRS326-24G-2S+IN here. Plus hAP-ax2 and hAP-ax3. Planning to investigate Capsman soon - at least for WiFi they seem to have a central control plane.

Quote from: nero355 on March 29, 2026, 10:36:59 PMKeep it that way if you are happy with the performance and stability ;)

I am, for me its perfect, the stuff it can do is above and beyond.

Honestly it never occurred to me to replace OpenWRT with anything else (yet). OpenWRT provides features that are on enterprise HW yet for fraction of the price lets say. Plus I like to mingle with OpenSource stuff and DIY.

Quote from: nero355 on March 29, 2026, 10:36:59 PMSo think about this VERY CAREFULLY before you buy anything... ;)

All of these are valid points, when I looked into the Management platform, at least the latest "revamp" sounded to me like a mess.

Quote from: Patrick M. Hausen on March 29, 2026, 10:42:49 PMMikrotik is great, IMHO. Cheaper, and very feature rich. And reliable, at least in my environment - using only layer 2, switches and APs. It's still called "Router OS" but I only use the layer 2 features. Plus, if you happen to live in the EU ... they are from Europe, too. Sovereignty, customer protection, GDPR, something something ...

This is kinda as well my mindset currently. And strongly plays into the decision making.

Quote from: Patrick M. Hausen on March 29, 2026, 10:42:49 PMThey lack a central management solution but if you actively seek to get rid of something like that ... SNMP works great and RANCID supports Mikrotik so you can automatically pull and version configurations in e.g. git.

Good to know!


Thank you both for your opinions and inputs!
Regards,
S.

CRS326-24G-2S+IN > https://mikrotik.com/product/crs326_24g_2s_in

I like this one, I just wished it had 2.5G ports.

Regards,
S.

Quote from: nero355 on March 29, 2026, 10:36:59 PM- Linux OS
Which is not an issue.
But in certain situations you need to install old unsupported libraries that are no longer available in newer distors and thus also no longer patched/maintained and have open CVE's and that sucks!

You should consider ditching the standalone UniFi Network app at this point and install UniFi OS.  The Network application is preinstalled in it, and you can add additional ones as needed.  They provide installers for Windows, Linux and Mac.  @meyergru intoduced me to it some time ago and I haven't looked back.

The Linux installer works great on a plain Debian/Ubuntu VM.  It installs podman and is up and running in no time.  It manages its own dependencies.  Also, no routing weirdness to work around with Docker's internal networking (this used to cause issues in Proxmox).

AVX might still be required, though, I guess.

--

I do wish Mikrotik would figure out how to make the desktop switches fanless.  In my case the UniFi switch, OPNsense, and Proxmox node all sit on a small shelf on my desk within a meter or so of my left ear :P   

Fans are prohibited, with the exception of the CPU cooler on the HP Elite Mini.  It has a different problem however- coil whine.  Makes me want to throw it out the window sometimes.  I would love a word with whoever picks the inductors for these devices.  That is not a place to save pennies, IMO.

Yes, correct:

Quote from: nero355 on March 29, 2026, 10:36:59 PMThe UniFi Controller has the following needs and issues :
- AVX/AVX2 compatible CPU
This puts older Intel NUCs and Raspberry Pi models in a weird corner where you need to do really weird things to keep it all running !!
- Linux OS
Which is not an issue.
But in certain situations you need to install old unsupported libraries that are no longer available in newer distors and thus also no longer patched/maintained and have open CVE's and that sucks!
- Java such as OpenJDK.
Now the crap starts...
- Mongo Database
This is linked to the AVX/AVX2 story above and gets even weirder :
Certain versions of the UniFi Controller are linked to certain versions of MongoDB that you need.

So the more we move into the future and use newer UniFi hardware the more chance you have got to run into the AVX/AVX2 issue !!

The AVX requirement is there, 100%. However, with Unifi OS Server, you do not need to install any dependencies yourself. That is the beauty of UOS when compared against UNC - it mirrors what Ubiquiti does in their own devices, like UDM, by running every module under podman internally.

Apart from that, even UNC with all of its dependencies can be maintained very easily, when you use Glenn R's easy install scripts (https://community.ui.com/questions/UniFi-OS-Server-Installation-Scripts-or-UniFi-Network-Application-Installation-Scripts-or-UniFi-Eas/ccbc7530-dd61-40a7-82ec-22b17f027776) (I use those scripts for UOS, too).

As for Protect, yes, there are projects to steal the protect container (https://github.com/dciancu/unifi-protect-unvr-docker-arm64) and run them on a similar platform, but they are limited to arm64, because Ubiquiti does not have an x64-based platform running protect.

Quote from: OPNenthu on March 30, 2026, 07:40:19 AMYou should consider ditching the standalone UniFi Network app at this point and install UniFi OS.

When someone says UniFi OS my first reaction would be : "Do they have their own full Linux OS now ?!"

But when you say :

QuoteThe Network application is preinstalled in it, and you can add additional ones as needed.
They provide installers for Windows, Linux and Mac.

I guess that's not the case ?!

QuoteThe Linux installer works great on a plain Debian/Ubuntu VM.  It installs podman and is up and running in no time.  It manages its own dependencies.
Also, no routing weirdness to work around with Docker's internal networking (this used to cause issues in Proxmox).

If I need Docker to run it I would rather avoid it completely!

QuoteAVX might still be required, though, I guess.

Check your Mongo Database Server version and you will know it ;)

Quote from: meyergru on March 30, 2026, 10:13:42 AMThe AVX requirement is there, 100%.

Thought so! :)

QuoteHowever, with Unifi OS Server, you do not need to install any dependencies yourself.

That is the beauty of UOS when compared against UNC - it mirrors what Ubiquiti does in their own devices, like UDM, by running every module under podman internally.

But...

Didn't they ditch Podman Containers at some point and continued without them because there were a lot of issues ?!

QuoteApart from that, even UNC with all of its dependencies can be maintained very easily, when you use Glenn R's easy install scripts (https://community.ui.com/questions/UniFi-OS-Server-Installation-Scripts-or-UniFi-Network-Application-Installation-Scripts-or-UniFi-Eas/ccbc7530-dd61-40a7-82ec-22b17f027776) (I use those scripts for UOS, too).

I am aware of Glenn's work but I have never needed it to be honest so never used it either :)

QuoteAs for Protect, yes, there are projects to steal the protect container (https://github.com/dciancu/unifi-protect-unvr-docker-arm64) and run them on a similar platform, but they are limited to arm64, because Ubiquiti does not have an x64-based platform running protect.

Ohh... right... also AARCH64 only indeed! Forgot about that :)

Basically means looking for that one special Mainboard that can hold enough storage or messing around with SAMBA/NFS to store everything on your (DIY) NAS instead...

No, no Docker needed.  I meant that I used to use Docker for hosting the legacy Network controller but it was a bit cumbersome, especially under Proxmox. 

With UOS you just run the installer and it sets up its own environment with podman, which it installs from the OS repo.

https://ui.com/download/software/unifi-os-server

has an arm64 build, which installs on raspiberry pi without AXV, obviously. where is the AVX is required? maybe for x86? AVX2 was 2013, haswell, so even that isn't really a concern at this point.

i have no love for unifi and its lottery / gamble of software updates, i run unifi switches, APs, protect and its really a gamble sometimes (much like zenarmor!), but this thread seems like it has a lot of misinformation in it

Yes, I was only talking about x64 as VM, which seems like the obvious choice for self-hosting.

I know you can use a Raspberry, yet I found it to have a high power envelope for what it can do and also, it cannot handle virtualisation for many different applications. The main reason that ARM image is supported seems to be that the UDM line of products is ARM64 as well.

The UNC can even be used as a package under OpnSense itself, it is available from Mimugmail's repository.

That AVX requirement on x64 platforms is mostly irrelevant anyway, because even an N100 has AVX2 (https://www.intel.de/content/www/de/de/products/sku/231803/intel-processor-n100-6m-cache-up-to-3-40-ghz/specifications.html). Any fairly modern x64 CPU should have it.

Quote from: dirtyfreebooter on March 30, 2026, 06:08:00 PMwhere is the AVX is required?

For MongoDB since version 5.0:  https://www.mongodb.com/docs/manual/administration/production-notes/

And for ARM you need at least ARMv8.2-A.

This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo.  Neither can my OPNsense box (N5105).

Quote from: OPNenthu on March 30, 2026, 06:28:32 PM

Quote from: dirtyfreebooter on March 30, 2026, 06:08:00 PMwhere is the AVX is required?

For MongoDB since version 5.0:  https://www.mongodb.com/docs/manual/administration/production-notes/

And for ARM you need at least ARMv8.2-A.

This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo.  Neither can my OPNsense box (N5105).

ah man, i am surprised the N5105 is missing AXV, just has SSE4.2. well that kinda sucks. i use an old unifi cloud key gen2 (the one without the hard drive), since its poe, uses 1-2w idle, and then i dont have think about it and move on with my life and not make homelab a 2nd full time job. i assume either that is arm64 is 8.2+ or unifi will figure it out, one way or the other.

With the 2.5g, Microtik doesn't really have any choices or I might have bought one. Knock the POE requirement away and the crs326-24s+2q+ and some 2.5g modules would do the trick. 2.5g modules are around $20 from Wiitek (I have a couple of these in service right now, not hot at all), hard to say if I'm getting real 2.5g speeds, but I'm getting more than 1.5g speeds through a Moca 2.5 pair of converters and about 100 feet of RG6, average 4ms ping times which is right in line with what the manufacturer says.

Now that said, I haven't priced any Mikrotik gear in a while, not since before the great AI wars, they might be goofy priced right now. Both of the crs326 that I have were under $600 new (one for my personal lab, and another for work because I liked it so much).

There are some Extreme Networks switches that fit your needs, but you are going to want to wait until you see a bounced of the truck sale. That's how I got my 5420m-48w-4ye (48 gigabit ports with 90 watts POE each port, and 4x25g, with 2x stacking that can be 2x10g, and dual 900 watt supplies) at $400 I couldn't resist. Was brand new in box, but I'm not going to register it.

Also look at some of the FS switches, again wait for a bounced off the truck sale on ebay.

Quote from: OPNenthu on March 30, 2026, 06:04:02 PMNo, no Docker needed.

I meant that I used to use Docker for hosting the legacy Network controller but it was a bit cumbersome, especially under Proxmox. 

With UOS you just run the installer and it sets up its own environment with podman, which it installs from the OS repo.

Podman is just an alternative to Docker and something I don't feel like maintaining either :)

Quote from: dirtyfreebooter on March 30, 2026, 06:08:00 PMhttps://ui.com/download/software/unifi-os-server

has an arm64 build, which installs on raspiberry pi without AXV, obviously.

That's not how it works my guy :)

Quotewhere is the AVX is required? maybe for x86?

100% This =>

Quote from: OPNenthu on March 30, 2026, 06:28:32 PMFor MongoDB since version 5.0:  https://www.mongodb.com/docs/manual/administration/production-notes/

And for ARM you need at least ARMv8.2-A.

This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo.  Neither can my OPNsense box (N5105).

You can cheat it all for a while (I have got the UniFi Controller 9.x.x running on an old Intel Atom NUC 2820 FYKH) but one day you will have to upgrade to something newer !!

For now I am leaning towards some AARCH64 product with A55 Cores like the Odroid C4 Series.

QuoteAVX2 was 2013, haswell, so even that isn't really a concern at this point.

You want something that is Intel Atom/Celeron/Pentium like and the price of the models with AVX/AVX2 is still pretty high compared to older models...

Quotei have no love for unifi and its lottery / gamble of software updates

100% Agree! :)

Quotebut this thread seems like it has a lot of misinformation in it

So far I haven't seen anything that isn't true in the sense that it's a total lie ?!

Quote from: meyergru on March 30, 2026, 06:24:04 PMYes, I was only talking about x64 as VM, which seems like the obvious choice for self-hosting.

Not always the case :)

QuoteI know you can use a Raspberry, yet I found it to have a high power envelope for what it can do

The Raspberry Pi models were compared against each other at the time when the Raspberry Pi 3B+ was released and it turned out that the Pi 2B and 3B had the best Power to Performance ratio of all models !! ;)

Sadly the specific Blog article was removed by the Raspberry Pi Foundation on their website so I can't give you a link to it.
In the Pi 4B and 5B years there were also no new articles with similar tests so I can't say anything about those models in this regard.

QuoteThat AVX requirement on x64 platforms is mostly irrelevant anyway, because even an N100 has AVX2 (https://www.intel.de/content/www/de/de/products/sku/231803/intel-processor-n100-6m-cache-up-to-3-40-ghz/specifications.html). Any fairly modern x64 CPU should have it.

Intel Atom/Celeron/Pentium NUCs and all similar models have gone up in price a lot over the years so a Odroid with A55 Cores or Raspberry Pi with A76 Cores could be the better alternative for some people...

Quote from: dirtyfreebooter on March 30, 2026, 06:57:57 PMI use an old unifi cloud key gen2

The problem with those things is that once they are declared EOL you can't use them for anything else...

Or at least so far I have not read about it anyway.

Quoteand then i dont have think about it and move on with my life and not make homelab a 2nd full time job.

It's a hobby, not a job for me :)

Quotei assume either that is arm64 is 8.2+ or unifi will figure it out, one way or the other.

Yeah, they will figure it out for you by making you buy a new one! LOL! ^_^

Quote from: nero355 on March 30, 2026, 11:00:56 PMPodman is just an alternative to Docker and something I don't feel like maintaining either :)

That's the beauty of it: you don't manage anything.  It manages itself, including updates.  You don't touch a thing on the OS.  From the user perspective it's just an app installer.  You run it.  It installs UOS.  Done.

That wasn't the case in the past.  You needed to install and maintain Docker yourself, as well as each container (MongoDB, Network) and their connections.

Quote from: Greg_E on March 30, 2026, 08:21:00 PMWith the 2.5g, Microtik doesn't really have any choices or I might have bought one. Knock the POE requirement away and the crs326-24s+2q+ and some 2.5g modules would do the trick. 2.5g modules are around $20 from Wiitek (I have a couple of these in service right now, not hot at all), hard to say if I'm getting real 2.5g speeds, but I'm getting more than 1.5g speeds through a Moca 2.5 pair of converters and about 100 feet of RG6, average 4ms ping times which is right in line with what the manufacturer says.

This is not a bad idea at all.

Quote from: Greg_E on March 30, 2026, 08:21:00 PMThere are some Extreme Networks switches that fit your needs, but you are going to want to wait until you see a bounced of the truck sale. That's how I got my 5420m-48w-4ye (48 gigabit ports with 90 watts POE each port, and 4x25g, with 2x stacking that can be 2x10g, and dual 900 watt supplies) at $400 I couldn't resist. Was brand new in box, but I'm not going to register it.

I totally forgot there is as well Extreme. I had the pleasure with their switches 5-7years ago and I was not so pleased... That 5420m-48w-4ye how loud/noisy it is?

Quote from: Greg_E on March 30, 2026, 08:21:00 PMAlso look at some of the FS switches, again wait for a bounced off the truck sale on ebay.

Not a bad idea as well will check FS too.

Regards,
S.

Quote from: nero355 on March 30, 2026, 11:00:56 PM

Quotebut this thread seems like it has a lot of misinformation in it

So far I haven't seen anything that isn't true in the sense that it's a total lie ?!

QuoteI use an old unifi cloud key gen2

The problem with those things is that once they are declared EOL you can't use them for anything else...

yea i apologize, i didn't realize cpus like N5105 lacked AVX and that mongo with arm64 was so aggressive to essentially eliminate support for for Pi 3 and 4. really annoying to homelabers for sure.

as far the cloud key, they were introduced in august 2018, so it goes for 10+ years, with PoE and 1w idle, i find that acceptable for $150.. time vs money. that being said, i dont think they have been sold/in-stock on the official store for a while now, only the gen2 plus model with the hdd slot. though there are plenty on ebay.

what i found worked well with the new UniFi OS server was to setup a Debian LXC on Proxmox 9.1, containers supported with keyctl=1 setting. i just setup LXC, updated system packages, ran the UniFi OS installer from https://ui.com/download/software/unifi-os-server and everything was setup without really any interaction. but if you running proxmox on N5105, i guess you are still out of luck with no AVX.

Quote from: OPNenthu on March 31, 2026, 12:21:20 AM

Quote from: nero355 on March 30, 2026, 11:00:56 PMPodman is just an alternative to Docker and something I don't feel like maintaining either :)

That's the beauty of it: you don't manage anything.  It manages itself, including updates.  You don't touch a thing on the OS.  From the user perspective it's just an app installer.  You run it.  It installs UOS.  Done.

That wasn't the case in the past.  You needed to install and maintain Docker yourself, as well as each container (MongoDB, Network) and their connections.

It's the same crap like with Docker : https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md

I don't need those additional Network Interfaces on my Host ;)

Quote from: nero355 on March 31, 2026, 03:08:28 PM

Quote from: OPNenthu on March 31, 2026, 12:21:20 AM

Quote from: nero355 on March 30, 2026, 11:00:56 PMPodman is just an alternative to Docker and something I don't feel like maintaining either :)

That's the beauty of it: you don't manage anything.  It manages itself, including updates.  You don't touch a thing on the OS.  From the user perspective it's just an app installer.  You run it.  It installs UOS.  Done.

That wasn't the case in the past.  You needed to install and maintain Docker yourself, as well as each container (MongoDB, Network) and their connections.

It's the same crap like with Docker : https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md

I don't need those additional Network Interfaces on my Host ;)

There are none.  It doesn't change anything on your host network and what you'll see in 'ip a' is the same as what you had before.  It listens on the host IP rather than some internal 172.x address like what Docker does with virtual interfaces.

This is all I see on my UOS VM:

$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    altname enp0s18
    altname enxbc2411e2f30a
    inet 192.168.1.116/24 brd 192.168.1.255 scope global dynamic noprefixroute ens18
       valid_lft 73385sec preferred_lft 58071se

Just add the host IP to DNS as 'unifi.' and you're done.  Maybe also open the needed host firewall ports.

The entire UOS stack is hidden from you in its own podman context.  You don't interact with it.  Just install it in a VM and see.

Maybe this from ChatGPT explains it best:

QuoteUniFi OS isn't just "Podman + containers"—it's a full appliance OS. It uses its own management layer to:

• deploy containers
• restart them
• control networking
• enforce updates

So even though Podman is underneath, you're not meant to interact with it directly like a normal host.

I'm not really following this discussion, but openSuse LEAP Micro is becoming my go to for simple containers. Tested on RasPi4 and lower end AMD x86_64. Copilot built in and you can use the FUEL Ignition project to preconfigure the install (online combustion/ignition script generator).

Quote from: Seimus on March 31, 2026, 01:05:17 AMI totally forgot there is as well Extreme. I had the pleasure with their switches 5-7years ago and I was not so pleased... That 5420m-48w-4ye how loud/noisy it is?

I forgot about this thread. The 5420 are very quiet for what they are doing, at least until you start pulling a lot of power from them. If you buy the versions without POE, they are better than most 2u servers, and better by a lot than a Cisco 2960 (s/x) switch. My pile of HP T740 make more noise combined, but that is 8 of them. My Microtik CRS326-24s+2q+ is slightly quieter, but it doesn't have any poe.

Thanks!

Regards,
S.