for feds to use at any arbitrary reason.

For the safety of the children you mean /s

Afaik, you'd want hardware acceleration for the actual packet routing, or it'll be quite slow/inefficient. So any ASIC for routing packets would be considered a "router".

I wonder if there exists an open router design based on an FPGA platform...

Tell that to the poweredge r210 ii in my closet running PFsense with its CPU barely getting touched despite four NICS, two of them 10gbps.

You're thinking of switching hardware.

That being said I might go hit up mikrotik while I still can for switches. Shame cuz I was hoping to wait until they got PoE versions of the CRS310-8G+2S+IN, but I think they wanna get rid of the crusty old stock of CRS112-8P-4S-IN. They made a similiar newer switch but it only runs swos instead of router is which is bunk.

Ubiquiti stuff can still be flashed with openwrt so I'm good on APs I think once my dlink dies, even if it'll be overpriced.

Worst case I just buy em like I do my FPV flight controllers: from Ali Express

Interesting, yeah I'm not actually well versed, that's why i began with "afaik" hah. My experience with EdgeRouter is that you basically have to enable hw offloading to get the full throughput, and my assumption was that probably all off-the-shelf routers are doing something similar for them to be usable in such a small/cheap/lower-power box.

When you say I might be thinking of "switching hardware", I assume you're referring to "managed switching", and isn't that just routing without any NAT? Like, if your pfsense router has 4 NICs, then it has to do the job of both a router and switch, no? First one, then the other for each packet?

Doing routing/firewall in software is a lot more flexible, and easier to patch when vulnerabilities come out. Especially when software is integral to the routing (looking at you wireguard/openvpn).

Keep in mind those edgerouters look like they have dual core embedded MIPS CPUs.

My dell power edge is a full blown rack-mount server that could run a small plex instance. You could stick a 1060 in this thing and get Witcher 3 to play at a reasonable framerate.

That's what makes up for the lack of dedicated asics.

As for the four NICs they are as follows:
* 1gb - wan (to modem)
* 1gb - config (to config vlan on switch)
* 10gbps - main lan trunk to LAN switch
* 10gbps - trunk line to public server VM host (DMZ'd from rest of lan, each VM has its own vlan/subnet/firewall ruleset)

They don't act as a switch because it handles packets, not frames, allowing/dropping/denying them based on rules set in software.

Also it will be 19.99 a month from your ISP.

I expect a tiering system. Free tier allows a maximum of five connected devices and integrates ads, gold tier removes the ads, platinum tier upgrades to 10 connected devices, diamond tier gives you 5G and unlimited connections.