The minisforum I got with 32 GB of RAM is easily capable of 10M NAT entries. $500, nothing more. I’ve never went above 4 million myself, as my ports would be the limiting factor with 1 IP, but it ran without issues and not even close to capping any of the hardware.
Entries itself don’t necessarily take a lot of resources, it’s how the OS is capable of handling those amount of tables. OPNsense (and pfsense) are capable of those kind of tables without much issues.
I have a Ryzen laptop (4 cores-8 threads) 2.4GHz, 8GB RAM. I do have extra USB 1Gbps ethernet adaptor. Should I setup OPNsense on it? What’s your opinion? I just need to run 1339 Nodes.
Should be enough, not sure about the reliability of the USB to ethernet adapter.
Out of 150Mbps connection I have, just to get above 100Mbps speed, I have to run only 684 nodes. That’s all the router can handle.
A router behind CGNAT using “home network” parameter has same NAT entries effect as port forwarding?
Nodes running with port forwarding have 30-40 “connected peers” for each node.
On second PC nodes running with “home network”, no uPnP/Port forwarding have 2-3 max connected peers per node. Is this normal? Does it affect my earnings?
Why allow port forwarding and clog the router and make it laggy?
I can just use “home network” and have less connections and my router still be responsive.
I would like to hear an opinion on this.
I believe in the future (PR still-in-works), nodes that do require relay support, will get less tokens relatively for providing their service(s), compared to nodes that act as relayers (nodes which support nodes that are using --home-network or --relay flag).
Overall, the network benefits from having much higher ratios off relayer nodes (nodes whose ports are publicly accessible and non symmetric nat etc), vs. nodes that require relay support.
This is on top of the incentive structure to maintain the latest antnode versions and keep up with those builds by node operators.
Thank you for the info. Also, currently both kind of setups get equal incentives?
Not sure if its in place now or to come in a near future update.
The node providing the relay service will get a %age (50% I think) and the node using the relay service will get the rest.
Using relays causes extra load on other nodes that provide the relay service. And since it is desirable to have as few nodes as possible using relay services then the payment is split between the two nodes as both are doing work for the chunk upload or the emission quote
I think the discussion internally was setting the stage for 75/25% distribution between the relayer vs non-relayer nodes, highly incentivizing folks to be a relayer.
I couldn’t find any open PRs against this enhancement request but I have a feeling the team will circle back on this topic in due time.
The current network has low amount non-relayers at the moment but that doesn’t mean it will stay that way, though it adds a lot more connections to the average node (number of connections exceeding the # of peers in RT).
Plus, my personal opinion is the reward structure should not be the same for relayer vs non relayer. For folks that simply either choose to not find a solution (technical or financial or limited by ISP etc) to make ports publicly accessible (for whatever reason), they should not be getting the incentives at same rate for node operators that are doing the beefier task of supporting other nodes. I know it may sound unfair but I think overall goal should be a healthier network with higher percentage of relayers (significantly), if the network is support those who for whatever reason cannot be a public port accessible node or choose not to make their setup publicly accessible. Otherwise, it goes down the path off not having relay support at all, which will exclude certain node operators entirely (without them taking further action on their own end to make their node publicly accessible).
Dropping a note here, I had some VMs using virtio adapters, that I had forgotten about for non antnode projects. I tried doing a speed test on them and they were not hitting my maximum bandwidth.
After some debugging, it turns out the virtio network threads were running on 1 core due to the virtualization taking place, by changing the multiqueue setting to match the # of cores given to the VM, the speed tests finally made full use off the bandwidth 
.
Idle Latency: 1.94 ms (jitter: 0.09ms, low: 1.86ms, high: 2.08ms)
Download: 5175.48 Mbps (data used: 6.0 GB)
6.61 ms (jitter: 0.33ms, low: 1.85ms, high: 12.05ms)
Upload: 5129.92 Mbps (data used: 2.6 GB)
5.09 ms (jitter: 0.58ms, low: 2.05ms, high: 7.30ms)
Packet Loss: 0.0
The above may help others that are running full fledged VMs, though for my antnodes, I am running on LXCs.
If I have to build my custom router for 50K nodes, What would be the specification do I need to setup OPNsense?
Current router is crap and I have a LOT of HDDs from Chia.
How do I know if my formacio setup is no/relaying?
I think this is what to look for in the logs:-
relay peers
in a line like this:-
[2025-06-01T23:21:31.559351Z INFO ant_networking::event 57] kBucketTable has 22 kbuckets 373 peers (1 relay peers), [(0, 2, 234), (1, 2, 235), (2, 3, 236), (3, 11, 237), (4, 15, 238), (5, 20, 239), (6, 20, 240), (7, 20, 241), (8, 20, 242), (9, 20, 243), (10, 20, 244), (11, 20, 245), (12, 20, 246), (13, 20, 247), (14, 20, 248), (15, 20, 249), (16, 20, 250), (17, 20, 251), (18, 20, 252), (19, 20, 253), (20, 20, 254), (21, 20, 255)], estimated network size: 4456448
How many nodes can this kind of specs can handle?
ok found a similar line in one of my logs:
[2025-06-04T15:17:34.433820Z INFO ant_networking::event 57] kBucketTable has 21 kbuckets 361 peers (1 relay peers), [(0, 3, 234), (1, 4, 236), (2, 11, 237), (3, 14, 238), (4, 9, 239), (5, 20, 240), (6, 20, 241), (7, 20, 242), (8, 20, 243), (9, 20, 244), (10, 20, 245), (11, 20, 246), (12, 20, 247), (13, 20, 248), (14, 20, 249), (15, 20, 250), (16, 20, 251), (17, 20, 252), (18, 20, 253), (19, 20, 254), (20, 20, 255)], estimated network size: 2752512
so what’s the verdict, contributor or leech?
I think that is saying it is acting as a relay. Because I started my nodes with this:-
antctl add --metrics-port 13001-13050 --no-upnp --node-port 12001-12050 --count 50 --rewards-address <redacted> evm-arbitrum-one
so it certainly should be acting as a relay.
Another thing that makes me think (1 relay peers) is saying it is being a relay for 1 peer is that I checked the log from when the node was started and for a good long time it was saying (0 relay peers) while it was clearly connected to other nodes and I know it takes a while for a node to start acting as a relay.
I think you will find that is saying that the kbuckettable has 21 kbuckets in it
the 21 kbuckets have 361 peers recorded
and one of those peers is a relay peer.
Doubt it has anything to do with the node’s status that the log is from.
That is a report on the kbuckettable
Maybe, but could just be saying one of the peers is relying on a relay peer, in other words there is extra time required when sending a message to that peer since it goes through another peer to get to it. Or that that peer is acting as the relay provider
I have setup OPNsense and its working perfectly fine, done port forwarding too. But after few minutes the peers count reduced a lot! like 10000 to 2500 for 200+ nodes. On dashboard I see “Default deny/State violation rule” pie chart is full!
Anyone using Opnsense, any guide to fix this issue?
@Mightyfool
Can you help me fix the issue?