What is the PPPoE protocol? PPPoE (Point-to-Point Protocol over Ethernet) is a standard designed to authenticate users on Ethernet networks, born in the years of the first ADSL but still used today on many fiber connections (FTTC/FTTH). Like all protocols, PPPoE also has its advantages and disadvantages that we can briefly summarize as follows: the pros are Integrated authentication (username/password) and easy management for ISPs, on the other hand, PPPoE is subject to overhead, that is, it adds about 8 bytes to packets, involves a high CPU load on routers and firewalls and has limitations at Gigabit speeds or higher. When using PPPoE it is also important to know that the MTU (Maximum Transmission Unit) parameter can influence the speed and efficiency of the Internet connection, on classic Ethernet the standard MTU is 1500 bytes, but with PPPoE it must be reduced, typically to 1492 bytes (1500 - 8). If the MTU is not set correctly, packets may be fragmented or dropped, causing retransmissions, increased latency, and even slower download/upload speeds. An MTU that is too large can cause communication problems (packets not arriving or time-outs), while an MTU that is too small wastes bandwidth by increasing the overhead. That said, if you are using PPPoE and you adjust the MTU (or your router doesn't do it automatically), you may experience a slower or more unstable connection. Setting the MTU correctly (usually 1492 or slightly less) can improve both stability and performance. Now let's explain why PPPoE limits the speed to 1 Gbps, as just explained, each PPPoE packet includes about 8 bytes of extra overhead, thus slightly reducing the effective bandwidth, however this is not the actual bottleneck, but it does contribute. Unlike IPoE, PPPoE requires the router to handle the encapsulation and de-encapsulation of the packets, which increases the CPU workload. If the router is not powerful enough, you risk not reaching Gigabit. Many consumer routers (even if they declare Gigabit ports) are not optimized to handle PPPoE at full speed because they are equipped with CPUs that are not powerful enough. Even if equipped with Gigabit ports, many devices, especially those designed years ago, cannot handle high-performance PPPoE flows. It is often thought that professional devices, even if dated, can guarantee excellent performance on modern FTTH lines. In reality, this is not the case, here are some practical examples:

  • Zyxel ZyWALL USG 200
    - Era: Introduced around 2008–2009.
    - Performance: Declared firewall throughput around 200 Mbps.
    - Limitations: Hardware not designed for lines above 100 Mbps.
    - PPPoE extremely taxing on slow single-core CPUs.
    - No modern hardware acceleration for pure Internet traffic.

  • Check Point 730 Appliance
    - Era: Introduced around 2015.
    - Performance: Firewall maximum declared throughput around 900 Mbps.
    - VPN throughput much lower (~200 Mbps).
    - Limitations: Under pure PPPoE, real throughput rarely exceeds 400–600 Mbps.
    - Highly dependent on active firewall configurations (inspection, IPS, antivirus).
    - Designed more for security than maximum throughput.

It is evident that professional but "obsolete" firewall/gateway devices were designed primarily to provide advanced security (IPS, VPN, antivirus) and manage much slower Internet lines.

Even high-end devices cannot saturate a modern 1 Gbps line, especially under PPPoE sessions.

Modern Requirements for 1 Gbps PPPoE

Recommended Features

  • Multicore CPU (at least 1 GHz).
  • PPPoE hardware offloading.
  • Gigabit WAN/LAN ports.

Recommended Devices

  • Ubiquiti EdgeRouter 4
  • MikroTik RB5009UG+S+
  • Asus RT-AX88U

Additional Recommendations

  • Enable hardware support for PPPoE where available to reduce CPU load.
  • Switch to IPoE if available for better efficiency and speed (no overhead).
  • Put the operator's modem in bridge mode and use a high-quality router to manage the connection directly.

Router/Firewall Capable of 1 Gbps PPPoE

Business Devices

  • Zyxel USG Flex 100
    - Up to 900 Mbps in pure NAT, great for small locations.
    - Supports PPPoE without problems, VPN, centralized management.
    - Optional UTM (antivirus, IDS/IPS if needed).

  • Zyxel USG Flex 200
    - More powerful than the Flex 100.
    - Easily handles 1 Gbps NAT/PPPoE.
    - Ideal for future growth or multiple connected locations.

Other Powerful Devices

  • MikroTik RB5009UG+S+IN
    - Small, very powerful, relatively cheap.
    - 1 Gbps without problems, even PPPoE is super optimized.
    - More technical to configure (RouterOS).

  • Ubiquiti EdgeRouter 4
    - Up to 3-4 Gbps NAT/PPPoE.
    - Super stable.
    - Good cost/performance compromise.
    - Fairly friendly interface.

  • Fortinet FortiGate 40F
    - Advanced security ready (UTM, next-gen firewall).
    - 1 Gbps NAT without problems, even with partial DPI.

Simpler Consumer-Grade Devices

  • AVM FRITZ!Box 5530 Fiber or 7590 AX
    - Support PPPoE and real 1 Gbps on FTTH or FTTC.
    - Include top-of-the-range WiFi.
    - More routers than firewalls: be careful if you need security features.

Alternative: Industrial Mini PCs with OpenWrt

To manage 1 Gbps in PPPoE with lower costs and greater scalability, you can opt for an industrial mini PC equipped with a distribution like pfSense-CE 2.7, OPNsense 23.x, pfSense Plus, or OpenWrt.

Advantages

  • High performance (powerful CPU, abundant RAM).
  • Graphical interface (LuCI for OpenWrt, very intuitive).
  • Total flexibility (firewall, PPPoE, VPN, advanced NAT... all customizable).
  • Optional WiFi (depending on the mini PC model).

Technical Characteristics

  • Intel i211/i210 Ethernet ports (important for full compatibility and network performance).
  • Support for OpenWrt x86-64 (almost all modern industrial mini PCs are fine).
  • Sufficient SSD or eMMC (8–16 GB enough for OpenWrt).

Practical Examples of Mini PCs

  • Protectli Vault FW4B (4x Intel NIC): designed for firewall/router use.
  • Qotom Q355G4 / Q575G6: widely used in OpenWrt and pfSense projects.
  • Topton N5105 / N100 fanless firewall appliance: modern and very efficient.

Technical Specifications Example

  • Intel Celeron J4125, J6412, N5105, or N100 CPU ➔ excellent consumption/performance balance.
  • 4 LAN ports ➔ perfect for WAN+LAN+DMZ+Guest network segmentation.

Mini PC Example Configuration

  • Intel N5105 CPU
  • 8GB RAM
  • 128GB SSD
  • 4x LAN Intel i225-V 2.5G
  • Fanless design

With OpenWrt x86-64 installed, you can achieve over 1 Gbps in PPPoE + NAT firewall without any problems, fully manageable from a browser via LuCI.

Quick Comparison: Mini PC vs Zyxel/EdgeRouter

FeaturesOpenWrt Mini PCZyxel Flex/EdgeRouter
CostMedium (€200-350)Medium-high (€250-500)
PerformanceVery high (x86)Good (ARM/MIPS)
Graphical InterfaceSimple LuCISimple WebGUI
ExpandabilityMaximum (OpenWrt packages)Limited

Mini PCs Available Online

  • Topton N5105 Mini PC Firewall
    - CPU: Intel Celeron N5105 (4 cores, 4 threads)
    - RAM: 8GB DDR4
    - Storage: 128GB SSD
    - LAN ports: 4x Intel i225-V 2.5Gbps
    - Fanless design
    - Supports OpenWrt x86-64
    - Price: Around $200–250

  • KingNovy N5105 Mini PC with 4 LAN ports
    - CPU: Intel Celeron N5105
    - RAM: 8GB DDR4
    - Storage: 128GB SSD
    - LAN ports: 4x Intel i225-V 2.5Gbps
    - Aluminum construction
    - Compatible with OpenWrt, pfSense, OPNsense
    - Price: Around $220–260

  • HUNSN RJ09 Mini PC with N5105 CPU
    - CPU: Intel Celeron N5105
    - RAM: 8GB DDR4
    - Storage: 128GB SSD
    - LAN ports: 4x Intel i225-V 2.5Gbps
    - Compact and fanless design
    - Supports OpenWrt x86-64
    - Price: Around €210–240

All the above models use Intel i225-V LAN ports, well supported by OpenWrt.
Ensure you use the OpenWrt Combined EFI image for compatibility with the mini PC's UEFI BIOS.
These devices easily handle throughputs over 1Gbps for PPPoE, NAT, and firewalls, ideal for FTTH connections.