Questions about my ideal setup

mer

@jknott
That's a good point about the ISP. Most residential broadband plans seem to max out a 1G (symmetric if you're on fiber) so a lot of modern network stuff (PCs, phones, switches, etc) are likely 1G ethernet, so you can send 1G around your house all you want, but then bottle neck at the ISP. Having internal higher speed than ISP means downloads get onto your devices faster "Hurry up and wait on the ISP".

JKnott

@mer

Prior to getting that Qotom computer, I had been using an old HP compact desktop computer. After it died, I was using an old D-Link router and could only get about 35 Mb down. With the HP I was getting around 550 down, so was quite surprised to see what I was getting with the new computer. So yes, hardware performance is important now. That's one of the reasons I didn't go with Netgate, as I got the impression some models weren't capable of what my ISP was providing.

AndyRH

I like having POE, I use it to run the Pis, APs, and cameras. I found an Aruba 2500 switch (well out of support) for $120 on eBay with 48 POE ports and 4 SFP+ ports.
The country is semi-important because some HW is less available is some places.
I use Unifi APs, many here do. There are other good choices.

You may find many in this forum are a bit extreme even for the home setup. In those cases a 2100 may not be very future proof, a 6100 might be a better starting point.
I use PiHoles and VLANs to block unwanted content and restrict access.

It sounds like you are going to start "simple" and work your way up.

Have fun.

JKnott

@andyrh said in Questions about my ideal setup:

I like having POE

Me too. My AP is powered with PoE, which means I can mount it in the best location, without having AC power handy. It's mounted near the ceiling in my laundry room, where I don't have any spare AC outlets.

JT40

@mer Ahaha, that's really too expensive.
People buy X86 hardware to spare money, but I'm not sure if it performs well, I may end up paying even more, plus electricity...
For what I see, the performance declared are enough for home usage, even though I do a lot with many devices.
Unfortunately I don't have an easy way to estimate how well it will perform...
I can say that I'm not planning to have this device for 20y, maybe 7 if it survives, 7 years won't change much in my network usage I guess...

JT40

@jknott said in Questions about my ideal setup:

@jt40

I didn't buy Netgate, I got a Qotom mini PC, as described in my sig. It has lots of performance and I leave the switch ports to a proper switch. Here's a speedtest result, which I got on my 500/20 connection. My ISP has always been generous with download bandwidth, at least as long as I've been checking.

Did you enable all the security features? On the paper, that traffic can be handled by the Netgate 2100

JT40

@andyrh said in Questions about my ideal setup:

I like having POE, I use it to run the Pis, APs, and cameras. I found an Aruba 2500 switch (well out of support) for $120 on eBay with 48 POE ports and 4 SFP+ ports.
The country is semi-important because some HW is less available is some places.
I use Unifi APs, many here do. There are other good choices.

You may find many in this forum are a bit extreme even for the home setup. In those cases a 2100 may not be very future proof, a 6100 might be a better starting point.
I use PiHoles and VLANs to block unwanted content and restrict access.

It sounds like you are going to start "simple" and work your way up.

Have fun.

Mmm... https://shop.netgate.com/products/6100-base-pfsense --> 700 dollars.......................
Price aside, the performance is for powering an entire datacenter :D , it's really not for me...

JT40

@jknott said in Questions about my ideal setup:

@andyrh said in Questions about my ideal setup:

I like having POE

Me too. My AP is powered with PoE, which means I can mount it in the best location, without having AC power handy. It's mounted near the ceiling in my laundry room, where I don't have any spare AC outlets.

Awesome point, I never thought about it :D

AndyRH

My first pfSense system was a small Lenovo desktop running a gen 1 i3. I put a 4 port intel card in it and it was great, easily did 1Gbps. You might be able to find a low power desktop with 1 slot and that does not use too much power. Then weigh the cost vs the power and you might find it is years for the power cost to equal the difference in equipment cost. I happened to get the i3 for free. Ask friends if they have any old HW laying around.

stephenw10

Yeah, we need more details to be able to recommend hardware:

What is your WAN bandwidth? Will that be increasing?

You mention power consumption being an issue, do you have any sort of figure in mind?

Are you going to be running VPNs? What bandwidth do you need across them?

Steve

Sergei_Shablovsky

@jt40
Do You Apple-centered user, or just have a lot of different home devices from different brands?

You wrote about VMs, so how much servers You have and what You need for them? (bandwidth, speed, latency, etc...)?

Sergei_Shablovsky

@andyrh said in Questions about my ideal setup:

My first pfSense system was a small Lenovo desktop running a gen 1 i3. I put a 4 port intel card in it and it was great, easily did 1Gbps. You might be able to find a low power desktop with 1 slot and that does not use too much power. Then weigh the cost vs the power and you might find it is years for the power cost to equal the difference in equipment cost. I happened to get the i3 for free. Ask friends if they have any old HW laying around.

May be best solution to start with ;)

Just pay ~$50-60 for desktop+4-port card+monitor, install pfSense and start to play with it. After 2-3 month You would be close to what You need exactly.
And also may be You find solution to kick off ISP modem (if PPTP for authorizing You as legal ISP user are only one that this modem making actually, not to forgot change MAC on WAN) ;)

Very reasonable price (2-5 cups of Starbucks coffee) for 2-3 month of education, isn’t?

JKnott

@jt40 said in Questions about my ideal setup:

People buy X86 hardware to spare money, but I'm not sure if it performs well, I may end up paying even more, plus electricity.

That Qotom I bought wasn't exactly cheap, but has plenty of performance. I tried measuring the power requirements, using my UPS, and it wasn't very much. I haven't tried measuring with a proper watt meter though.

JKnott

@jt40 said in Questions about my ideal setup:

Did you enable all the security features? On the paper, that traffic can be handled by the Netgate 2100

What security features are available on Netgate gear that's not on pfsense running on generic computers? How much is the 2100? Netgate gear that was comparable price to my Qotom was definitely on the inadequate side.

JKnott

@jt40 said in Questions about my ideal setup:

Awesome point, I never thought about it :D

Having installed LAN cabling in many offices and other locations, including for APs and cameras, that's something I don't forget. In fact, that's one thing I check before buying my APs. No PoE, no sale.

JKnott

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Sergei_Shablovsky

@jknott said in Questions about my ideal setup:

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Topic starter wrote I need to spent tons of money for this setup, but I know how mileage may be differ...

JT40

@sergei_shablovsky Thanks to you and @AndyRH
I don't have such spare hardware for now, I should buy it.
The market of used goods is more expensive nowadays, but also previously, I don't think that you could get such a good hardware for that sum, maybe an i3 of 2010? Quite old ah? :D
For learning purpose is a great idea, but I like to leverage my incompetence and play with the fire :D

JT40

@stephenw10 said in Questions about my ideal setup:

Yeah, we need more details to be able to recommend hardware:

What is your WAN bandwidth? Will that be increasing?

You mention power consumption being an issue, do you have any sort of figure in mind?

Are you going to be running VPNs? What bandwidth do you need across them?

Steve

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.
When am I gonna NEED this bandwidht? Well, almost never, so it's not my concern. I'm ok with 200 Mbit for the next 10y, shall we bet on it? :D
I'm already fine with 60 Mbit...

Power consuption seems high if it's beyond 15W/h...
But to be honest, if I get a great level of protection, I'm willing to reach 30 W/h without crying.
It assumes that during the night and low demands, the consumption will be much less than 30 W/h.

VPN should be fine, I don't have much demands from it. Definetly not more than 20 Mbit...

JT40

@jknott said in Questions about my ideal setup:

How much is the 2100?

Sorry I didn't get you.

My question was posed to understand how did you make your benchmark, did you enable any plugin?
Did you test the L2 switching bandwidht? Or WAN bandwidht?
Absurd number of ACLs etc? Something else I should be aware of? I just need to get an idea of what that HW is capable of, but I need to know your details to compare.