Questions about my ideal setup

JT40

@jknott said in Questions about my ideal setup:

@andyrh said in Questions about my ideal setup:

I like having POE

Me too. My AP is powered with PoE, which means I can mount it in the best location, without having AC power handy. It's mounted near the ceiling in my laundry room, where I don't have any spare AC outlets.

Awesome point, I never thought about it :D

AndyRH

My first pfSense system was a small Lenovo desktop running a gen 1 i3. I put a 4 port intel card in it and it was great, easily did 1Gbps. You might be able to find a low power desktop with 1 slot and that does not use too much power. Then weigh the cost vs the power and you might find it is years for the power cost to equal the difference in equipment cost. I happened to get the i3 for free. Ask friends if they have any old HW laying around.

stephenw10

Yeah, we need more details to be able to recommend hardware:

What is your WAN bandwidth? Will that be increasing?

You mention power consumption being an issue, do you have any sort of figure in mind?

Are you going to be running VPNs? What bandwidth do you need across them?

Steve

Sergei_Shablovsky

@jt40
Do You Apple-centered user, or just have a lot of different home devices from different brands?

You wrote about VMs, so how much servers You have and what You need for them? (bandwidth, speed, latency, etc...)?

Sergei_Shablovsky

@andyrh said in Questions about my ideal setup:

My first pfSense system was a small Lenovo desktop running a gen 1 i3. I put a 4 port intel card in it and it was great, easily did 1Gbps. You might be able to find a low power desktop with 1 slot and that does not use too much power. Then weigh the cost vs the power and you might find it is years for the power cost to equal the difference in equipment cost. I happened to get the i3 for free. Ask friends if they have any old HW laying around.

May be best solution to start with ;)

Just pay ~$50-60 for desktop+4-port card+monitor, install pfSense and start to play with it. After 2-3 month You would be close to what You need exactly.
And also may be You find solution to kick off ISP modem (if PPTP for authorizing You as legal ISP user are only one that this modem making actually, not to forgot change MAC on WAN) ;)

Very reasonable price (2-5 cups of Starbucks coffee) for 2-3 month of education, isn’t?

JKnott

@jt40 said in Questions about my ideal setup:

People buy X86 hardware to spare money, but I'm not sure if it performs well, I may end up paying even more, plus electricity.

That Qotom I bought wasn't exactly cheap, but has plenty of performance. I tried measuring the power requirements, using my UPS, and it wasn't very much. I haven't tried measuring with a proper watt meter though.

JKnott

@jt40 said in Questions about my ideal setup:

Did you enable all the security features? On the paper, that traffic can be handled by the Netgate 2100

What security features are available on Netgate gear that's not on pfsense running on generic computers? How much is the 2100? Netgate gear that was comparable price to my Qotom was definitely on the inadequate side.

JKnott

@jt40 said in Questions about my ideal setup:

Awesome point, I never thought about it :D

Having installed LAN cabling in many offices and other locations, including for APs and cameras, that's something I don't forget. In fact, that's one thing I check before buying my APs. No PoE, no sale.

JKnott

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Sergei_Shablovsky

@jknott said in Questions about my ideal setup:

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Topic starter wrote I need to spent tons of money for this setup, but I know how mileage may be differ...

JT40

@sergei_shablovsky Thanks to you and @AndyRH
I don't have such spare hardware for now, I should buy it.
The market of used goods is more expensive nowadays, but also previously, I don't think that you could get such a good hardware for that sum, maybe an i3 of 2010? Quite old ah? :D
For learning purpose is a great idea, but I like to leverage my incompetence and play with the fire :D

JT40

@stephenw10 said in Questions about my ideal setup:

Yeah, we need more details to be able to recommend hardware:

What is your WAN bandwidth? Will that be increasing?

You mention power consumption being an issue, do you have any sort of figure in mind?

Are you going to be running VPNs? What bandwidth do you need across them?

Steve

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.
When am I gonna NEED this bandwidht? Well, almost never, so it's not my concern. I'm ok with 200 Mbit for the next 10y, shall we bet on it? :D
I'm already fine with 60 Mbit...

Power consuption seems high if it's beyond 15W/h...
But to be honest, if I get a great level of protection, I'm willing to reach 30 W/h without crying.
It assumes that during the night and low demands, the consumption will be much less than 30 W/h.

VPN should be fine, I don't have much demands from it. Definetly not more than 20 Mbit...

JT40

@jknott said in Questions about my ideal setup:

How much is the 2100?

Sorry I didn't get you.

My question was posed to understand how did you make your benchmark, did you enable any plugin?
Did you test the L2 switching bandwidht? Or WAN bandwidht?
Absurd number of ACLs etc? Something else I should be aware of? I just need to get an idea of what that HW is capable of, but I need to know your details to compare.

JT40

@sergei_shablovsky said in Questions about my ideal setup:

@jt40
Do You Apple-centered user, or just have a lot of different home devices from different brands?

You wrote about VMs, so how much servers You have and what You need for them? (bandwidth, speed, latency, etc...)?

Ahahah, naaaaaa, budget wise I KNEW that I needed to spend a lot of money, but I'm trying to avoid a loan :D .
It doesn't seem right to spent 1k on my network infra, my badass gaming videocard costed much less :D , just to give you an idea.
Obviously I recognize the importance from the security perspective.

I'll have 2-3 phones, printer (stand-by 364/365), 2 VMs in the same time (+ some container in the future) + the host, 2 laptops, maybe IPTV if I succeed with the firewall setup, all in the same time.
This could be the common situation, but it doesn't mean that these devices will ask 1Gbit bandwidht in WAN at the same time, most probably they will be in idle most of the time from the network point of view.
As mentioned previously, at the moment I'm just fine with 60 Mbit... I don't expect that amount to grow 10X in the next 5-7y...
I don't even expect to have faultless hardware for 20y, as well as lifeterm software support :D
Making a longer plan than 7y doesn't seem right, unless I missed something.

stephenw10

@jt40 said in Questions about my ideal setup:

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.

If that's the case you will need something more powerful than the 2100 to fully use a 1G link.

Steve

JT40

@stephenw10 said in Questions about my ideal setup:

@jt40 said in Questions about my ideal setup:

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.

If that's the case you will need something more powerful than the 2100 to fully use a 1G link.

Steve

I was just mentioning my network capability in 1y distance probably, but real world scenario won't overtake the need of 60 Mbit anyway...

For what I see on the official page, it's more than capable of 1Gbit (in download at least), did I miss something?

stephenw10

It can route at >1Gbps (L3 forwarding) but it can't firewall/NAT at that rate.

At 60Mbps it would of course have no problem!

Sergei_Shablovsky

@stephenw10 said in Questions about my ideal setup:

It can route at >1Gbps (L3 forwarding) but it can't firewall/NAT at that rate.

At 60Mbps it would of course have no problem!

Anyway after reading all posts I more than sure that fanless top-box with Intel / ARM 64bit CPU and 16Gb RAM would be great for start, or just buy one from Netgate (for example Netgate 2100 Max) for USD$345+shipping.

You need something to start with.
Only after a You start to play, you understand what You exactly need.

JKnott

@sergei_shablovsky

That Qotom mini PC I bought (see sig) should do the trick. I've already downloaded over 900 Mb with it.

Waqar.UK

@jknott

True.
I have the Qotom, so far so good: i5, 8GB RAM and 120GB SSD.
On Virgin media I get on my official 200-20 connection: sometimes 230-22 via Ethernet.
AP: Asus RTAX 88U. Across my semi detached house I get 220-21.
Running Suricata as an add on and CPU barely touches 1%.

Community fibre are offering me 3Giga-bit for £99. But all my hardware is "only" 1 Gig-bit.

If anyone wants a good value machine that will handle everything up to 1 gig-bit, then Qotom is the way to go. Small and power efficient. Yes I use active cooling and even during rare hot summers in London its CPU rarely goes above 45 Celsius.