Newbie home router build - need suggestions

KM

Hello everyone,

I've been pouring over the forums here for a little while now trying to figure out my options for a home router build. After reading a lot of good posts I think I have settled on a general idea for a build. First, I guess it would help if I outlined my requirements and plans for the build. I have a 30/30 fiber connection and am currently using a TP-LINK WR1043ND with dd-wrt for a router and wi-fi. I love dd-wrt but I want a project to work on during my off hours. The first part of the project will be to build a working router / firewall and to do some performance testing, and then to add services such as snort and VPN at some later point. I want to be able to test services and have some fun essentially. I think that an atom board will handle my 30/30 connection, but I want room for expansion down the road so I am thinking that a SB build will be best suited for my needs. Power is a concern, but after reading over the forums here I'm fairly certain I can get a good low power solution without going to an atom. If I'm off the mark here please let me know. Cost will also be an issue, so this project can't break the bank. This router will service two desktops, 1 home server, a laptop, and possibly a home media center at some point. Only the laptop will be wireless (maybe the media center, but that is down the road), everything else will be wired. I would like the router to have as many rj45 ports as possible to leave me options to play around with (3 or 4?). I would also like 1Gbps on all wired connections. I am planning to use the dd-wrt box as an ap.

I need some suggestions regarding motherboard form factor and NIC's. After looking over the offerings at newegg I was a bit disappointed with the expansion slots that MiniITX boards offer for NIC's. MicroATX is better in this regard, although I was wondering if there are any disadvantages to running Dual port NIC's on PCI slots. I'm thinking about an Intel chipset for the NIC because people seem to have good luck with them here, however dual port Intel cards seem to be prohibitively expensive ($150?).

Component list:

• Intel G530 http://www.newegg.com/Product/Product.aspx?Item=N82E16819116409
  Can this CPU be clocked down for lower power consumption? Does anyone have some links about this?
• Cheap 1155 MB: http://www.newegg.com/Product/Product.aspx?Item=N82E16813138339
  I was thinking a cheap MB with only one on-board NIC because boards with two NIC's seem to be two or three times the price. If I have extra PCI slots on a MicroATX board I can just add extra ports that way. Should I look for a board with more PCI or PCI-e slots? Is there a better solution I'm missing?
• 4GB DDR3 1333 ram.
  Doesn't really matter what kind with the price of ram being so low. Is there anything I should avoid here?
• HDD will probably be a used 2.5" laptop drive. I'm sure I can find something cheap here.
• Case and PSU I'll figure out after I have the rest of the components selected. I suspect it might take a while to find a nice small case that I actually like.
  That leaves the NIC's… Does anyone know where I can find a good place to get dual port NICs for a decent price? Should I look for PCI or PCI-e? I've seen some people use dual port PCI server cards. Are these a good option and are there specific models that I should be on the lookout for? I'm assuming that the NIC's will be a primary deciding factor in MB selection, so this is where I'm focusing my efforts.

Thanks for the help!

wallabybob

@KM:

I was wondering if there are any disadvantages to running Dual port NIC's on PCI slots.

Depends on the speed. Best case standard PCI can manage is a bit under 1Gbps so a single GigE NIC running at line rate one way is capable of saturating the bus.

See http://www.soekris.com for some "more affordable" multi-port PCI cards.

Since you are interested in experimenting I suggest you consider using a VLAN capable switch as a port multiplier for a GigE port. If you search the pfSense forums for "VLAN" and "port multiplier" you should turn up a few threads that discuss the idea.

KM

Thanks for the link. From what you say it might be better to get a motherboard with two or three pci-e expansion slots rather than pci? There are plenty of cheap MB options that have both types of slots. I have seen a few posts referring to a VLAN capable switches but wouldn't the total throughput of all wired connections be limited to 1gbps? This wouldn't really be a serious limitation in almost all cases, and if it significantly lowers the cost of the build I may do it, I'm just wondering.

KM

Would the setup look something like this then? (sorry for the crude diagrams)

1Gbps      1Gbps                    |Wired desktop - 1Gbps
WAN in –|pfsense|--|managed switch|Wired desktop - 1Gbps
30/30                                            |Wired server  - 1Gbps
                                                    |AP                - 300Mbps

Does this seem like a reasonable layout?
My concern is that at some point I might want to use a VPN service for remote users to access the file server and run into a bottleneck because all the devices use the same NIC.

Would something like this work better given those considerations?

1Gbps        1Gbps
WAN in -- |pfsense| -- | Wired server - 1Gbps
30/30                  | -- | Managed switch | Wired desktop - 1Gbps
                          1Gbps                      | Wired desktop - 1Gbps
                                                        | AP                - 300Mbps

Thanks

wallabybob

@KM:

Would the setup look something like this then? (sorry for the crude diagrams)

1Gbps       1Gbps                     |Wired desktop - 1Gbps
WAN in –|pfsense|--|managed switch|Wired desktop - 1Gbps
30/30                                            |Wired server   - 1Gbps
                                                    |AP                - 300Mbps

Does this seem like a reasonable layout?

Yes.

@KM:

My concern is that at some point I might want to use a VPN service for remote users to access the file server and run into a bottleneck because all the devices use the same NIC.

Using VLANs the available physical bandwidth is dynamically shared amongst the VLANs. Since the WAN bandwidth is such a small fraction of the bandwidth available on a 1Gbps NIC you could easily have all your interfaces VLANs on the one physical NIC.

@KM:

Would something like this work better given those considerations?

1Gbps         1Gbps
WAN in – |pfsense| -- | Wired server - 1Gbps
30/30                  | -- | Managed switch | Wired desktop - 1Gbps
                          1Gbps                       | Wired desktop - 1Gbps
                                                         | AP                 - 300Mbps

Not unless there is something you haven't mentioned. If you need to exchange significant data between the desktops and servers and there is no need for a firewall between them then your earlier configuration would be preferred because the servers and desktops can communicate directly through the switch. If your server is to be generally available to the internet you probably want (for security reasons) to have the firewall between your desktops and the server..

Depending on the bandwdth requirements locally, you could have 1 Gigabit NIC with 3 VLANs:  WAN, Server and Desktops/AP.

If you are looking for a fanless mini-ITX board the Intel D2500CC might be of particular interest because it has 2 Intel GigE NICs on the motherboard.

KM

Eventually I would like the server to host webpages and other services that would be accessible through the internet so I think a logical separation of the server from the rest of the network would be a good idea. Single port NIC's are fairly affordable so if I went with a motherboard that had a couple of expansion slots I should easily be able to accommodate these requirements. In this case the second configuration would be the way to go then?
I checked out the switch you linked in another post and it seems to be a good solution for this setup. Is there anything I should be looking for, or anything I should avoid in a switch?

Thanks

wallabybob

@KM:

Is there anything I should be looking for, or anything I should avoid in a switch?

I would check the specs to ensure it has enough bandwidth to run all the physical ports at line rate, that it supports "enough" VLANs and I would look for a fanless switch. (I have an old 10/100 switch which has the mildly unpleasant habit of emitting grinding noises to remind me that one or more of the fans is terminally ill.)

KM

Great! I really appreciate the help sorting all this out. I'm looking for a managed switch, correct? I'll surf around the forum here because I'm pretty sure there are some suggestions already floating around.

wallabybob

@KM:

I'm looking for a managed switch, correct?

I'm not sure that all managed switches have VLAN capability. I expect all switches with VLAN capability will be described as "managed switches".

KM

Would this be a good choice for my needs?
http://www.newegg.ca/Product/Product.aspx?Item=N82E16833122381CVF

I don't really need 8 ports (5 would do nicely), but I'm sure I'll find some use for them.

biggsy

I have a couple of those switches and they are pretty good for the price.

The only issue with them is that they have a crappy NTP client that, because it just requests every 64 seconds, will force any strict NTP server to give it the "Kiss of Death".   The NTP server in pfSense doesn't complain though.  I take that back  :(

KM

Is this a big problem? Any other switch suggestions around or below this price point? It can be less than 8 ports.

KM

Will this NIC work? Seems like a good deal.
http://www.ebay.ca/itm/Dell-X3959-Intel-PRO-1000-Dual-Port-Gigabit-Ethernet-PCI-Express-Network-Card-/230781877556?pt=LH_DefaultDomain_0&hash=item35bbabfd34

Thanks for the help!

biggsy

Is this a big problem?

Not a problem at all if you can live with a few seconds drift in the local clock each day.  Only relevant if you are logging and need accurate timestamps from the switch.

KM

Anyone know if the above NIC will work for my application? These NIC's look like a good deal and with the PCI-e interface I shouldn't have any problems with overloading, right?

taryezveb

@KM:

Will this NIC work? Seems like a good deal.
http://www.ebay.ca/itm/Dell-X3959-Intel-PRO-1000-Dual-Port-Gigabit-Ethernet-PCI-Express-Network-Card-/230781877556?pt=LH_DefaultDomain_0&hash=item35bbabfd34

@KM:

Anyone know if the above NIC will work for my application? These NIC's look like a good deal and with the PCI-e interface I shouldn't have any problems with overloading, right?

Yes, that Intel NIC should work just fine.

I bought a similar NIC from ebay and has worked great:
http://www.ebay.com/itm/ws/eBayISAPI.dll?ViewItem&_trksid=p4340.l2557&rt=nc&nma=true&item=350513539530&si=pUKS45vXwy9SShprAaeU5dhVZq8%253D&viewitem=&sspagename=ADME%3AL%3AOC%3AUS%3A1123&orig_cvip=true&rt=nc

KM

Great, thank you for the verification. I have ordered one of these cards. I read somewhere that these cards need at least pci-e x4, meaning that I wouldn't be able to run it off of a standard pci-e x1 slot. Is this correct? If this is the case I don't really consider it a draw back I'm just wondering because it affects my motherboard selection.

Thanks

taryezveb

According to Intel:

Compatible with x4, x8, and x16 full-height and low-profile PCI Express* slots

http://www.intel.com/content/www/us/en/network-adapters/gigabit-network-adapters/pro-1000-pt-dp.html

I use mine in a x16 PCI Express slot.