Thoughts on this build and use case?

RazorUK

Hi all,

New here, but an IT guy that has a home network that is starting to become too complex to run with an off the shelf consumer router even with 3rd party firmware.
I currently have 100/10 for my WAN, but Gigabit is now an option, so I want to build with that in mind.
I currently have 40+ devices on my network that I'm looking to refine a bit and split traffic where it is appropriate for me.
I want to split my network up as I move forward into some definite segments with different needs: Wifi guests, Wifi -Home users, Wired – Streaming, Gaming (Xbox Live, PS Network, Steam etc)
I also plan on general web browser and mail traffic to go through OpenVPN for privacy concerns but I really don’t want that hindering the ability to stream Netflix etc.
I also want to shape the Traffic so my use gets preference over everyone else’s in the house! Hehe! Mostly I want flawless streaming when my kid is gaming.

I've been researching through these forums, facebook groups and reddit for a few weeks before registering, and here's what I have come up with as a starting point. I’m totally flexible on changing it up if there is some advise to do so:

ASRock - H270M-ITX/ac Mini ITX LGA1151 Motherboard

My thought here is it has two onboard Intel NICs, and several posts in here about successful implementation. Wifi will be disabled here as I’ll use my existing router(s) as  WIFI AP’s (1 in the Garage, 1 in the Basement and 1 on the main floor of the house).

Intel - Core i3-7100 3.9GHz Dual-Core Processor– 3.9 Dual core.

Using stock heatsink and fan, this seems like plenty of power for what I need.

Crucial - 8GB (2 x 4GB) DDR4-2133 Memory

Do I need more/different ? Is it overkill? Not enough? I've seen 2gb listed, some are saying 4, but 8 is cheap nowadays so I opted for a little excess.

Kingston - SSDNow V300 Series 120GB 2.5" Solid State Drive  or A SSD I have on hand

I think I may have an 80GB SSD on hand. Either is probably more than I need, but no moving parts and I already have it. If I don’t have that I’ll buy a cheap SSD like above. No interest in using spinning disks.

Intel - E1G44HTBLK PCI-Express x4 10/100/1000 Mbps Network Adapter Adapter (I340-T4)

Will allow for different discrete network segments when I replace my current switches with managed ones.

+Fractal Design - Core 500 Mini ITX Desktop Case –It's cheap and has room for the network card!

PicoPSU-80 + 60W Adapter Power Kit – Low power footprint hopefully sufficient from previous posts.

Thoughts and/or alternative advice on this would be great.

I don't know for certain which of the resource-heavy processes I might need, but I’m thinking Snort, OpenVPN, Ad blocking are currently desires. I’m also a tinkerer, so I’m likely to try new stuff (in a ESXi test environment first) so some extra overhead is desirable. I'd rather have a system that can perform regardless of what I throw at it, even if I spend a little more and end up only using a small fraction of the CPU most of the time.

Outside of this, my whole network is connected by gigabit (Cat5e/6) and currently I have a 24 port unmanaged HP switch into my router and 3 other 8 port HP unmanaged switches at various locations around the home. Various Android and Apple devices connect via wifi, but that part is easy and I have that covered (outside of how I want to segment traffic).
I’m planning on upgrading my switches to managed switches as I start to put the network into place how I want it. I just want to make sure that my pfSense hardware will support my use case before I go ahead and start the purchases.
I’m also not adverse to going with the pfSense hardware if it makes more sense, I just like building things and it feels I’ll get more bang for my buck if I build myself.

A Former User

I built a similar system with this same motherboard:

CPU: Intel Core i3-7320 4.1GHz Dual-Core Processor
CPU Cooler: Noctua NH-L9i 33.8 CFM CPU Cooler
Motherboard: ASRock H270M-ITX/ac Mini ITX LGA1151 Motherboard
Memory: Corsair Vengeance LPX 8GB (2 x 4GB) DDR4-2400 Memory
Storage: Samsung 830 Series 128GB 2.5" Solid State Drive
Case: Mini-Box M350 Case w/ 150W PicoPSU
pfSense 2.4 beta

I posted some VPN stats and power usage info here: https://forum.pfsense.org/index.php?topic=129393.msg716120#msg716120

This was my first system with an ASRock board, and I love it so far.  The only issue with pfSense is that it won't reboot - the system hangs after all of the processes are killed.  You then have to manually power it off and back on.

Random thoughts:

• One of the ports uses the em (i219) driver and the other uses igb (i211).  The i219 is the port on the left side when you are looking at the back of the I/O panel.
• I think the i3 will be plenty of CPU for you.  I'm running pfBlocker (DNSBL, GeoIP blocking) and OpenVPN.  The CPU doesn't break a sweat except under very heavy VPN load.  I plan to run Snort as well, so I'll report back after that.
• You might want to get a slightly stronger PSU.  My system consumes about 55W under heavy load, which is dangerously close to 100% of the PSU you picked.
• My system shows about 14-17% memory usage with pfSense 2.4 beta on ZFS….so yeah, 8GB will be plenty.
• Check out Ubiquiti gear for some affordable APs and switches.  I have the AC Pro AP and it works great.

VAMike

@bbn06:

• You might want to get a slightly stronger PSU.  My system consumes about 55W under heavy load, which is dangerously close to 100% of the PSU you picked.

Yeah, I wouldn't put a 60W PSU on a CPU with a 51W TDP. If you stick with picopsu, they have an 84W brick you can pair with a 90W module.

RazorUK

I was a little concerned on the PSU as well, but saw in this thread https://forum.pfsense.org/index.php?topic=127757.msg707310#msg707310 someone else using that same power unit. I probably should step it up though just to be on the safe side.

I'm probably a few weeks out before I pull the trigger, currently I'm just messing about with pfSense in my VMware environment to get used to the interface and trying some things out before I impact the wife!  ;D

Stan464

Im currently rocking an

AMD APU A4-5000 Built onto an ITX Asrock Motherboard.
4GB of RAM
40GB HDD
Dual Port HP GB Card.

Does 100/20 via OpenVPN on PPPOE.

Works wonders for me, with 20% ish usage.

30 Watts on average/ish

pfBasic

Yikes,  30W average is pretty bad for such a slow connection.

The HDD and old NIC will definitely increase consumption but I didn't think by that much.

VAMike

@pfBasic:

Yikes,  30W average is pretty bad for such a slow connection.

The HDD and old NIC will definitely increase consumption but I didn't think by that much.

pppoe will increase the consumption significantly. I don't understand why any isp is still provisioning that way.

VAMike

@RazorUK:

I was a little concerned on the PSU as well, but saw in this thread https://forum.pfsense.org/index.php?topic=127757.msg707310#msg707310 someone else using that same power unit.

Oh, I'm sure it will work, just in the worst case under sustained load the power brick might melt.

RazorUK

@VAMike:

@RazorUK:

I was a little concerned on the PSU as well, but saw in this thread https://forum.pfsense.org/index.php?topic=127757.msg707310#msg707310 someone else using that same power unit.

Oh, I'm sure it will work, just in the worst case under sustained load the power brick might melt.

Yeah, we definitely don't want that!

I'll just step the power supply up a level or two.