Affordable router hardware with >= 8 Gigabit Ethernet ports



  • Dear router geeks,

    I am planning to replace my consumer SoHo router (Sitecom) with something more trustworthy:

    Overal situation

    • Home network with CAT7 Ethernet cables/CAT 6A ports to every living room.

    • WAN uplink 32MBit via cable provider (dedicated cable modem provided by the cable company, can't be changed). May change to 50 or 100 MBit cable or VDSL in the not so distant future.

    • Currently, the Internet provider serves IPv4, but I'd like to have a IPv6-enabled network (router, switches, etc.).

    • Central rack in the basement where servers and a router are located. So the hardware should be rack-mountable.

    • Wireless APs in the ground floor and first floor.

    • I have ~ 6 PCs, and several smartphones and tablets in the internal network. One requirement is to separate home gear from some office PCs and tablets provided by my employer for telecommuting. My idea was to use the VLAN and private VLAN features of pfSense to do a clean separation of office and home hardware for security reasons and the pf firewall for perimeter security.

    • To connect everything, I would currently need a minimum of 8 ports either on a router or a switch (router on a stick configuration).

    • Internal throughput must be 1GBit Ethernet with VLAN routing.

    Budget wise, I don't want to spend > 400 €, which rules out expensive Xeon based solutions with multiple Gigabit Ethernet ports (see https://forum.pfsense.org/index.php?topic=74325.0).

    I stumbled upon the Ubiquiti Networks EdgeMAX EdgeRouter (http://www.ubnt.com/edgemax#edge-router the 8 port version, not the pro), but it appears to be unsupported by pfSense (see the discussions regarding the ERL from the same company).

    The Ubiquiti solution is around 270 € in Germany, which is the cheapest I found. As it is effectively closed source (despite having a Debian Linux base), I am not too fond of it currently.

    An alternative would be a modest Atom system with dual Gigabit Ethernet ports and a commercial switch, e.g. a Zyxel  GS1910-24 http://www.zyxel.com/us/en/products_services/xgs1910_gs1910_series.shtml?t=p or TP-Link TL-SG3210 http://www.tp-link.com/en/products/details/?categoryid=222&model=TL-SG3210.

    The point now is: Is there any affordable hardware out there which would let me get rid of yet another box (the switch), which fits the scenario sketched above?

    Thank you.



  • What packages do you want to run? Do you want to run virtualised?

    You can get quad intel nics for $99 on eBay. 2x those plus a decent motherboard would fit an i3 or low grade i5 which would suit a snort/havp/squid/openvpn setup. You could go secondhand with the chip to save money.

    Alternatively, in another thread I saw this: https://forum.pfsense.org/index.php?topic=75417.0

    Which should get you 8 ports in a smaller package. I am unsure of the modules it would be able to run on that CPU however (probably squid, snort up to 300mbit?) so if you are just looking for a router it may suffice.



  • Hi Keljian,

    thank you for the advice.

    I guess I would run pfSense on a dedicated machine, no virtualization (I already have a Xen Hypervisor on my homeserver). I am not sure which packages to run yet. The minimum would be a router with IPv4 NAT and VLAN + Perimeter Firewall. Probably a nameserver for the local net as well.

    I don't need OpenVPN currently, and if so, I could live with a maximum speed below the raw WAN bandwidth. I have no use for SQUID, and Snort would be an option, depending on the amount of money I would have to throw in to make it run at the proposed WAN speed (up to 100 MBit).

    The 8-port hardware sounds interesting, I will have a look into this.

    (ed: Removed my question related to a 19" case, as this is already discussed in the thread mentioned by you.)


  • Netgate Administrator

    You have specified gigabit interfaces, is that because you require high bandwidth between internal interfaces? Do you need 1gbps?

    Steve



  • Just tossing around an idea.

    i5 Quad 3ghz+(many cores for high speed internal routing while handing snort and stuff)
    Intel Quad 1gb port with 1 port for WAN and other 3 for LAN. Can aggregate them or leave separate interfaces
    Managed switch that can do VLANs and port aggregation. Personally, I would recommend a Procurve 1810v2($210 for recent EEE version - $300 for IPv6 version) or 1910($300 but has static IP routing support)



  • @stephenw10:

    You have specified gigabit interfaces, is that because you require high bandwidth between internal interfaces? Do you need 1gbps?

    Steve

    Hi Steve,

    Do I really need 1 GBit -I don't know, we are talking about a SoHo net here, so I could live with less.

    The plan is to have at least two VLANs and 1 GBit/s NICs, because the internal network is CAT7 cabling with CAT6a ports. It would be a waste to run it below spec. and for streaming and backup, this would be nice.

    In each config (router with min. 8 ports or router on a stick and a VLAN enabled managed switch), the router would be responsible for routing packts between the VLANs. Using a switch would enable 1Gbit traffic within each VLAN without problems (according to reviews), the issue is only the router.

    Although I could live with less than full throttle, it would be a compromise.



  • @Harvy66:

    Just tossing around an idea.

    i5 Quad 3ghz+(many cores for high speed internal routing while handing snort and stuff)
    Intel Quad 1gb port with 1 port for WAN and other 3 for LAN. Can aggregate them or leave separate interfaces
    Managed switch that can do VLANs and port aggregation. Personally, I would recommend a Procurve 1810v2($210 for recent EEE version - $300 for IPv6 version) or 1910($300 but has static IP routing support)

    Hi Harvy66,

    Thanks for the feedback. My main issue with a router on a stick config would be, that I have yet another box to configure and support. From what I understood, the pfSense code is IPv6 ready, whereas many cheap managed routers currently seem to have limited IPv6 capabilities (but I am not sure here). The ProCurve would be definitely beyond my budget (tops 400 € for the whole setup) and a Core i5 Quad may be too power hungry for my needs.

    From what I gather from all replies so far, I could ditch the requirement to route packages at GBit speed between VLANs and go for a Atom based system (which tops out at around 500 MBit/s apparently, depending on the exact model).

    Anyone having any experience with an Atom D510 with Intel 82574L Gigabit NICs (as in http://www.supermicro.com/products/motherboard/ATOM/ICH9/X7SPA.cfm?typ=H).



  • @mad|V|aX:

    From what I gather from all replies so far, I could ditch the requirement to route packages at GBit speed between VLANs and go for a Atom based system (which tops out at around 500 MBit/s apparently, depending on the exact model).

    Darn you life! Why you make me make choices?! I assumed with "gigabit requirements" that you had a bit of flex for money. Good luck with your hunt.


  • Netgate Administrator

    @mad|V|aX:

    From what I gather from all replies so far, I could ditch the requirement to route packages at GBit speed between VLANs and go for a Atom based system (which tops out at around 500 MBit/s apparently, depending on the exact model).

    Pretty much exactly that. Though that speed is for firewall/NAT only. If you run any packages, especially anything resource intensive like Squid or Snort, that figure will drop considerably.
    On the flip side if you're routing between VLANs on a single NIC you won't get much over that  anyway.
    That board will definitely work but the D510 is a bit long in the tooth these days. Consider the new Rangley Atoms if you can, they are MUCH faster.

    Steve



  • @mad|V|aX:

    From what I gather from all replies so far, I could ditch the requirement to route packages at GBit speed between VLANs and go for a Atom based system (which tops out at around 500 MBit/s apparently, depending on the exact model).

    You could always get a decent layer 3 switch and do all of your internal routing on the switch itself. Then you could run almost any cheap/low power atom with one nic and pfsense and use it only for a firewall/edge device (one nic with 2 vlans - your WAN isn't gigabit anyway so you wouldn't slow anything down).

    Edit: reread original post and noted WAN speed