Step By Step Guide | Build A 10GbE Router! PfSense 10Gbps 2U Network Appliance Dual 10GBase-T +SSD 🚀
Vložit
- čas přidán 25. 01. 2024
- A 4K60 HDR tutorial to build a robust 10Gbps router using affordable components with long life expectancy.
I built this security appliance at the end of November 2017 and was always told that it is "overkill." The appliance and Hoffman EWMW242425 rack have proven to be future proof and extremely reliable, all at an affordable cost. The 2U standard ATX case utilizing standard sized ATX motherboards and power supplies enables this appliance to always have replacement parts available at an affordable price.
I used a Razer Blade 15 Advanced 2021 model with Thunderbolt in order to have a bus speed capable of true 10Gbps speeds. The QNAP's SFP+ port accepts many different types of modules for fiber optic and copper testing at higher speeds.
Components Used For pfSense:
Intel X550 PCI-E X4 Dual 10GBase-T Network Card (X550T2)
Intel i3-8100 8th Gen LGA1151 Quad Core CPU
ASROCK LGA 1151 H310M-HDV Motherboard
Corsair DDR4 2400MHz 8GB Kit (2x 4GB)
Samsung EVO 850 250Gb Solid State Drive (SATA)
Noctua NH-L9i Low-Profile CPU Fan
Corsair ATX Power Supply
Rosewill 2U Rackmount ATX Case (RSV-2600)
Rack:
Hoffman EWMW242425 Rack Enclosure
Startech 2U Vented Shelf
Netgear CM-2000 2.5Gbps Multi-Gig Cable Modem (Cox 1Gig Service)
CyberPower 1500va PR1500RT2UC Smart App Sinewave UPS System
Netgear XS712T Managed Layer-3 10Gig Switch
ANNKE (Hikvision) 12MP 4K NVR 8CH & 4K HDMI Splitter
Network Tested With:
QNAP QNA-T310G1S Thunderbolt 3 SFP+ Adapter
Razer Blade 15 Advanced 2021 model w/i9 & Thunderbolt 3, Windows 11
Speedtest.net on Chrome browser to the "Fastest Server" closest to my location.
![[柴犬ASMR]曼玉Manyu&小白Bai 毛发护理Spa asmr](http://i.ytimg.com/vi/0TsXQ7z2Dh4/mqdefault.jpg)
Nice clean build. I myself choose a old Dell optiplex SFF with a 6700k and an Intell x520 dual spf+. I run a full 10g network in my house with a 10g fiber wan capped at 3.5gb. I can push all 3.5gb with this pfsense build.
Nice build. I'd personally swap the chasis fans for something like Noctua. Also Velcro strips / cable ties instead of zipties is a good choice too. No risk of damaging the cabling. Nice job overall!
I used that same case for my TrueNAS build. It's still working great!
Nice pfsense router build
I used an SFF HP Prodesk wiith a Core i3.6100T as an opnsense build. It idles at 13W. It was crazy inexpensive, these old office systems are all over used sites and are ideal for server builds.
I have the exact same case but have an old old Xeon with similar intel 10 g card for truenas and unraid, a 4 port gigabit nic to supply the rest of the house. I also used 2 64 gig intel ssd in ZFS “raid 1”. I was using pfsense but shortly swapped to OPNSense. It’s on a UPS along with the switches and WAP so no dropped internet in the evening of a power outage
Nice build, I personally would replace the case face with some better motherboard controlled noctua fans for just noise control
I was wondering are their ventilation slits on topcover above the powersupply or is the cover closed. I never saw that in your video..
never mind it was visible in the beginning upon rewatching.🙂
For Airflow I'd route the Cables away from the MB first, then bundle them up with a Velcro Tie. The MB itself works as a Heatsink and Radiates. You created a 'Cable Blob' right next to your RAM. Besides that I like the Project.
It looks good but for a secure rack I would close up the back side of the rack mount because what good does a locking front panel do if the whole back side of it is open.
Just as an fyi, the thermal paste that comes with the noctua cooler would be as good as what you used if not better.
I'd like to know how you set up pfsense with Quantum Fiber when you do make that change. I'm on Quantum Fiber's 1gig service and am thinking about building a pfsense machine as well. Pros and cons vs something like a Dream Machine Pro SE ($499) because the cost will most certainly be higher if building with new parts?
BIOS setting:
(Intel): After Power Failure setting to Power On
(Gigabyte): Restore (on) AC Power Loss to Power On
(ASUS): “Restore on AC/Power Loss” or “AC Power Recovery” or "After Power Loss"
I use the intel dual sfp++ nic & intel 4 x 1GBE nic
One sfp++ 10GBE is vlan trunk from switch to pfsense using DAC and use pfsense to do firewall between vlans and internet connection/s.
Eventually I will link aggregate the two sfp++ ports and vlan the aggregated virtual ports at both ends however that introduces some technical considerations when upgrading as to do so is a o/s driver config hack. One way around that may be to virtualise and use the hypervisor to fan out the vlans to logical interfacess passed through to pfsense vm.
Also using an i3-8100(T) here, but with Debian because I like to config everything myself. This is router-pc v4, the first two were Atom based (N270 -> N2800), the 3rd i3-8100T where the MB died after 3 years possibly due to passive cooling (Akasa Galileo TU3 case) and then I reused that CPU/RAM/SSD in a Shuttle barebone that's been running like a charm since. Even the old Atom-systems could handle 1Gbps symmetric fiber without a drop of sweat :) , this with DPI/etc off. Unfortunately going 10Gb isn't possible with the current system, no room for expansion cards plus faster than 1Gb isn't available yet.
Do you have a total drive out cost for this?
Question, do I need a graphics card adapter if I'm using an AMD CPU instead of an INTEL? I heard that AMD doesn't have an integrated graphics but I also don't want to spend money investing an intel CPU.
Good build but I would have swapped the fans out for models with 4-pin PWM connectors. Also, as others suggested: Don't cover the opening for the PSU fan. a PSU with a rear fan might have been a better choice.
i have a build now with pfsense and an hp elitedesk 800 g3 with an i7 7700 and 32gb of junk 2400 ddr4 memory along with an X710-DA4 quad port 10G SFP+ card, two single realtek 2.5G cards (will upgrade to dual intels at some point here I think) and a quad port realtek 8125 2.5G card - have to install the realtek drivers which is a pain but you can just use the intel for WAN and 10G for LAN for the install and then changeover to the 2.5G for WAN once installed....surprisingly the realteks have been ROCK SOLID and get 2.35Gbps line rate all day long....and the SFP+ cards are DIRT cheap.....nice content I dig it, keep it up!
If you're so worried about "wires trapping air" (whatever that means) why on earth wouldn't you use a modular SFF power supply? For those in the back of the class, this doesn't matter one bit.
To clarify is this a 2u Startech or Rosewill case? The video states Startech but the the parts list incudes Rosewill. Thank you!
Don't do a circle with thermal paste, or you might trap air bubbles. Just one dollop, or X, not a circle.
i would like to asked 1 question if possible. would the 2.5 ssd limit the bandwidth of the fiber
The SSD has nothing to do with the network speed. It's just there to store and boot the OS.
@@johnnyvvlog Please explain, because I would think the SSD would be a bottleneck of some type, wouldn't it? I'm still confused. I'm just confused, and I want to understand/learn
@@crandall903 the bandwidth never goes through the ssd. It's only there to boot from. Everything else happens in working memory which the SSD is not.
@@johnnyvvlog so its based off ram like cacheing?
@@johnnyvvlog dose size matter like is 4gb good for fiber or 8 gb enough
I am skeptical that this hardware can actually NAT masquerade packets at line rate. So I’m excited for the follow up once you get multi gig fiber WAN.
You could also test this in a lab setting with iperf if you have two 10g capable devices.
@@wojtek-33 Good to know someone tested 10Gb on the wyzse 5070. I currently rock one with OPNsense and dual 2.5GB intel 226. Glad to know I can upgrade it later down the line.
@@wojtek-33 Out of curiosity which 10Gb card are you running in it?
@@wojtek-33 nice I have a few of those and a connectx4. Good to know they work
$160 a month? Damn, internet in the US is tough
in 2024 at least put a cheap dual 2.5Gbit/s card in that spare x1 slot for the wan so you can at least have 2 useable 10Gbit/s lan ports today, better yet get a new 4 slot motherboard [MSI PRO B550M-VC WiFi ProSeries Motherboard (AMD AM4] & populate that with more dual ports for lan use.
Are you talking about a switch? A router only needs 2 ports.
Couple suggestions. Don't use that style of Power supply, use the style that have fans on the rear, when you put the case top on you are going to suffocate the intake fan. Second, I would have bought a motherboard with a m.2 slot on it for a 2456g ssd.
That case has a cutout specifically for the PSU fan on the lid. I have a very similar design case. It works fine.
Sweet, Some of the previous ones didn't.@@KamotzII
i would have gone with more overkill specially on the cpu side. Like a i3 of the 12th gen or newer since they are also cheap and low power but the single core performance has gone up a lot which can help some things in pfsense.
Have you seen what pfsense uses? Fall.
Taken any power measurements?
What on earth are you doing to need a 10Gb pfsense?
Are you some kind of 10Gb gatekeeper?
@@tab8k not an answer
10Gbe NIC for future proofing, i would assume. I am doing what this guy is doing right now, LAN side that is. It is nice to have a NAS that runs data transfers up to that speed.
1Gbe is too slow, or going to be too slow eventually. Price differences of 2.5/5Gbe and 10gbe isn't all that huge anymore; opting for a much higher theoretical data transfer is best.
And to further say more things here;
>WAN -> Whatever Plan he will be going to, past 1gbe, his pfsense machine will have likely no bottlenecks with throughput going this route for a very long time.
>LAN -> Machines communicating with each other, also no throughput issues.
For how much 10gbe nics are now, throwing a few more $ won't hurt anything.
@@RyzoTM I understand that, if it were the switch. But for pfsense, that is a firewall to the WAN, which, 10Gb is a future proofing exercise in the ridiculous. The other machines aren't even connected to the pfsense. And to put a 600W PSU??? Come on man.
when you have >1gig internet, 10GbE is nice so you can use what you pay for..
He's getting 8gbit internet access so why stick to 1 or 2,5gbe?
Also, even if he did stick to using 1 or 2,5gbe devices in the network, the firewall can be 10gbe so it doesn't behave like a bottleneck when multiple users get through at the same time.
10Gbe is not as expensive as it used to be. Most people would be fine with regular 2,5 but if you have a NAS or faster internet, why limit yourself?
Opnsense > Pfsense
That was ALOT of thermal paste...
And drew an air bubble in - yack!
opnsense has better driver support and much better licensing - the only thing wrong with this build essentially - using the mini mb is also abit questionable since std atx is about same price and gives you more pci slot options - molex was also a big mistake and who cares about aesthetics - nobody is ever going to appreciate the aesthetics, a few cables are not going to affect airflow appreciably #forks
citation on the driver support? whats wrong with teh CE ?
@@BenState OPNsense is updated way more frequently. they don't lag behind as much as PFsense does. But eventually they get there.
tbh the main reason i switched to OPN is the UI and ease of use :p
@@ledoynier3694 nothing to do with the the claim of drier support. define lag behimd? lag behind what?
OPN isn’t even on FreeBSD 14 yet. Unless you are adding needed features or security patches, why do you want your security platform updated frequently?
@@tedsanft7420 opnsense is just better fork - better licensing is big, better driver support is big and updates are critical for a security platform - that should go without saying
Running a 600W PSU on a a machine that'll pull 100W max. Not good for efficiency. Such a weird build.
What
@@aRandomHomelabber what dont you understand?
@BenState your commend is not true. The system only uses what it need so to put a higher watt psu (witch most of are better optimized then cheaper low wattage plus) does not exactly mean that the system is using more watt than if you put in a 200 watt psu for example. Putting a higher watt psu in will probably be better for efficiency
@@aRandomHomelabber Incorrect. Look at a switch mode power supply efficiency curve, and you'll see that efficiency drops off precipitously below 50% load. Please update your knowledge accordingly.
Being a Firewall, and being an SSD as your primary drive, enjoy it when it fails in 6 months due to SSD failure, constant writing to it is going to make it's lifespan much LESS than a platter drive would give.....my firewall with a HDD lasted 10 years before I needed to replace it's drive, the SSD I tried gave out after 12 months. More modern does NOT always mean BETTER.
This is bs. I run my router with an ssd for almost 2 years now
I have had my ssd for 8 yrs on my router and 12 on my server, and both are perfectly fine. I think you might have many of the standard problems people forget about and store on ssd. I use ramdisk for logs, disable recording access times on fs and it works beautifully.