pfSense DIY Router Build Log pt 1

[Twitchy1138]

Actually, i have. I am a network technician and work with Cisco routers and switches every day. Multiarea OSPF wont require a xeon processor or more than 4gb of RAM. Otherwise Cisco would put a xeon processor in the 3000 series enterprise backbone routers. Most high end Cisco routers are stacked routers. Some places even bypass a traditional router and instead use a Layer 3 Switch. I always advise against relying on a L3 switch instead of a router.  i still stand by an intel Atom, AMD zecate, or VIA chip setup with up to 4GB of RAM. 8GB at the maximum for Overkill purposes.

I was just using an example, a routers specs don't need to be top of the line, only that it will be able to make routing decisions faster with more resources. this is Linus after all, why would he underbuild a machine, that's boring and not what the audience wants

 

on a side note, L3 switches are way more cost effective than routers... one device as opposed to two and with an IPBase image it's got relatively the same functions and less power consumption, a 3650G uses 130w and a 2960G with an ISR4431 is around 350w to acheive the same goal. (although the 2960G and 4431 are far more useful beyond  a single switch)

[to_the_knee]

Well...

 

even though I discovered this company and the YTC just a short while ago, stumbling over this project, I fell free to submit my suggestion about this router idea.

Since there are allot of watercooling projects (more or less successful conducted) to be found on the YTC: why you don´t intend to go over the top and

watercool this thing, especially do to the fact that there is the idea about upgrading?

 

And yes everyone who saw the LC-projects knows that you have access to all necessary tools at hand.

1. Mill (your neighbor)

2. FDM Printer (if still in your hands)

3. Skills ….......

4. Knowledge …....

5. a crew to do it

 

regards from Germany/ Munich

[xnamkcor]

I was just using an example, a routers specs don't need to be top of the line, only that it will be able to make routing decisions faster with more resources. this is Linus after all, why would he underbuild a machine, that's boring and not what the audience wants

 

on a side note, L3 switches are way more cost effective than routers... one device as opposed to two and with an IPBase image it's got relatively the same functions and less power consumption, a 3650G uses 130w and a 2960G with an ISR4431 is around 350w to acheive the same goal. (although the 2960G and 4431 are far more useful beyond  a single switch)

I wonder if Cisco makes any networking devices that use 12v DC as input instead of AC. And I wonder how that would affect UPS efficiency.

[morbital]

lol, part 1, as someone who's suffered through tinkers gone wrong, this video makes me smile, so there's that at least.

[Snadzies]

This just reinforces my belief that the tag line for LMG and put under their logo in their videos should be "Do as we say, not as we do".

[Hamana]

This is just depressing.

I'm a big LTT fan for years (but only made an account couple of weeks ago and I'm not really active here), but somehow this video managed to disappoint me big time. At first I was like: 'Hey cool, I was going to build an pfSense box anyway, let's check this video out' only to see that I couldn't absorb ANY meaningful information. Sure it was kind of entertaining to watch Linus fail, but I don't know - I expected better results from a tech channel. There were in my eyes so many wrong decisions in this project and it is discussed in this thread too.

Linus said it himself, that he wants Linus Media Group to be an entertainment channel with some technology to go along, which is totally fine, but atleast try to transfer some knowledge other than 'how to build a gaming computer'. I think LinusTechTips should be an informative channel (I mean that's what the name implies), that is entertaining and not the other way around. You've built pfSense boxes before looking at your older videos, so why don't you just show us how it's done right?

 

@LinusTech I hope you're reading this.

[moptastic]

 

pfSense has RRD graphs, and it's free.

 

Your point? Sophos has bunch of graphs too for traffic, firewall,etc. And there is a free version for the business use. pfSense has a horrible user interface and its based on freebsd. 

[xnamkcor]

This is just depressing.

I'm a big LTT fan for years (but only made an account couple of weeks ago and I'm not really active here), but somehow this video managed to disappoint me big time. At first I was like: 'Hey cool, I was going to build an pfSense box anyway, let's check this video out' only to see that I couldn't absorb ANY meaningful information. Sure it was kind of entertaining to watch Linus fail, but I don't know - I expected better results from a tech channel. There were in my eyes so many wrong decisions in this project and it is discussed in this thread too.

Linus said it himself, that he wants Linus Media Group to be an entertainment channel with some technology to go along, which is totally fine, but atleast try to transfer some knowledge other than 'how to build a gaming computer'. I think LinusTechTips should be an informative channel (I mean that's what the name implies), that is entertaining and not the other way around. You've built pfSense boxes before looking at your older videos, so why don't you just show us how it's done right?

@LinusTech I hope you're reading this.

If you know enough that it upsets you he's doing this wrong, then you probably don't need a guide on how to do it.

[bigross123]

Why are you still using physical servers? It's such a waste of resources when you consider hyper-v is free and you could have clustered all your servers. I wouldn't even consider a physical server these days, anything I deploy must be virtual.

[LAwLz]

It is a freaking ROUTER! not a SERVER. a ROUTER has no NEED for a XEON SERVER processor. Or have you never built a ROUTER before? I guarentee you that if a ROUTER required a XEON SERVER processor, CISCO would have all their routers using XEON processors. But they dont do they? Hak5 and Teksyndicate both made router videos. Both did the research. Both got it right.

The reason why Cisco gear like the 6800ia can get away with a 600MHz ARM processor is because their products usually has ASICs specialized for most routing/switching tasks.

For example a router that uses "Cisco Express Forwarding" will only process the first frame in a flow will be processed by the CPU, and all other packets will be processed in hardware that is specifically developed to handle that type of traffic.

 

 

I don't quite get why Linus would build a pfSense router to begin with. It would have been so much better to just get a prebuilt router. Guess that would make for a very boring video though...

 

 

 

you've never worked with a router that doesn't have enough RAM or CPU... trying to get multiarea OSPF working on a crappy router is painful, you get more than 10-15 entries in the routing table and you get 100% util. and the latency goes through the roof. you need decent specs to keep traffic going at a decent speed 

Read what I wrote above.

High CPU performance is only necessary if you aren't using proper hardware to begin with. It's like trying to run a game with software rendering instead of just getting a graphics cards. It's silly.

 

And why are you bringing up OSPF? I really doubt Linus will have a bunch of routers in his office. 1 will be enough. Maybe 2 if he wants redundancy.

Even if he gets more than 1 or 2 routers the best thing to do is to just use static routes since the network will be so small anyway. No need to run OSPF, especially not with multiple areas.

[xnamkcor]

Why are you still using physical servers? It's such a waste of resources when you consider hyper-v is free and you could have clustered all your servers. I wouldn't even consider a physical server these days, anything I deploy must be virtual.

How do you make a virtual array of storage? You can't just magically create storage.

[Twitchy1138]

I wonder if Cisco makes any networking devices that use 12v DC as input instead of AC. And I wonder how that would affect UPS efficiency.

million dollar question my friend

[Twitchy1138]

The reason why Cisco gear like the 6800ia can get away with a 600MHz ARM processor is because their products usually has ASICs specialized for most routing/switching tasks.

For example a router that uses "Cisco Express Forwarding" will only process the first frame in a flow will be processed by the CPU, and all other packets will be processed in hardware that is specifically developed to handle that type of traffic.

 

 

I don't quite get why Linus would build a pfSense router to begin with. It would have been so much better to just get a prebuilt router. Guess that would make for a very boring video though...

 

 

 

Read what I wrote above.

High CPU performance is only necessary if you aren't using proper hardware to begin with. It's like trying to run a game with software rendering instead of just getting a graphics cards. It's silly.

 

And why are you bringing up OSPF? I really doubt Linus will have a bunch of routers in his office. 1 will be enough. Maybe 2 if he wants redundancy.

Even if he gets more than 1 or 2 routers the best thing to do is to just use static routes since the network will be so small anyway. No need to run OSPF, especially not with multiple areas.

 

 

just an example, routers can use the extra resources to speed up transactions, you can run a router on 512MB of ram and a bunch of ASIC chips

 

*even 512MB is a bit much for simple stuff

maybe OSPF was a bad example but better hardware can speed things up signifigantly

[Syntaxvgm]

as much as I bitched about this video here 

http://linustechtips.com/main/topic/445502-linus-linus-linus-linus/?view=findpost&p=5970131

I really must say on second view you did a good job cutting that backplate neatly 

[LAwLz]

maybe OSPF was a bad example but better hardware can speed things up signifigantly

Oh absolutely. Like I said, most pfSense boxes will do routing in software and not sophisticated ASICs like in Cisco gear. Depending on the traffic and other hardware, I am sure there are plenty of cases where you need a decent CPU to run routing/switching tasks properly. If you throw in a bunch of other services (anti-virus, snort, file sharing, firewall, etc) then CPU usage will be even higher.

 

I was just saying that he had a valid point when he said Cisco don't use Xeons or whatever in their equipment, but that's because they use special hardware.

[OhYou_]

I believe I see the problem here...

 

You're trying too hard.

 

Although +1 for hot glue. Here's my pfsense router as an example if you get tired of replacing boards.

 

 

[LAwLz]

I believe I see the problem here...

 

You're trying too hard.

 

Although +1 for hot glue. Here's my pfsense router as an example if you get tired of replacing boards.

<image>

I really like your case.

Was it custom made for that particular build?

[Streetguru]

Please buy some, and you probably shouldn't fling metal shards in the direction of your face, you generally want them going towards the floor.

You guys should totally make like a hardware cringe channel.

[OhYou_]

I really like your case.

Was it custom made for that particular build?

Yes, the motherboard was already in the case when I got it!

[Zerim]

Put Sophos UTM on it instead of pfsense. It is way, way better than pfsense. They have a free basic version for businesses, but it lacks many of the protection features. There is also a version for home use only that allows to use all of the features, but its limited to 50 ips on the lan. To get all features for business you need to have a yearly subscription. So, its probably going to cost you a couple of grand. 

 

I run this os inside my esxi and so far has being very satisfied with it. 

 

https://secure2.sophos.com/en-us/products/unified-threat-management/free-utm-trial.aspx#start

I came here to say, why not just buy a Sophos (or other) UTM? A 220 would be great (if not a little overkill) for LMG. 

[nbd712]

You guys (@LinusTech) really need to discover ESXi. Since a pfSense box won't use all of the available bandwidth and processing power, you may as well put all that unused power towards something. What I would do (and have done) is run a Hypervisor on a 2U server and then just run what I need to as I need it. The box is bigger and the management is simpler, and since you have managed switches networking would be super simple.

[xnamkcor]

I came here to say, why not just buy a Sophos (or other) UTM? A 220 would be great (if not a little overkill) for LMG. 

Great idea for a build log. Buy something.

[bigross123]

How do you make a virtual array of storage? You can't just magically create storage.

Are you serious? Have you ever used VMware or hyper-v? The storage in the server is virtual too. Don't comment when you don't know what you are talking about.

[Zerim]

Great idea for a build log. Buy something.

There's a point where buying things makes more sense than making them (especially in business), and the line between what's assembled vs what's "components" is not always clear. Why doesn't Linux build his own fans, equipment racks, or WiFi antennas? In this case, where's he going to get help when he runs into issues requiring support, like a legitimate hacking attack? I didn't subscribe to LinusLearningElectroMechanicalEngineeringTips. 

 

For the vast majority of his viewers, buying a UTM would be the much more sound decision--doing what he did is about as far from a helpful "tip" as you can get, and not mentioning the fact pre-assembled units exist is a disservice to viewers who may need a security device. 

[Passivebuilder]

I will never build my own router but found this video informative and entertaining. You can learn a lot from mistakes. I don't understand the hateful perfectionists in here.