pfSense DIY Router Build Log pt 1

[Feather]

The reason why Cisco gear like the 6800ia can get away with a 600MHz ARM processor is because their products usually has ASICs specialized for most routing/switching tasks.

For example a router that uses "Cisco Express Forwarding" will only process the first frame in a flow will be processed by the CPU, and all other packets will be processed in hardware that is specifically developed to handle that type of traffic.

 

 

I don't quite get why Linus would build a pfSense router to begin with. It would have been so much better to just get a prebuilt router. Guess that would make for a very boring video though...

 

 

 

Read what I wrote above.

High CPU performance is only necessary if you aren't using proper hardware to begin with. It's like trying to run a game with software rendering instead of just getting a graphics cards. It's silly.

 

And why are you bringing up OSPF? I really doubt Linus will have a bunch of routers in his office. 1 will be enough. Maybe 2 if he wants redundancy.

Even if he gets more than 1 or 2 routers the best thing to do is to just use static routes since the network will be so small anyway. No need to run OSPF, especially not with multiple areas.

 

Even if it's redundant (CARP), both of them will be in the same subnet and no internal routing besides default route will be necessary.  If Linus had an Atom it would sit at like 0-2% almost always.

[Uber Hamburgler]

[snip]

 

PS: Don't ever mention the Atom ever again unless the device is going to be running on battery for more than 75% of it's running time.

The new Baytrail and Cherry Trail Atoms and Avotons are quite good.  At the same power level, they are faster than Haswell and Broadwell for integer tasks (I'm not sure how much it scales past 15 watts though), which is most of what a server will be doing. I have an Avoton running in my file/mail/web server and it has yet to disappoint me.

[ShotDC]

 

Love the idea, but man I hated this video. I was so excited when I heard you were doing this video. You should have done much more research into the parts. As entertaining as it is sometimes, it would be nice to look up to you and your projects. I think people should look at your projects and say "Wow that is cool. I want to do something cool that works." I don't think people like thinking "Wow, Linus keeps failing/doing a terrible job at these projects." Not that you have been failing a bunch, but failure of projects/the number of technical difficulties are increasing and it's just getting more frustrating to watch. This Part 1 should not have been posted. Should have scrapped it all and started over once you had an actual idea about what you were doing and possibly changed the parts so they actually work and aren't freaking hot glued, ground down, and ripped apart! Some people would like to do the projects you are doing but don't want to take these big risks like majorly modding/hacking their materials. Some people just want something that they can put together without a workshop and possibly ruining their hardware. I love the creativity but want something that we can possibly do as well without a team and a bunch of extra hardware.

With that being said, I do really appreciate your videos (almost every time) and please ignore the haters and just be your self; but be a little professional please.

*end rant

this could have work better as a behind the scenes or something

[Feather]

Great idea for a build log. Buy something.

 

I think the point is that this is not the ideal way to purchase 1U pfSense hardware.  If I was Linus I would have purchased these and built it on the video:

http://www.amazon.com/SUPERMICRO-SuperChassis-504-203B-Motherboard-CSE-504-203B/dp/B00EHHCWJO/

http://www.amazon.com/Supermicro-A1SAI-2750F-O-Eight-Motherboard-Combo/dp/B00F0YROSC/ref=sr_1_1?s=pc&ie=UTF8&qid=1442195194&sr=1-1&keywords=a1sai-2750f

http://www.amazon.com/SanDisk-ReadyCache-2-5-Inch-Upgrade-SDSSDRC-032G-G26/dp/B008U3038I/

http://www.amazon.com/Crucial-PC3-12800-Notebook-CT2KIT25664BF160B-CT2CP25664BF160B/dp/B005MWQ6WC/enty_browse-bin%3A9729697011%2Cp_n_feature_five_browse-bin%3A673263011%2Cp_72%3A1248879011

 

At least then no dremeling is required and no possibly shorting motherboards will be killed in the making of the film..  Plus the hot glue PSU lol.

[Dimwitted]

My 2 cents... why are you using a backplate in the first place? Just get some nuts and rubber washers and screw it into the board. The backplate is to spread the stress of the cooler across the m/bd when it's vertical. In the 1U it will always be horizontal. No stress.

 

See? The answer is to quit dicking around and use your nuts.

[Twitchy1138]

Are you serious? Have you ever used VMware or hyper-v? The storage in the server is virtual too. Don't comment when you don't know what you are talking about.

step 1: overprovision with drives that will never exist

step 2: look at storage pool

step 3: notice it's very large

step 4: ???

step 5: Profit

[xnamkcor]

Are you serious? Have you ever used VMware or hyper-v? The storage in the server is virtual too. Don't comment when you don't know what you are talking about.

Make a box with all the hardware for a server, then put a server on that box with a Virtual server OS and a virtual storage from the storage in that box? That seems kinda silly. At that point, why not just make that box a server box?

 

PS: "The storage in the server is virtual too.". Yeah, there was never any confusion that "the storage is virtual", but what does that even mean? The storage isn't physical storage? How would you make storage that isn't made from something physical unless you already had the physical storage. And at that point, why not just use that physical storage was physical storage? Is there some advantage to "virtual" storage?

[brandishwar]

Linus, the one question that kept coming to mind watching the first half of this video was simply this: given how much others consider you an expert on hardware, how were you able to screw up so phenomenally? Did no one vet the hardware you were using to make sure everything was going to fit? I mean having to hack the chassis alone so you could mount the power supply when you should've known before purchasing the power supply whether your chassis supported the PSU's standard. That's kind of... oh I don't know... part of the process of planning a build.

I mean if you have to hack the chassis to make the power supply fit, someone screwed up. Someone seriously screwed up.

And then there's the mainboard. Given in every build log you've had on the channel you emphasize building the system outside the chassis to make sure everything works, why did you not do that here? You would've discovered the board was dead before expending all that time and energy. You could've used a standard cooler that didn't require hacking the back plate or cutting pins off the mainboard to fit to guarantee everything worked before trying to build into the chassis.

And the riser is likely what killed the board. Because ribbon cable risers are problematic -- powered ribbon cable extenders even more so. The pins and cables are so close together that the risk of having pins shorted by solder is very, very high. Instead what you should've bought -- and hopefully what you actually ordered this time around -- is a 1U PCB-based riser card -- you know, what's actually used in a server -- with an extension if you need it to ensure you can seat the NIC. Heck I have one laying around. It's yours if you want it -- just send me a PM and I'll drop it in the mail to you. Test the NIC and the CPU to make sure they still work before another attempt at the router.

On your hypothesis about the power supply and that one connector providing power instead of just an RPM reading, was there no documentation that came with the unit, or documentation you could look up online, to tell you about those connectors? Talk about FAIL on numerous levels in this build...

[Feather]

Linus, the one question that kept coming to mind watching the first half of this video was simply this: given how much others consider you an expert on hardware, how were you able to screw up so phenomenally? Did no one vet the hardware you were using to make sure everything was going to fit? I mean having to hack the chassis alone so you could mount the power supply when you should've known before purchasing the power supply whether your chassis supported the PSU's standard. That's kind of... oh I don't know... part of the process of planning a build.

I mean if you have to hack the chassis to make the power supply fit, someone screwed up. Someone seriously screwed up.

And then there's the mainboard. Given in every build log you've had on the channel you emphasize building the system outside the chassis to make sure everything works, why did you not do that here? You would've discovered the board was dead before expending all that time and energy. You could've used a standard cooler that didn't require hacking the back plate or cutting pins off the mainboard to fit to guarantee everything worked before trying to build into the chassis.

And the riser is likely what killed the board. Because ribbon cable risers are problematic -- powered ribbon cable extenders even more so. The pins and cables are so close together that the risk of having pins shorted by solder is very, very high. Instead what you should've bought -- and hopefully what you actually ordered this time around -- is a 1U PCB-based riser card -- you know, what's actually used in a server -- with an extension if you need it to ensure you can seat the NIC. Heck I have one laying around. It's yours if you want it -- just send me a PM and I'll drop it in the mail to you. Test the NIC and the CPU to make sure they still work before another attempt at the router.

On your hypothesis about the power supply and that one connector providing power instead of just an RPM reading, was there no documentation that came with the unit, or documentation you could look up online, to tell you about those connectors? Talk about FAIL on numerous levels in this build...

 

From my experience, there isn't as good of a standard when it comes to server PSUs, I've seen some claim they are standard yet the power plug and/or fan cut-out will be positioned differently than other "standard" server PSUs of the same size, and since the chassis like Linus' have mounting hardware that requires exact placements of the fans / power plugs to fit, it may not necessarily be compatible.

 

Personally I would get server chassis with the power supplies, at least that's what I've found.

[bigross123]

Make a box with all the hardware for a server, then put a server on that box with a Virtual server OS and a virtual storage from the storage in that box? That seems kinda silly. At that point, why not just make that box a server box?

 

PS: "The storage in the server is virtual too.". Yeah, there was never any confusion that "the storage is virtual", but what does that even mean? The storage isn't physical storage? How would you make storage that isn't made from something physical unless you already had the physical storage. And at that point, why not just use that physical storage was physical storage? Is there some advantage to "virtual" storage?

You take 1 physical server with everything a normal computer has then you can run multiple virtual servers on it. The physical server becomes a pool of resources that you can devide up. This way the router, file server, render box, ect run on one physical server because they will never all be running 100% capacity all the time . If you have 100tb worth of hard drives in the physical server you assign vm1 200gb, vm2 30tb, ect until you use the 100tb pool available. Read up of server virtualizion, the Internet can explain better then me.

[moptastic]

I came here to say, why not just buy a Sophos (or other) UTM? A 220 would be great (if not a little overkill) for LMG. 

 

But then we wouldn't have an entertaining content of Linus killing motherboards that are worth hundreds of dollars each. 

[xnamkcor]

You take 1 physical server with everything a normal computer has then you can run multiple virtual servers on it. The physical server becomes a pool of resources that you can devide up. This way the router, file server, render box, ect run on one physical server because they will never all be running 100% capacity all the time . If you have 100tb worth of hard drives in the physical server you assign vm1 200gb, vm2 30tb, ect until you use the 100tb pool available. Read up of server virtualizion, the Internet can explain better then me.

"The render server will never be running at 100%".

 

You very funny man.

[LAwLz]

Are you serious? Have you ever used VMware or hyper-v? The storage in the server is virtual too. Don't comment when you don't know what you are talking about.

Download more hard drives!

[rilesjenkins]

I do appreciate people's input but it's not the backplate. I've probably installed 100+ backplates in my time. I'm not exactly new to it.

And yes of course I know I could just eBay an old rackmount server. I can afford to do that no problem.

How many of you will watch that video of me shopping on eBay then waiting for it to arrive and sliding it into a rack?

Remember, my business is making videos, not building routers - i cannot emphasize this enough.

Anyway, stay tuned for part 2. I've got another board inbound

 

You're essentially the Jeremy Clarkson of tech, minus the 'fracas'. I love watching what you do because it's often crazy and pushes the envelope in silly ways.

My theory is the speaker leads are shorted out, which is why it screamed for a couple seconds before it died. Can't wait to find out in part 2!

[Zergom]

Wow, so much flak for a video that was obviously created to be entertaining.

 

I'm a sysadmin, and I get a kick out of Linus' videos. It reminds me of when I was in my teen years, with limited resources, and you modified things just to make them work. My guess (and I have no way of confirming this, and it's just a guess) is that Linus called up a friend at computer parts vendor, and said "Hey, I'd love to do a video on making a pfSense box, what hardware do you recommend?" to which the rep likely replied "We have a 1u chassis that hasn't been moving, and a board and proc, I'll send it to you, just give us a shout out on the video". 

 

If you really want to know how to build a pfSense box, just search on YouTube for five seconds and you'll find many complete guides, with good information.

 

Personally, if I were building this, I would probably just buy a pre-configured Lenovo TS440 or TS140 (not rack mountable, which defeats that purpose for his video), an Intel I350 NIC, as that'd be the lowest cost for new gear. I'd load it with my favorite hypervisor (ESXi, Hyper-V is good enough as well), and run it from there. If I had spare parts, anything higher than a Pentium D with 2GB of ram, and a second NIC is enough for a basic pfSense config (though on lower hardware configs I wouldn't bother with virtualizing), with an internet connection under 100mbps.

 

Thanks for the laugh Linus, looking forward to part 2.

[You_are_a_cunt]

RIP MOTHERBOARDS

[TheGeeker]

I do appreciate people's input but it's not the backplate. I've probably installed 100+ backplates in my time. I'm not exactly new to it.

And yes of course I know I could just eBay an old rackmount server. I can afford to do that no problem.

How many of you will watch that video of me shopping on eBay then waiting for it to arrive and sliding it into a rack?

Remember, my business is making videos, not building routers - i cannot emphasize this enough.

Anyway, stay tuned for part 2. I've got another board inbound

I agree with this as well. I spent well over 1500 dollars on a plex server when I could have used a WAY cheaper option and I also spent weeks working with FreeNas not because it was a good cheaper way but it was fun, challenging and something for me to do. I am now also considering making a pfsense box for not ANY practical reason but because its cool, and something fun to do.  (This time I will use old hardware though) Lol

[dom1310df]

Everything you do in this video makes me question your credibility.

 

You put a $370 server chip in a router ..... WTF WHY?

You did not check for compatiblity of parts.

 

Here is what you should have done...... use a 2U/4U rackmount chassis since you want to rack mount it. (I would have just used a Mini-ITX case and called it a day)

A 2U/4U chassis supports a standard ATX PSU, a Standard IO shield, proper airflow, any motherboard you wish to use. Costs roughly the same as the 1U chassis you got.  And can still be rackmounted.

 

Example: http://www.amazon.com/gp/product/B00BQY36DC?psc=1&redirect=true&ref_=ox_sc_act_title_2&smid=ATVPDKIKX0DER

Example: http://www.amazon.com/iStarUSA-Server-Chassis-Cases-D-214-MATX/dp/B00A7NBO6E/ref=sr_1_21?ie=UTF8&qid=1442138029&sr=8-21&keywords=2u+rackmount+chassis

Example: http://www.amazon.com/Rosewill-Thickness-Rackmount-Chassis-RSV-L4412/dp/B00N9CXGSO/ref=sr_1_17?ie=UTF8&qid=1442137996&sr=8-17-spons&keywords=2u+rackmount+chassis

 

You could have made it an interesting build if you built the router in something like the Coolermaster Elite 110 and then decided to DIY rackmount that case.

 

You could have easily made do with a dual core Atom chip or one of the Quad/Octo core integrated chips.

But why has he done this? Because it will get more views than a video where everything is done properly. And it's sure as hell entertaining watching him fooling around with an angle grinder.

[dom1310df]

When Linus wears earbuds that aren't plugged into anything...

Aren't they the noise cancelling sort that work somewhat to protect your hearing when using power tools? Not that't I'd suggest doing that. That's a bad idea!

[xnamkcor]

Aren't they the noise cancelling sort that work somewhat to protect your hearing when using power tools? Not that't I'd suggest doing that. That's a bad idea!

 

Back when I worked at a pizza place, I would were my Phillips noise-cancelling headphones to cancel the drone of the Walk-In fans. That and, you know, earmuffs.

[FHR]

I think you should at least get a board, that is meant to go into rack server.

 

http://www.supermicro.nl/products/motherboard/Xeon/C220/X10SLM_-LN4F.cfm

This board looks promising - It has a 4 port Intel GigE onboard.

Also, it is a rack-compatible board - meaning it has correct orientation of DIMM slots, space around socket etc.

[Izera]

So first time posting but I work in IT for a living and I really enjoyed this a lot!  It was quite amusing really!  I am going to post what parts I think would would better for your build and go into detail why I think they are smarter buys then what you currently are using.

 

 

Heat Sink (URL)

first off I would like to point out that your 1U passive CPU cooling is for an LGA 1156 and NOT an 1155 ( the socket type for your CPU)  This is why in the video you had to cut parts of the back plate off to make it fit onto your motherboard.  You should get a different passive heat sink.  I would Recommend this one. It is expensive because it is made almost entirely of copper.  When you are dealing with passive heat sinks you shouldn't skimp on price and you should be getting the best.

 

 

This is the only major Change I would make to the build if you wanted to keep costs down and not replace more parts but that being said I do have a few more recommendations.

 

1U rackmount Chassis (URL)

The next thing I would consider buying is a new chassis to fit into your 1U server rack.  This Case comes with pre-installed with a 200W Power supply and I know that a lot of people dislike that idea and I also have the feeling you liked the idea of having a Redundant power supply option on it.  A redundant Power Supply I feel for this kind of build is not necessary.  It will be a waste of space, excess heat and noise.  My last point for recommending it is This case is not as Long as the one you currently have so it will use up less space!

Chassis Specs

 

 

Mother board (URL)

Last but not Least I would Recommend a Larger form factor for your Motherboard.  I have server things I dislike about your motherboard pick and the big one is airflow.  More fans will not make up for the lack of airflow over the passive Heat Sink.  Yes I did notice that you got the smaller form factor to make up for that but the CPU will run a lot warmer that it needs to because the RAM is in the way.  By using this Motherboard you have the Ram off to the side where it won't get in the way.  The SATA ports are to the other side of the board for better cable management and Board near the CPU socket is generally devoid of any major obstructions compared to the MoBo you picked that is so compact that The heat sink was impossible to install correctly.  Also this board comes with more features than the one you picked up and also for the same price!

Mobo Specs

 

 

Closing Thoughts

One thing to keep in mind is that the Motherboard and Case both came from the same company.  This means the Motherboard is Optimized to for specific cases.  I did not pick the best optimized case for this build and opted for a different case instead but the form factor remains the same regardless.  In terms power you should be ok for the system but if you fear 200W is not enough I would consider upgrading to one of their other cases then.

Overall i really Enjoyed watching this video and I hope this info was helpful to you!

PS: If you need a systems admin let me know!

 

Edit:

If you decide that after all this You want a powerful switch with all the things a Systems admin would need then I would recommend the following Managed Switch.

 

TP-LINK TL-SG3210(URL)

why This Switch?  well it is a very high quality Level 2 Managed Switch with enterprise style features without the enterprise style Price.

It supports QoS, has options to prevent Typical DoS attacks, has ACLs (access Control Lists) and will even allow you to setup your own VLAN.

And Finally the switch supports 802.1X authentication whitch is used in conjunction with a RADIUS server (as mentioned in the Comments).

I know a PFsense Router is a cool idea but this is ultimately what you need.

 

Edit2: This Switch can be rack mounted with Mounting rack ears so it will fit!

[TheSerbian379]

[riawoias]

The SYS-5018A-FTN4 routes at >800mbps out of the box with pfsense and basically pressing enter a lot for ~500USD. I guided my non-tech brother on how to install it by saying press enter and when it says connect WAN plug the modem wire in and press enter till it asks for the lan wire and press enter and then say no to configuring more ports and your done. I never even configured it until I remotely connected a few months later. Also works well for multi-wan (DSL, CBL, 4G) which if you use three providers provides redundant load sharing connections over different media and routing.

 

For a DIY you can just buy the parts separately (case, motherboard). To make things interesting why not use a direct DC UPS system as the motherboard supports 12VDC single input for all power. With ideal or (if your cheap not ideal) diodes you can have as many DC supplies/batteries as you want. (Switching time is happens instantly and you can just use two cheap power bricks for redundant AC PSUs)

 

http://www.mini-box.com/OpenUPS2 (Fits in a 2.5 inch drive slot)(Please don't short out this though as lithium cells don't like that at all)(The super-micro case thoughtfully has thick plastic sheet to prevent shorting in the hard drive bay area)

 

http://www.mini-box.com/Y-PWR-Hot-Swap-Load-Sharing-Controller 

 

I'm not sure but the 12VDC input on the motherboard might be the same pinout as these boards as well which makes things cleaner.

 

Just have two power bricks (you might even be able to fit them inside the case) and then join them with the ideal diodes and then run it through the 2.5" drive DC UPS and right into the motherboard.

[xnamkcor]

http://www.mini-box.com/OpenUPS2 (Fits in a 2.5 inch drive slot)(Please don't short out this though as lithium cells don't like that at all)(The super-micro case thoughtfully has thick plastic sheet to prevent shorting in the hard drive bay area)

 109 USD per unit?

 

http://www.belkin.com/us/BU3DC001-12V-Belkin/p/P-BU3DC001-12V/

 

It'd rather get a real product for 20 USD more. If I'm getting "hobby parts", They shouldn't cost near the same price of a finished product.