Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

pfSense build help

 Share

Go to solution Solved by Dark_Nate,
21 hours ago, Dutch_Master said:

I spotted a flaw in your design. The load-balancer need to be between the router and the ISP's, not as you've drawn it. The extra LAN port is also on the load-balancer for a future ISP addition. Notice that many switches are also capable of acting as a DHCP server (I know my Dell Powerconnect 2848 units are equipped thus) so you may not need the router at all. (link to Amazon, USD130-ish)

The router itself would handle both load balancing and routing. Why would I want a seperate router and load balancer?
It is easily possible on the likes of MikroTik for instance: 

 

I very much need a router to replace my old one regardless.

Anyway I've decided to just go for this: https://mikrotik.com/product/rb450gx4
Instead of expensive x86-64 systems for now.

Budget (including currency): ₹15,00 ($200)

Country: India

Games, programs or workloads that it will be used for: Load Balancing (two ISPs, so there will be NAT), VPN, some logging for debugging purposes

Other details (existing parts lists, whether any peripherals are needed, what you're upgrading from, when you're going to buy, what resolution and refresh rate you want to play at, etc): 


So essentially I'm trying to build a

  1. Small form factor (as small as it can go without sacrificing network performance)
  2. Low power
  3. That can handle 1G LAN/WAN throughput consistently.
  4. Five 1G ethernet ports. Both ISPs provides ONTs/Media Converter.
  5. And I intend to load balance between two ISPs
  6. 500Mbps IPSec/VPN performance will be good enough
  7. If something more powerful than the above requirements can be built for a cost close to my budget then that would be great too.

The only off-the-shelf router that I could find that offers close to what I seek for is this (minus the Wi-Fi, I don't need that.): https://mikrotik.com/product/hap_ac2

CPU Selection section is something to consider: https://www.pfsense.org/products/#requirements

Edited by Dark_Nate
Link to comment
Share on other sites

Link to post
Share on other sites

Frankly, your budget and requirements don't match.

 

The following board will do as far as your requirements go, but needs CPU and RAM, as well as an enclosure and boot drive: Jetway JNF592-Q170 But it's not anywhere near your 133USD budget 🙄

"You don't need eyes to see, you need vision"

 

(Faithless, 'Reverence' from the 1996 Reverence album)

Link to comment
Share on other sites

Link to post
Share on other sites

32 minutes ago, Dutch_Master said:

Frankly, your budget and requirements don't match.

 

The following board will do as far as your requirements go, but needs CPU and RAM, as well as an enclosure and boot drive: Jetway JNF592-Q170 But it's not anywhere near your 133USD budget 🙄

Updated my budget.

How does MikroTik put powerful hardware under $70 though?

hAP ac² is $69. https://mikrotik.com/products

Link to comment
Share on other sites

Link to post
Share on other sites

If it ticks all your boxes, buy it. But it probably (read as: for certain) not do load-balancing between ISP's, as that's not the device for it. Browse the Mini-ITX website I linked you to, see what else they have. Mind, this is a UK based seller, but you can probably find similar components from Aliexpress for less.

"You don't need eyes to see, you need vision"

 

(Faithless, 'Reverence' from the 1996 Reverence album)

Link to comment
Share on other sites

Link to post
Share on other sites

37 minutes ago, Dutch_Master said:

If it ticks all your boxes, buy it. But it probably (read as: for certain) not do load-balancing between ISP's, as that's not the device for it. Browse the Mini-ITX website I linked you to, see what else they have. Mind, this is a UK based seller, but you can probably find similar components from Aliexpress for less.

It ticks all my boxes but it's of course not pfSense, that's the issue. And it's MikroTik, all their products running RouterOS supports load balancing.

I'm taking a look at the website. But I can't quite find a product that fits the budget like the MikroTik does.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Electronics Wizardy said:

look on ebay or simmilar, normally those sites cost more. I know you can get those for sub 100 usd.

 

Why do you need pfsense? Can you use other router oses?

I'll keep looking.
 

Why not pfSense?
 

But yeah I'm looking for native x86-64 OS, since I'm basically building a router from scratch anyway might as well go full x86-64.

 

Aside from that I don't see any other OS being significantly superior. I would like a clean beautiful UI to work with. I'm not a big fan of dated CLI.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Dark_Nate said:

I'll keep looking.
 

Why not pfSense?
 

But yeah I'm looking for native x86-64 OS, since I'm basically building a router from scratch anyway might as well go full x86-64.

 

Aside from that I don't see any other OS being significantly superior. I would like a clean beautiful UI to work with. I'm not a big fan of dated CLI.

what is your goal?

 

Id say untngle has a better gui and is is eaasier to work with.

 

opnsense is also a good bet, I personally use it.

 

Can you get a used buiness desktop? 

 

That vpn bandwidth may be a pain with that budget, you really want to spend more.

 

Do you need IPS/IDS?

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, Electronics Wizardy said:

what is your goal?

 

Id say untngle has a better gui and is is eaasier to work with.

 

opnsense is also a good bet, I personally use it.

 

Can you get a used buiness desktop? 

 

That vpn bandwidth may be a pain with that budget, you really want to spend more.

 

Do you need IPS/IDS?

My goal is 10G LAN throughput. Load Balancing two ISPs. Maybe three in a few years.

I'm still having a hard time deciding on which router OS to use.

Used business desktop is pretty much the same as building a budget system from scratch with new parts in my country.

How much should I be spending to get that VPN bandwith I'm looking for? 

IPS/IDS, not sure if I need that. I think SPI Firewall with some custom rules should be good enough to protect the network. What do you think?

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Dark_Nate said:

My goal is 10G LAN throughput. Load Balancing two ISPs. Maybe three in a few years.

Your not routing the 10g lan on this right? Get a switch to do this?

 

Can you show prices in your ares.

 

1 hour ago, Dark_Nate said:

'm still having a hard time deciding on which router OS to use.

why not test them in a vm?

 

1 hour ago, Dark_Nate said:

IPS/IDS, not sure if I need that. I think SPI Firewall with some custom rules should be good enough to protect the network. What do you think?

Depends on the threats you have in mind, but that should be fine.

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Electronics Wizardy said:

Your not routing the 10g lan on this right? Get a switch to do this?

 

Can you show prices in your ares.

 

why not test them in a vm?

 

Depends on the threats you have in mind, but that should be fine.

I will be routing 10G on this build itself, so I'd need a 10G NIC. The whole point of this build is for routing/load balancing.

4 10G ethernet ports is preferable. Two will be used for load balancing, one will be for a switch, one will be backup, in case I need direct access.

Prices in my area? Right now due to COVID-19, everything shows as "out of stock".

I think pfSense should do just fine, even if it doesn't, I could easily install something else.

I don't think I require IDS/IPS. But again I'm not an expert on this.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Dark_Nate said:

I will be routing 10G on this build itself, so I'd need a 10G NIC. The whole point of this build is for routing/load balancing.

Is this between lan subnets? Why not do that on your swich?

 

4 minutes ago, Dark_Nate said:

4 10G ethernet ports is preferable. Two will be used for load balancing, one will be for a switch, one will be backup, in case I need direct access.

thats definatly not going to fit in your budget.

 

4 minutes ago, Dark_Nate said:

Prices in my area? Right now due to COVID-19, everything shows as "out of stock".

Can you get use dsystems easily?

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Electronics Wizardy said:

Is this between lan subnets? Why not do that on your swich?

 

thats definatly not going to fit in your budget.

 

Can you get use dsystems easily?

The build will be for a router, the router will handle all DHCP, right now for a single LAN subnet. But with load balancing, I intend to use different subnets for different load balancing strategies. I don't see how a switch would handle routing/load balancing? All a switch would do is help connect more devices to this router? Unless you're suggesting a 1G router with a 10G switch? How would that make any sense?

Ignore my stated budget. Let's come up with a build that's as cheap as possible without sacrificing too much performance.

What are "dsystems"?

image.png

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, Dark_Nate said:

I don't see how a switch would handle routing/load balancing?

A l3 switch can do routing,so let that guy handle all of the 10g routing.

 

Let the router handle all the wan stuff.

 

Look at a swtich like a aruba s2500

 

5 hours ago, Dark_Nate said:

What are "dsystems"?

OOPSment used systems.

 

5 hours ago, Dark_Nate said:

Let's come up with a build that's as cheap as possible without sacrificing too much performance.

idk what your prices are, but around here, get a used dell server+ add a nic. Or a used buniess desktop, easily less than 100 usd and will route 1g fine.

Link to comment
Share on other sites

Link to post
Share on other sites

7 hours ago, Electronics Wizardy said:

A l3 switch can do routing,so let that guy handle all of the 10g routing.

 

Let the router handle all the wan stuff.

 

Look at a swtich like a aruba s2500

 

OOPSment used systems.

 

idk what your prices are, but around here, get a used dell server+ add a nic. Or a used buniess desktop, easily less than 100 usd and will route 1g fine.

L3 switches? I can't afford those: https://www.amazon.com/Aruba-Networks-1000Base-T-Uplink-Ports/dp/B009NGIL8A

Okay, we could do this router+switch combination for sure, but at the minimum the router needs solid 2.5G throughput. I intend to upgrade to 1G internet in the future.

OOPSment used systems are non existent in my country.

A used Dell is like $200 minimum in my country.

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Dark_Nate said:

hunt for those used, there about 100 usd used. YOu really don't want your routing doing 10g switching.

 

2 hours ago, Dark_Nate said:

Okay, we could do this router+switch combination for sure, but at the minimum the router needs solid 2.5G throughput. I intend to upgrade to 1G internet in the future.

OOPSment used systems are non existent in my country.

A used Dell is like $200 minimum in my country.

where can you get parts?

 

Probably just get some low end desktop parts then, so something like a i3 + 4gb of ram + small ssd + a nic of you chosing.

 

 

Can you make a network diagram? what switch are you using?

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Electronics Wizardy said:

hunt for those used, there about 100 usd used. YOu really don't want your routing doing 10g switching.

 

where can you get parts?

 

Probably just get some low end desktop parts then, so something like a i3 + 4gb of ram + small ssd + a nic of you chosing.

 

 

Can you make a network diagram? what switch are you using?

That particular switch you suggested, a used one is non existent in my country.

Can you elaborate on why I wouldn't want a router (4 ports) handling DHCP/LAN? This is my first time hearing a suggestion to use switch to handle local LAN routing and router just for WAN. But how would that work with load balancing? I went through MikroTik's RouterOS documentation on load balancing. It's already tricky enough with the router handling LAN when it comes to how you'd want the bandwidth to be utilised. With a switch used for routing, wouldn't this over complicate things unnecessarily?

We get parts from Amazon, Ebay, Flipkart and few less popular places for both new and used parts. Most of the time we source it locally from the stores, for new parts that is. But avaliability is a big issue in my country.

According to pfSense own documentation, weak CPU will not be able to handle gigabit throughput.

I don't have a switch at the moment.


Forgive my handwriting though.

asset.JPG

Link to comment
Share on other sites

Link to post
Share on other sites

I spotted a flaw in your design. The load-balancer need to be between the router and the ISP's, not as you've drawn it. The extra LAN port is also on the load-balancer for a future ISP addition. Notice that many switches are also capable of acting as a DHCP server (I know my Dell Powerconnect 2848 units are equipped thus) so you may not need the router at all. (link to Amazon, USD130-ish)

"You don't need eyes to see, you need vision"

 

(Faithless, 'Reverence' from the 1996 Reverence album)

Link to comment
Share on other sites

Link to post
Share on other sites

21 hours ago, Dutch_Master said:

I spotted a flaw in your design. The load-balancer need to be between the router and the ISP's, not as you've drawn it. The extra LAN port is also on the load-balancer for a future ISP addition. Notice that many switches are also capable of acting as a DHCP server (I know my Dell Powerconnect 2848 units are equipped thus) so you may not need the router at all. (link to Amazon, USD130-ish)

The router itself would handle both load balancing and routing. Why would I want a seperate router and load balancer?
It is easily possible on the likes of MikroTik for instance: 

 

I very much need a router to replace my old one regardless.

Anyway I've decided to just go for this: https://mikrotik.com/product/rb450gx4
Instead of expensive x86-64 systems for now.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×