Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Most built-in NICs on motherboards are manufactured by Realtek, which is not good for a freeBSD-based router.
If it is Intel which is rare, no problem.
OPN is not a switch so although you can bridge ports, it's best to do switching by a dedicated hardware switch.
Those are the premises to have a painless setup. The rest are personal preferences.
I would suggest going for the T-4. One port for modem, another for LAN and plug the switch into that LAN port to extend the single network, then the AP into one of the switch ports. That gives you a single flat network easy to manage to begin with.
Thats what I've kinda been reading on the built in NIC's. And yea I originally had planned on putting both cards in but later realized it wouldnt work out as nicely. Thats why I've got a dedicated switch on the way.
If were only using 2 ports on the PCIE NIC is there a reason you would go for the T4 1Gb card over the T2 10Gb card? I understand the 550-t2 is overkill on the 1Gb network speed but wasn't sure if with the extra headroom if it would handle traffic or large loads any more efficiently.
The built in NIC on that board will (probably) be an Intel 219 or maybe 210 so not really a problem. Very few Realtek NICs on this series of computer (except wifi card).
I would go with (i350) main LAN on first port (really labeled as port 4 on the card), WAN on second port. Why? because this is what the installer will be looking for as default. Yes you can move things around, but why bother?
Now why I say port 1 is port 4? I have several different computers and every time I use an i350, the port printed as #4 ends up being the LAN port (first port). Don't know and mostly don't care, I just adapt and move on now. I think the same happens on my older Pro1000 card. I usually just take a marker and color around what is the first port so I know which end to start at.
Hey @Rog_Master,
I would look at used Lenovo M720Q Tiny devices that have the optional internal PCIe slot. I have two of them and one is tunning my Intel i7 8700 proc with 16 gig of RAM, as well as a 4 port Intel I350 in the PCIe slot. If you would like to learn more feel free to DM me or email me at stevefxp@gmail.com. I have found these devices to work really well.
If you want something a bit more modern I would look at a device that has either the Intel N100 or N300 proc in it. These devices sip power very efficiently and the all E core design is plenty for what OPNsense does.
Thanks,
Steve
Don't forget N200. That said, there are some funny updates that need to be done to some of the N100 systems, there are several threads on the forum about this.
But that Prodesk will be a pretty low power draw machine, I have a classroom with 20 of the gen6 version and they are really quiet and low heat, even when chugging along with video editing. It's probably a lot more processor than most of us need, but I bet the price was right.
Personally I wouldn't bother with the 550 card, save the power until you really need it, unless you have 10gbps switching between two different LAN and then of course it would be nice to have. But even DAC cables get hot from the card doing work.
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Hello. Is your ISP sending you fiber? Is your Archer plugged into an NBase-T port? If your isp's all-in-one has a 2500mbps or 5000mbps port, plugging multiple things into it can lower speeds due to downshifting.
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2017/05/NBASET-Downshift-WP-1217.pdf
It is quite annoying sometimes, especially if you have laggs set up. Imo isp's should never mix nbase-t and non-nbase-t handoffs. And mine goes as far to subnet the wifi, nbase-t and gigabit all together.
If you are using an nbase-t port consider putting an unmanaged switch between the isp router and pfSense. I like Yuanley's 2.5gbps switch as a cheap option.
Nbase-t is also sensitive to bit errors and alien crosstalk. Meaning things have to be grounded and cables separated (for connoisseurs)
https://youtu.be/-FvYVBjrJx4?si=epToB3iI0kzsY2hv
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2016/08/NBT_CablingWhitePaper_082916.pdf
Sent from my iPhone using Tapatalk
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Even if you are sent a gigabit by the ISP, if it is over fiber, and using 10base-T like sfp+ your gigabit can exhibit these downshifting behaviors.
Sent from my iPhone using Tapatalk
Quote from: Greg_E on July 02, 2024, 07:16:58 PM
Don't forget N200. That said, there are some funny updates that need to be done to some of the N100 systems, there are several threads on the forum about this.
But that Prodesk will be a pretty low power draw machine, I have a classroom with 20 of the gen6 version and they are really quiet and low heat, even when chugging along with video editing. It's probably a lot more processor than most of us need, but I bet the price was right.
Personally I wouldn't bother with the 550 card, save the power until you really need it, unless you have 10gbps switching between two different LAN and then of course it would be nice to have. But even DAC cables get hot from the card doing work.
I've heard good things about the prodesk and your righ for $80 referbished with ssd it was a decent deal. I think I've decided on the i350 card. I do have a few devices that can communicate to each other at 10gbps but there going to be going through a 10gbps switch after the i350 so there shouldn't be an issue.
Quote from: pfScrub on July 02, 2024, 09:55:26 PM
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Hello. Is your ISP sending you fiber? Is your Archer plugged into an NBase-T port? If your isp's all-in-one has a 2500mbps or 5000mbps port, plugging multiple things into it can lower speeds due to downshifting.
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2017/05/NBASET-Downshift-WP-1217.pdf
It is quite annoying sometimes, especially if you have laggs set up. Imo isp's should never mix nbase-t and non-nbase-t handoffs. And mine goes as far to subnet the wifi, nbase-t and gigabit all together.
If you are using an nbase-t port consider putting an unmanaged switch between the isp router and pfSense. I like Yuanley's 2.5gbps switch as a cheap option.
Nbase-t is also sensitive to bit errors and alien crosstalk. Meaning things have to be grounded and cables separated (for connoisseurs)
https://youtu.be/-FvYVBjrJx4?si=epToB3iI0kzsY2hv
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2016/08/NBT_CablingWhitePaper_082916.pdf
Sent from my iPhone using Tapatalk
My ISP is spectrum there Gigbit speed is not fiber as far as I'm aware. I am also using there dedicated modem, not there modem/router combo. I'm honestly not sure on the Nbase-T. I tried looking over your posted link about these terminals and speed drops but I'm not sure I understand 100%. As of right now the modem has a single 2.5gb port that runs to the archer router and everything connects to that. I was planning on the new setup being the modem - opnsense (i350-t4) - multigig managed switch - wireless access point/ethernet device.
I am aware of the cable shielding and needing to be properly grounded and was planning on addressing all that in the near future when I run cat6a riser cables.
Quote from: Rog_Master on July 05, 2024, 07:18:26 PM
Quote from: pfScrub on July 02, 2024, 09:55:26 PM
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Hello. Is your ISP sending you fiber? Is your Archer plugged into an NBase-T port? If your isp's all-in-one has a 2500mbps or 5000mbps port, plugging multiple things into it can lower speeds due to downshifting.
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2017/05/NBASET-Downshift-WP-1217.pdf
It is quite annoying sometimes, especially if you have laggs set up. Imo isp's should never mix nbase-t and non-nbase-t handoffs. And mine goes as far to subnet the wifi, nbase-t and gigabit all together.
If you are using an nbase-t port consider putting an unmanaged switch between the isp router and pfSense. I like Yuanley's 2.5gbps switch as a cheap option.
Nbase-t is also sensitive to bit errors and alien crosstalk. Meaning things have to be grounded and cables separated (for connoisseurs)
https://youtu.be/-FvYVBjrJx4?si=epToB3iI0kzsY2hv
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2016/08/NBT_CablingWhitePaper_082916.pdf
Sent from my iPhone using Tapatalk
My ISP is spectrum there Gigbit speed is not fiber as far as I'm aware. I am also using there dedicated modem, not there modem/router combo. I'm honestly not sure on the Nbase-T. I tried looking over your posted link about these terminals and speed drops but I'm not sure I understand 100%. As of right now the modem has a single 2.5gb port that runs to the archer router and everything connects to that. I was planning on the new setup being the modem - opnsense (i350-t4) - multigig managed switch - wireless access point/ethernet device.
I am aware of the cable shielding and needing to be properly grounded and was planning on addressing all that in the near future when I run cat6a riser cables.
2.5g = Nbase-T. Autonegotiation can be screwy when you plug stuff into 2.5g ports. Because older devices don't know what to do when offered 2.5g link speeds. You can have gigabit ethernet speeds but nbase-t physical line speeds.
Link speed is kind of an integral of bandwidth, if you have taken calculus. You can have any speed of bandwith the linkspeed can support, but sometimes PHYs will try to "lower" the maximum possible speed. Even in the middle of doing something.
My ISP's backbone is like this 100GBase-T outside-> 10GBase-T XGSPON uplink in my ISP router-> and 2.5 gig port combined with gigabit ports all in one
Even gigabit devices seeing a 2.5g port somewhere else seem to cause some binaries (if you'd call them that) to move too fast too and from devices. Some multiplexing goes haywire and you definitely shouldn't lagg with those unless you build your network yourself.
To get the best performance with the 2.5g port, use other 2.5gig nics.
One way stuff has gone haywire for me:
I set up a bridge behind my ISP router with an i225. Everything was working great. No NAT in the opnsense. Cool. I forced 2500 linkspeeds on everything. Disabled all flow control. I put a 2500mbps Wireless AP on the lan and it was still working great. BUT, because the WAP had autonegotiation ON, and the ISP router and OPNsense were forced to 2.5g, the WAP began autonegotiation with the 100gbps interface outside; speed tests showed 100gbps on my iphone over wifi6. I had runaway TCP and shattered the Wifi-6 oscillator.
It was partially due to the XGS pon not having dedicated rx/tx lines (the ISP is supposed to limit the bandwidth to 2000mbps no matter what, with my plan, right?) and also because I had fq_codel limiters and queues set up in opnsense on the bridge but were not enabled with firewall rules. Maybe checksum offloading was autonegotiating or something wifi is crazy sometimes.
According to some paper somewhere, nbase-t requires autonegotiation to work properly. But, sometimes the way it is implemented is haywire between physical and software layers.
Literally everything on your network needs to be 2.5g capable for "safe" operation. Or maybe smooth operation, and handoffs have to support it too. Or POSIX can cause thrashing. Don't ask me if I know what that means, I just read it somewhere. There are some really neat 2500mbps WAPs out there, but even if you get one, all applications have to be designed for 2500mbps full duplex over 802.11. Especially if idiots (like me) force speed and duplexes without knowing how MIMO works. Devices have to handle 100gbps bursty udp/tcp according to my tests. Some devices ping those interfaces and try to discover other devices on the network and end up needing more than they have.
One time I plugged a 2.5gbps port from my ISP into my opnsense i225, and another gigabit port into a separate i225 NIC and my speeds were completely dicked ever afterwards until flashing everything.
Sent from my iPhone using Tapatalk
Quote from: Rog_Master on July 05, 2024, 07:18:26 PM
Quote from: pfScrub on July 02, 2024, 09:55:26 PM
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Hi all. So I've been slowly gathering things to build my new OPNsense router to replace my TPlink Archer C5400x that tends to drop speed. Im still learning as I go through things. Im planning on using the TPlink router as a dedicated Access Point still. I currently have an HP Prodesk 600 G5 with an i5-9500, a intel 550x-T2 Nic, and an intel I350-T4 Nic. I also have Gigabit internet speed. My question is regarding pros and cons of how I set things up. My 3 options are...
1) using the I350-T4, 1st port = modem in, 2nd port = dedicated for switch box between 2-3 PC's and a home server, 3rd port = TPlink Access Point (not sure if the Ethernet ports are still functional in Access point mode).
2) using the I550-T2, 1st port = modem in, 2nd port = ethernet switch box, and then the Access point connected to the Switch box.
3) Using the Motherboard NIC for ethernet in, I550-t2 1st port = switch box, 2nd port = Access point. (it is my understanding this would not be the preferred setup due to instability in the motherboard NIC)
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
Hello. Is your ISP sending you fiber? Is your Archer plugged into an NBase-T port? If your isp's all-in-one has a 2500mbps or 5000mbps port, plugging multiple things into it can lower speeds due to downshifting.
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2017/05/NBASET-Downshift-WP-1217.pdf
It is quite annoying sometimes, especially if you have laggs set up. Imo isp's should never mix nbase-t and non-nbase-t handoffs. And mine goes as far to subnet the wifi, nbase-t and gigabit all together.
If you are using an nbase-t port consider putting an unmanaged switch between the isp router and pfSense. I like Yuanley's 2.5gbps switch as a cheap option.
Nbase-t is also sensitive to bit errors and alien crosstalk. Meaning things have to be grounded and cables separated (for connoisseurs)
https://youtu.be/-FvYVBjrJx4?si=epToB3iI0kzsY2hv
https://archive.nbaset.ethernetalliance.org/wp-content/uploads/2016/08/NBT_CablingWhitePaper_082916.pdf
Sent from my iPhone using Tapatalk
My ISP is spectrum there Gigbit speed is not fiber as far as I'm aware. I am also using there dedicated modem, not there modem/router combo. I'm honestly not sure on the Nbase-T. I tried looking over your posted link about these terminals and speed drops but I'm not sure I understand 100%. As of right now the modem has a single 2.5gb port that runs to the archer router and everything connects to that. I was planning on the new setup being the modem - opnsense (i350-t4) - multigig managed switch - wireless access point/ethernet device.
I am aware of the cable shielding and needing to be properly grounded and was planning on addressing all that in the near future when I run cat6a riser cables.
The silly part is that 2.5gbps IS 10gbps, and probably should be treated that way. 2.5gbps is 10gbps at 1/4 signal speeds.
Sent from my iPhone using Tapatalk
My 100gbps erroneous speed tests were over cat5e cables too. [emoji23]
Sent from my iPhone using Tapatalk
If you haven't bought a card yet, you might look at genuine Intel i226 cards, I think there is a second revision that you might want to look into. That said, HP included a single port i225 card in all of the Z2 computers I just put into service, since I don't have any multigig switches, I just kind of ignored them for now but thought it was odd to ship i225 cards when i226 was the current version. These have i7-14xxx processors and made couple months ago, so not old stock.
The only thing I don't like about the Prodesk is the lack of PCIe slots, at least in the g6 that I have (with 10th gen processors). Oddly enough, the Z2 also have a lack of PCIe compared to the Z240 that they replaced, they are basically a Prodesk on steroids. Not sure why they cost so much more. If the choice is present, for the same money I would choose an EliteDesk 800 over the Prodesk, assuming they still have a decent number of PCIe like our old gen1 did. Those gen 1 Elitedesk 800 ran for around 7 years until they were just too slow for the application we needed to run. Good little computers, only had a single power supply fail in those years and they were on 24/7. The gen 2 not so good, lots of fan and PS issues, the gen3 have been decent so far. Also I had to swap them as we knew that Win11 was approaching and things needed to be newer and compatible.
Quote from: Rog_Master on July 01, 2024, 09:44:57 PM
Could someone help me to understand better the pros and cons of these setups and which would be the recommended way and why?
https://en.wikipedia.org/wiki/Silly_window_syndrome
https://en.wikipedia.org/wiki/Thrashing_(computer_science)
Sent from my iPhone using Tapatalk
Quote from: Greg_E on July 05, 2024, 09:06:05 PM
If you haven't bought a card yet, you might look at genuine Intel i226 cards, I think there is a second revision that you might want to look into. That said, HP included a single port i225 card in all of the Z2 computers I just put into service, since I don't have any multigig switches, I just kind of ignored them for now but thought it was odd to ship i225 cards when i226 was the current version. These have i7-14xxx processors and made couple months ago, so not old stock.
The only thing I don't like about the Prodesk is the lack of PCIe slots, at least in the g6 that I have (with 10th gen processors). Oddly enough, the Z2 also have a lack of PCIe compared to the Z240 that they replaced, they are basically a Prodesk on steroids. Not sure why they cost so much more. If the choice is present, for the same money I would choose an EliteDesk 800 over the Prodesk, assuming they still have a decent number of PCIe like our old gen1 did. Those gen 1 Elitedesk 800 ran for around 7 years until they were just too slow for the application we needed to run. Good little computers, only had a single power supply fail in those years and they were on 24/7. The gen 2 not so good, lots of fan and PS issues, the gen3 have been decent so far. Also I had to swap them as we knew that Win11 was approaching and things needed to be newer and compatible.
I was looking at getting a i225 or i226 card at first but finding a genuine intel one seems to be next to impossible. I may look to getting on in the future still if needed.
There is probably a company called Genuine that manufactures Intel cards though [emoji1787]
Sent from my iPhone using Tapatalk