OPNsense Forum
English Forums => Hardware and Performance => Topic started by: HillTopsGM on January 02, 2022, 10:52:35 pm
-
Hi everyone!
I've been flipping back and forth between pfSense and OPNsense and (if it isn't obvious) I am strongly leaning towards OPNsense.
I've looked at Protectli stuff but non of it has an SFP+ ports.
I came across this:
Supermicro Xeon D-1518 Mini 1U Rackmount w/Dual 10GbE, SFP+, IPMI, RS-SMX10TP8F
Link: https://www.amazon.com/Supermicro-D-1518-Rackmount-10GbE-RS-SMX10TP8F/dp/B01M15EICT (https://www.amazon.com/Supermicro-D-1518-Rackmount-10GbE-RS-SMX10TP8F/dp/B01M15EICT)
Has anyone installed OPNsense on a Xeon based processor?
My ISP provides me with a 1G fiber connection (SFP Module into my ISP provided router/modem). I'd like to plug this SFP module directly into this unit and completely cut out my ISP's router modem.
. . . IF this server is powerful enough (I'd load it up with a good amount of RAM, then I'd like to run OPNsense on 2 of the cores, and dedicate the other 2 (and an appropriate amount of ram) to a TrueNAS install too. Thoughts/ Does anyone thing this is something this could handle?
Thanks in advance for any advice.
Happy New Year!
-
OpnSense on Xeon should be very well supported overall. As for the D-1518, it’s quite old (6 years?) and quite power efficient but not particularly fast compared to current gen CPUs. Passmark gives it score of 1256 per core and 4784 total. In direct comparison AMD Epyc 3201 has the same power budget (~30W) and 1928 per core and 10258 total. Desktop/server CPUs will be faster still, but more power hungry.
All that said, the 1518 should still have no problem driving 1Gb/s including IPS/IDS, but it may not scale so well if you want to add additional stuff on top.
As for SFP(+), you can easily add such ports by adding a NIC in a PCIe slot. You can get server level stuff relatively cheap 2nd hand. So don’t stare yourself blind on having it built-in.
Also, it may not be so easy cutting out the ISP’s modem. ISPs sometimes use GPON or equivalent which means your modem does some heavy lifting to filter out the traffic that relates only to your particular connection, and this is not easy to replicate in your own setup (by design). I’d recommend you do some research on that first before you purchase your own hardware, possibly only to find that you can’t get a link on the fiber connection.
-
Thanks rungekutta!
I'm super excited about finally setting up my 'new' home network.
Here is a little more background:
I am not committed to any one particular piece of hardware or another AND I am wide open to any suggestions.
Budget - I'm quite flexible. Without fully comprehending what people say when they have set up their own "Home Lab", I'd like to work in that direction.
I like tinkering with VM's and various Linux distributions; as part of the process I intent to upgrade my FreeNAS installation to TrueNAS with a hardware bump as well, and I am looking forward to tinkering with a Raspberry Pi and playing with all the things one can do there (creating a Pi-hole, etc).
We've just moved and have a 1Gig Fiber connection.
The Fiber Module is a GPON Module (SEE ATTACHED) I really don't know anything about them but will do some looking (not sure where or what to ask just yet) - thanks for the advice.
Directly connecting ISP module to my router is out, I was eyeing up the Protectli line, though they don't have an SFP+ connector (preferred) that would allow me to link to my switch. Does anyone have another suggestion?
I see Netgate has the 6100 which probably would, but this seems like an odd option to take if I'm leaning to OPNsense . . . could you install OPNsense on Netgate hardware?
I'm don't mean to sound scatterbrained here. I'm pretty much starting with a clean slate and I'm thinking out loud here.
Additional Thoughts?
-
I am very fond of the Xeon-D series of CPUs. They are not cheap - you can get a better bang for the buck if you pick AMD. But all my applications on FreeBSD and ESXi run just rock solid. If you don't run Linux but FreeBSD, i.e. OPNsense, TrueNAS, ... I can really recommend them. Especially the embedded boards by Supermicro ...
-
Cool! You have many hours of tinkering ahead. I’m in a similar position myself although slightly ahead of you. It’s very rewarding as your setup grows and you can expand into new areas and discover useful applications to run and host for yourself and friends and family.
My advise for what it’s worth would be to avoid putting all eggs in one basket. Keep your edge router and firewall on separate hardware from your other services so you don’t lose all internet and internal routing when you update your main hypervisor. For that purpose the D-1518 would do just fine, or you could get away with something smaller too (Qotom are popular here). Run OpnSense bare metal, or virtualized on ESXi or Proxmox - if virtualized you build more complexity but gain some benefits in easy backup and rollback etc.
Then install Proxmox or ESXi on additional hardware and add VMs and services to taste including TrueNAS. When you run out of hardware, add another node and create a cluster - and then you’re already some way into the “homelab” rabbit hole before you even realized ;-)
YMMV of course.
-
Hi
I wonder how your Ethernet network card will deal with the SFP module. If you could share some results later ?
Because, IMHO, the card supports Ethernet standards only , IEEE 802.3* , like for example:
Supported link modes: 1000baseT/Full
10000baseT/Full
1000baseX/Full
10000baseSR/Full
10000baseLR/Full
and your GPON ONT SFP thus might have matching physical&electrical SFP interface however not matching link/protocol towards to the Ethernet NIC.
Then there is a question what HW part will manage WDM/TDM for GPON ... interesting.
Happy hacking -- thumbs up !
-
I am very fond of the Xeon-D series of CPUs. They are not cheap - you can get a better bang for the buck if you pick AMD. But all my applications on FreeBSD and ESXi run just rock solid. If you don't run Linux but FreeBSD, i.e. OPNsense, TrueNAS, ... I can really recommend them. Especially the embedded boards by Supermicro ...
I'll second this - I have 2 Broadberry devices, basically Supermicro, in a Proxmox cluster, in a rack under the stairs, they're powerful enough, don't draw too much power, quiet/cool enough, 2 x 10Gb ports and 2 x 1Gb ports...whats not to like.
Albeit I don't run Opnsense on the proxmox cluster, have a stand alone device for that (and house automation....been burnt waaaay too many times when tinkering and not being able to turn the lights off!!!! ;)
... Xeon D, solid choice.