Do Hardware Requirements only pertain to Bare Metal Installs? (eg VMs don't care

Started by bcboncs, January 06, 2024, 03:57:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 06, 2024, 03:57:58 PM
Excuse my ignorance, I've been out of technology builds for 10-15 years.

I'm trying to build a router and NAS with proxmox, docker, plex, etc. but a hard requirement for me is to have the router on bare metal.

Knowing that there are some hardware requirements/limitations with FreeBSD/opnsense, it's having me second guess a lot of hardware possibilities. There's also folks like Wolfgang that recommend a n5105 but I don't see the Celeron D being a supported hardware requirement yet I'm pretty sure he made it happen (at least in snippets of video).

I'm leaning toward having OpenWRT as the bare metal install (the pipe for inbound & outbound traffic) due to less hardware limitations then opnsense underneath it in a VM/docker container (for all firewall rules, etc.).

Is this feasible? Am I overthinking this? Is this stupid? Any other recommendations before I start buying the hardware?

Minimal hardware thoughts:
- Ideally Mini-ITX (fractal design node 304 or comparable) !!
- 1x 2.5Gb Eth (for Modem to this device)
- Dual band wifi 5 (later upgrade to 6 when more supported) access point for two SSIDs (private w/ all LAN access/segmentation + guest without any LAN access)
- PCIe adapter to use dual band wifi nic is fine too if that's not native.
- ability to stream 1080p flawlessly, bonus if 4k though I don't care too much about that (if you know certain CPU/GPU terminology I should look for in hardware I would appreciate it, the lingo these days is requiring me to research a lot)
- 1x or 2x NVME slots, 4-8 sata ports or PCIe scalability.

Thank you in advance!!
January 06, 2024, 11:57:22 PM #1
For the build, you seem to be thinking as if it was a PC build. For instance a firewall doesn't need all that storage. In fact NVMe is totally overkill. SSD is perfect. HD is good but not as much.
All you need is a high clock CPU,especially if you are on PPoE from your mention of a modem.
Forget about wifi on a firewall based on OPN. It's based on freeBSD that is not great for hardware support for wifi cards. There are some supported and OPN can use some of them but save yourself the trouble. There WILL be troubles to overcome.
You don't need a GPU.
What you need is a small device with at least 2 network interfaces, preferable Intel, not Realtek. A CPU of at least 2 GHz, 2 cores will work, 4 are better. More are not strictly needed. One SSD of at least 60 GB or more. 120 is more usable. More is OK but unnecessary unless you plan on logging a lot.
Do you have PPoE from your ISP? Do you have a switch already?

Finally. The ability to stream is depending on your what throughput you can achieve on the WAN interface from your ISP, what is your current bandwith? Together with the PPoE question, it should give enough info.
The CPU family (Celeron D, Core, AMD Ryzen, etc) is of no importance. As long as is AMD64 it is fine. What matters is the single core score.
Have a look in the docs as well https://docs.opnsense.org/manual/hardware.html
January 07, 2024, 01:59:26 AM #2
So here's the thing about WiFi cards: They're designed to be clients, not Access Points. You will have a very bad, but memorable experience if you try to use them as Access Points. Buy a purpose built AP, like an Omada 620.
A router and a NAS should be 2 completely separate appliances, and shouldn't be combined. You don't haul lumber in a Prius, don't store data on your router.
January 09, 2024, 01:26:25 AM #3
Quote from: cookiemonster on January 06, 2024, 11:57:22 PM
For the build, you seem to be thinking as if it was a PC build. For instance a firewall doesn't need all that storage. In fact NVMe is totally overkill. SSD is perfect. HD is good but not as much.
All you need is a high clock CPU,especially if you are on PPoE from your mention of a modem.
Forget about wifi on a firewall based on OPN. It's based on freeBSD that is not great for hardware support for wifi cards. There are some supported and OPN can use some of them but save yourself the trouble. There WILL be troubles to overcome.
You don't need a GPU.
What you need is a small device with at least 2 network interfaces, preferable Intel, not Realtek. A CPU of at least 2 GHz, 2 cores will work, 4 are better. More are not strictly needed. One SSD of at least 60 GB or more. 120 is more usable. More is OK but unnecessary unless you plan on logging a lot.
Do you have PPoE from your ISP? Do you have a switch already?

Finally. The ability to stream is depending on your what throughput you can achieve on the WAN interface from your ISP, what is your current bandwith? Together with the PPoE question, it should give enough info.
The CPU family (Celeron D, Core, AMD Ryzen, etc) is of no importance. As long as is AMD64 it is fine. What matters is the single core score.
Have a look in the docs as well https://docs.opnsense.org/manual/hardware.html

I cannot find any PPPoE setting but I have DOCSIS 3.0 modem-router combo using Gigabit Ethernet if that helps. My goal would be to encapsulate all traffic (Windscribe VPN preferred/proxy/other?) before it hits the modem through my router build.

Worst-case scenario, if I must statically assign all IP addresses or reserve them I'm game to do that but I am thinking I should be able to use DHCP and maybe some reservation options if available. Am I missing the need of PPPoE?

I'd probably go deeper into networking via docker as described by networkchuck https://www.youtube.com/watch?v=bKFMS5C4CG0

As for the build/overkill/etc, it's all in a tight Mini-ITX with M2 availability so I went NVME route. I already got wife-approval for the NAS cost and it's already ordered.
https://docs.google.com/spreadsheets/d/1uPCGbGBkXNxi13QBL3sQIqwB--y_Xs_IGbAG6MdncPw/edit?usp=sharing

Quote from: Stormscape on January 07, 2024, 01:59:26 AM
So here's the thing about WiFi cards: They're designed to be clients, not Access Points. You will have a very bad, but memorable experience if you try to use them as Access Points. Buy a purpose built AP, like an Omada 620.
A router and a NAS should be 2 completely separate appliances, and shouldn't be combined. You don't haul lumber in a Prius, don't store data on your router.

Gosh I thought I did research on this already but I cannot find it in my bookmarks or saved videos. I think I went down a "make sure it's not a bridge-only wifi device" or something to that nature. This sounds painful but if it's possible, or not, or "really hard" based on this motherboard https://www.newegg.com/p/N82E16813162033 please let me know :) I'm willing to try anything, even if you point me in the right direction (not off the cliff please!) I'd greatly appreciate it. Worst-case scenario, I buy a PCIe AP?

As for router-NAS being independent device, I understand the single point failure concern and potentially security concern but my thought is if the router is on a different bare metal drive and the other NICs are handled downstream, it could be considered as separate communication channel while leveraging same processing hardware. It's mostly a hobby project for me to learn stuff and see if it's possible. Maybe in the future I'll toss the router on a rPi or similar, smaller footprint device.
January 09, 2024, 11:11:23 AM #4
The PPoE is how to authenticate to the ISP. On OPN it is the setting on WAN interface, but only needed if OPN router will be replacing your ISP and it doesn't require a modem. So if your are on DOCSIS then it is cable and needs a modem. That leaves you with an option to use your ISP (if their modem/router combo allows) to be used only for modem, and make it pass all functions of router to a downstream device. That would be OPN.
You'll need to research your particular modem/router from ISP.
Alternatively, double NAT. That is you have your ISP as is, and OPN behind but both are performing NAT duties.
Print
Go Up Pages1
User actions