Small formfactor router

Started by Simaryp, August 05, 2025, 10:08:34 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 4
User actions
August 05, 2025, 10:08:34 PM
Hi, I am running opnsense for some years on a 19" self made router build from spare parts.

I probably need to get rid of my 19" rack and need a smaller solution.

I have no demanding needs, it's just my home, some vlans unbound etc.

I read about cwwk N100 and N150, but I also read about heat issues on such devices. And there is a quadrillion versions of them.

Is there anything recommended?
I saw this fanless one https://www.amazon.de/CWWK-Upgraded-Firewall-Appliance-3-Display/dp/B0DTB6LZRQ and this with a fan https://www.amazon.de/CWWK-Pocket-NAS-Computer-Expandable-2-Display/dp/B0DZ5GF8J4 .
The first one has even 6 lan ports. I am not sure, whether this would have some downsides, but I might even not need my switch in this case, as this looks sufficient for my modem, my acces point, server and printer. So I could probably get rid of a complete device.
August 06, 2025, 04:12:51 PM #1 Last Edit: August 06, 2025, 04:17:08 PM by BrandyWine
no heat issues on my N150. https://forum.opnsense.org/index.php?topic=48166.0
Small enclosed devices.........  always need a cooling fan on heatsink, or a fan blowing on it. Make sure the device has some heatsink ribs, nothing flat.
N150 has max op temp of approx 120C, my N150 swings between 40-60C depending on what's it's doing.

Caveat: my temps noted are likely because currently I have device sitting directly on my R7000 wifi router, and the top of the R7000 is fairly warm.
August 06, 2025, 06:08:44 PM #2
So I am expected to bind or tape a fan ontop of those devices? From the description I thought they are passively cooled, if no fan is included.

If I take the 6*2.5GB device, can I connect my devices directly to the firewall instead of running an extra switch on it?

Currently I have a two port link aggr. to my Mikrotik switch, but I guess if I don't need that, I would be fine in that room with 5 ports.

But maybe I oversee something.
August 06, 2025, 07:02:51 PM #3
With a 6 port device you can configure a LAN bridge for 5 ports and essentially get a builtin "switch".

https://docs.opnsense.org/manual/how-tos/lan_bridge.html
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 06, 2025, 07:03:27 PM #4
Quote from: BrandyWine on August 06, 2025, 04:12:51 PM[...]
Small enclosed devices.........  always need a cooling fan on heatsink, or a fan blowing on it. [...]

Pedantic nitpick: Passive cooling is practical with sufficient effort, e.g. with an HDPlex or Streacom enclosure. Example. The kits tend to be (at least comparatively) expensive, require careful selection of components, and, for best results, likely require a bit of fabrication. How would I put it? Not recommended for someone who's looking for an inexpensive turnkey solution.

For commercial compact boxes, I agree: fan-cooled is probably a better bet than passive, but of course it depends on the specific implementation.
August 06, 2025, 07:30:14 PM #5
@Patrick: On the top it's mentioned one shouldn't do this if one considers to have much traffic through it. But it could be okay if the CPU has enough headroom.
So I guess it might be better to connect my mikrotik switch to it. Probably again with link agg. As I have some traffic betweeen vlans.

So if I can't use the CWWK device passively, it's kind of a bummer.
August 06, 2025, 07:38:38 PM #6
Quote from: Simaryp on August 06, 2025, 07:30:14 PM@Patrick: On the top it's mentioned one shouldn't do this if one considers to have much traffic through it.

You can just try. I easily achieved 1 Gbit/s with the FreeBSD bridge on an Atom 3000 based board. I don't have any 2.5 Gbits/s equipment.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 06, 2025, 07:42:41 PM #7
I would have the wifi AP and a Server connected to it. Probably a printer, but this doesn't matter. And maybe a switch in another room. The AP and the server.

I wouldn't like to spent too much time, if it's a bad idea.
August 06, 2025, 09:23:19 PM #8
Quote from: Simaryp on August 06, 2025, 07:42:41 PMI would have the wifi AP and a Server connected to it. Probably a printer, but this doesn't matter. And maybe a switch in another room. The AP and the server.

I wouldn't like to spent too much time, if it's a bad idea.
Here's what I suggest. If you can afford for small i3 that has a fan, go for that.
My N150 has three 2.5G copper and two 10G SFP ports, but I am not sure the device can route&switch that fast. I right now dont even need 2.5G.

Define your metrics, go from there.
August 06, 2025, 09:31:32 PM #9 Last Edit: August 06, 2025, 09:38:37 PM by Simaryp
I am using currently an Asrock J something board with an embedded CPU from 2015 and qn Intel NIC in a modded 19" case.

That works, but I am looking to get something in the size of my Fritzbox and my mikrotik css611, as I want to get rid of the 19" rack and put some small devices in a shelf.

I do nothing fancy and power hungry, no suricata or dpi. It's just routing, wireguard, dhcp and unbound.

Edit: I live in Germany my ISP bandeidth is shit. So 250 down 40 up. Currently most devices are connected over 1G copper, but I probably will connect more via wifi. Probably the server upgrade brings 2.5G for the server.  But worst case I am Streaming on the TV while I do some work on the file server in parallel. So no big traffic.
August 06, 2025, 09:57:56 PM #10
Quote from: Simaryp on August 06, 2025, 07:42:41 PM[...]
I wouldn't like to spent too much time, if it's a bad idea.

As far as time investment, you can set up a bridge on the LAN side of the firewall and plug in as many devices directly as you choose (and have ports assigned for, of course). You don't have to eliminate the bridge if you don't end up using it. (I probably would, but I'm a nut.)

I've used my firewall as my central network distribution point for 15 years, with some pretty tiny devices (Fortigate 100D and 61E).
August 06, 2025, 10:16:40 PM #11
Quote from: Simaryp on August 06, 2025, 07:42:41 PMI wouldn't like to spent too much time, if it's a bad idea.

It's not a bad idea. The FreeBSD bridge has been completely rewritten with a serious amount of money thrown at the problem by the FreeBSD Foundation. The performance gains were five to ten fold. If you can reach full 2.5 Gbit/s depends on so many factors, you will just need to go and try.

It's not more than an hour or two of effort for crying out loud.

Set up a LAN bridge, then check what you can get across it from/to two different PCs, both with 2.5 Gbit/s network interfaces. Don't run iperf from/to OPNsense itself.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 07, 2025, 06:21:33 AM #12
I don't have two PCs with 2.5 G, actually none at the moment. ^^.

I also have no clue how my switch requirements and the placement of all devices will look like. I am searching for a flat now. If all devices are in the living room, near to each other, it might be worth to connect the firewall to the switch via a 10G SFP+ module and the server as well, and all other devices which are around 5 extra too.

In that case, there is a cwwk device with 2 regular lan ports and two sfp+ ports and some small integrated fan. What do you think about that device?
https://www.amazon.de/CWWK-Firewall-Appliance-Computer-OPNsense/dp/B0DSHW8D4L?ref_=ast_sto_dp&th=1&psc=1
August 07, 2025, 08:29:45 PM #13 Last Edit: August 07, 2025, 08:41:19 PM by BrandyWine
Quote from: Simaryp on August 07, 2025, 06:21:33 AMI don't have two PCs with 2.5 G, actually none at the moment. ^^.

I also have no clue how my switch requirements and the placement of all devices will look like. I am searching for a flat now. If all devices are in the living room, near to each other, it might be worth to connect the firewall to the switch via a 10G SFP+ module and the server as well, and all other devices which are around 5 extra too.

In that case, there is a cwwk device with 2 regular lan ports and two sfp+ ports and some small integrated fan. What do you think about that device?
https://www.amazon.de/CWWK-Firewall-Appliance-Computer-OPNsense/dp/B0DSHW8D4L?ref_=ast_sto_dp&th=1&psc=1
I would find one that has 3 copper ports, WAN LAN IOT, something like that.
10G sfp to a switch? What 10G switch are you getting?

For home, technically, 10G managed switch that supports .1q, fiber between fw and switch (only one connection, etc), then everything else is wired into their appropriate vlan (switch port). This way if you want more segments (in fw) it's just .1q config. Simple.





August 07, 2025, 08:41:22 PM #14
Quote from: BrandyWine on August 07, 2025, 08:29:45 PM10G sfp to a switch? What 10G switch are you getting?

For home, technically, 10G managed switch that supports .1q, fiber between fw and switch (only one connection, etc), then everything else is wired into their appropriate vlan (switch port). This way if you want more segments (in fw) it's just .1q config. Simple.

I've got a https://mikrotik.com/product/css610_8g_2s_in in my living room and a https://mikrotik.com/product/CSS326-24G-2SplusRM in my rack.

I am planning to get rid of at least the bigger one. And probably keep the smaller one.

It's all overkill for my needs and I thought for a momrnt to just use the ISP router again. But I like my unbound,my wireguard and the chancetoseperate stuff via VLANs.
Print
Go Up Pages1 2 3 4
User actions