Small formfactor router

[BrandyWine]

10G sfp to a switch? What 10G switch are you getting?

For home, technically, 10G managed switch that supports .1q, fiber between fw and switch (only one connection, etc), then everything else is wired into their appropriate vlan (switch port). This way if you want more segments (in fw) it's just .1q config. Simple.

I've got a https://mikrotik.com/product/css610_8g_2s_in in my living room and a https://mikrotik.com/product/CSS326-24G-2SplusRM in my rack.

I am planning to get rid of at least the bigger one. And probably keep the smaller one.

It's all overkill for my needs and I thought for a momrnt to just use the ISP router again. But I like my unbound,my wireguard and the chancetoseperate stuff via VLANs.

On the smaller MikroTik, what's the packet mem buffer size? I am curious about the device.
Two 10G ports, one for fw and one to the ISP, the others are just 1G. 10G to the ISP? DOCSISv4 maybe? So fiber to home?
Would be nice if they made the 1G's into 2.5G, that would be sweet. Which they have CRS310-8G+2S+IN. I still wonder buffer size though, so I have to find out.

[Simaryp]

I don't know about the buffer size.

10G to the ISPs modem/router would be useless for me. I only get 250/40 mbit/s.

I only considdered 10G from switch to a possible opnsense firewall to not get throttled if there is multiple inter-vlan routing. And I considdered using the other port for a possible 2.5G server, so that two wired clients could get full speed.

But also that is not necessary and I think a full 1G setup would be sufficient.

I only want to find a silent, small and power efficient device to replace the bigger MITX router, I build.

[pfry]

On the smaller MikroTik, what's the packet mem buffer size? I am curious about the device. [...]

Heh. We're getting way off topic here, but hey. Look at RouterOS Bridging and Switching. Lots of interesting capabilities for some devices. Mostly useless to me, since I run everything through my firewall. The CSS610 is a SwitchOS device.

[...]
But also that is not necessary and I think a full 1G setup would be sufficient. [...]

A bird in the hand... uh... makes paying for a bigger bird unattractive? Anyway, it's easy enough to upgrade when/if you care to.

[BrandyWine]

On the smaller MikroTik, what's the packet mem buffer size? I am curious about the device. [...]

Heh. We're getting way off topic here, but hey. Look at RouterOS Bridging and Switching. Lots of interesting capabilities for some devices. Mostly useless to me, since I run everything through my firewall. The CSS610 is a SwitchOS device.

I have been using virtual wire setups in Palo Alto, and way older L2 bridging Fw's (decades ago),..... for a long time. Bridging is nothing new, and not all that "interesting".

[BrandyWine]

I only want to find a silent, small and power efficient device to replace the bigger MITX router, I build.

N150 is very power efficient. An i3 can be easily power managed.
There's probably 1,000 mini devices with each cpu that meets your needs. Dig some up, toss up here what you found.

[Simaryp]

I only want to find a silent, small and power efficient device to replace the bigger MITX router, I build.

N150 is very power efficient. An i3 can be easily power managed.
There's probably 1,000 mini devices with each cpu that meets your needs. Dig some up, toss up here what you found.

I linked several here already.
Active cooling 2xRJ45 2xSFP+:
https://www.amazon.de/CWWK-Firewall-Appliance-Computer-OPNsense/dp/B0DSHW8D4L

Fanless 6xRJ45:
https://www.amazon.de/CWWK-Upgraded-Firewall-Appliance-3-Display/dp/B0DTB6LZRQ

Fanless 4xRJ45:
https://www.amazon.de/CWWK-Upgraded-Firewall-Appliance-3-Display/dp/B0DTB6LZRQ

Active cooling 2xRJ45:
https://www.amazon.de/CWWK-Upgraded-Pocket-NAS-Expandable-2-Display/dp/B0DZCPLM8W

I am a person hearing the grass growing. So if I could probably get away fanless with no custom cooling and the device has no ugly coil whine etc. that would be nice, because it probably stays in my living room.

[Simaryp]

I could get this cable here:
https://mikrotik.com/product/xs_da0001
Buy the twoSFP+ variant with cooling and connect the router to the switch, and use one RJ45 for my ISP router.

If the thing stays cool and quiet, it might be a good solution I guess. Sadly I have no info about that.

[BrandyWine]

If only one fiber cable, then is it .1q?
.1q to fw (1 cable) will always mean 1/2 iface for total bandwidth. But 5G is still 2x that of the copper 2.5G.

I myself like the one cable design, less mess.

Get the i3 fan version. The fan is silent during the day. At night you might hear a slight fan.
https://www.amazon.com/Firewall-Hardware-82599ES-OPNsense-Appliance/dp/B0F7QR8KLQ
When my needs get to that level, i'll replace my N150 for i3 version.

Funny how they added description like that, but the i3-N305 is dual mem channel capable, significantly way better than single mem channel N150.

[Simaryp]

Do I need the power of the N305?
Why this one instead of the N150 I linked?

I thought about simply getting this cable and plug it between switch and firewall and then forget about it forever.
https://mikrotik.com/product/xs_da0001

I should considder to connect the AP to a FW port, if I get a 2.5G capable AP I guess. But foe the moment it wouldn't matter, as it's only 1G.

[BrandyWine]

I think once you start to talk about 10G links, even though you may not fill it now, choosing hardware that is better suited for that ("future proof") is not a bad idea. It's the same chassis btw.

I understand the cable, I just not sure it's needed if your fw will be a N150. With N150 I myself would probably just use the copper up to the 2.5G ability of the ifaces.

The i3-N305 is just way better than the N150.

[Simaryp]

My current performance and setup would be probably fulfilled with anything having two 1G ports.

Being future proof is nice though and with the switch I could already establish a fiber connection, although I might not need it.

But the SFP+ i3 version costs easily over 400€ and I am quite sure I cant utilize that power anyways.

My main focus is. Get rid of space consuming and power hungry 4*1G solution, with something quiet, tiny and at least on par. Ideally I can just install opnsense and upload my config. If it is better like 2.5G or SFP I hapily take it.

And quiet meens quiet. I can hear the coilwhine from my monitor if the laptop is charged in standby. I like if things don't make noise.

[BrandyWine]

Then start with an N150 device, fan cooled, the one you listed.

[Simaryp]

Thanks for the help. Found also some videos on youtube with reviews. The devices from prev generation seem to be quite power hingry in idle and ptobably noisy.

I will try to find out about the powerdraw of N150. Probably,if the boards without fan have a pwm header I would go for them and strap a Noctua on them.

[Simaryp]

Probably I will also step down a bit on the vlans. If there is not much intervlan routing, the 10G between FW and switch would be wasted. And I went maybe a bit too far on segmenting everything. I read it comes also with some higher power usage.

[meyergru]

Before I used my 10G specimen, I had a 4 port N100. YOu can easily get away with that when you configure one NIC for your main LAN and another one for IoT, Guest and so on. Matter-of-fact, if your internet connection does not give you more than 2.5 GBps, there will be no bottleneck for either path and even for bidirectional inter-VLAN traffic, it will most likely suffice.

That is because you usually only have traffic between your main LAN and any one of the others, but not between the latter.

With more than 4 ports, you can even segment into more (V)LANs like this.