So after many months of research, planning, failed and successful experiments, my home network is shaping up to be exactly what I want.
Not to get too deep into my VLANs etc. objective 1 was to remove ISP equipment. I succeeded in doing that and was able to replace the ZTE F680 with a UFIBER LOCO ONT and my own pfSense router. This was great, but the objective has continued to be replacing the stand alone ONT with an SFP ONT module, plugging directly into my network. This is about to become a reality thanks to a company here in Spain called Carlitoxx pro. They have an SFP module that runs a scaled down version of OpenWRT, and allows tuning of S/N, and other parameters that an ISP uses to identify the equipment connected to the line.
Disclaimer I am in a country where there is no law against removing the ISPs POS and connecting the customers own equipment. the barriers to doing this are strictly the limited information that the ISPs share. I don’t know the legalities in the U.S. or at what point removing the ISPs equipment becomes a legal issue. You should defiantly research this prior to messing with stuff and make sure your not breaking any laws.
Moving on, I currently have an Unraid server I use for a media server, and NAS, it has a Quadro P400 for trans coding, encoding, and folding I have a switch with an SFP port. So I have a few options on how to deploy this. I thought it may be neat to get input on it.
The simplest implementation would be to swap the NIC in my pfSense box with an SFP Card and continue business as usual. Benefits I see here is simplicity, and time I should have this up and running fairly quick. negative is the lack of a result for the expense of time and money.
option is to use VLANs to deploy my WAN directly to the switch. This is almost entirely a software task, can be deployed quickly, and I can also install pfSense in a VM on my server, and write a script to automatically spin it up the VM should the router go down. An alternate configuration would make the VM the primary router, decreasing power consumption, and allowing me to take advantage of AES instruction sets for encryption. Negative I see on this one is the posabilty of power constraints on the switch now allowing me to power the SFP and VoIP phone via PoE, and if I have a core tied up, for my router I need more cores, in other words, I am close enough to resource limits on the CPU on the server already, a backup router VM would run fine today, but in a year??? at this point I have maxed out the CPU I can put on this motherboard, so a server upgrade will include at M/M, CPU, and RAM. I know first world problems.
Finally there is the idea to connect the internet directly to my server, and use a VM to route. Advantage here the computer doing most of the download and uploading is connected directly to the WAN, this would also include a 10Gbit SFP direct link between the server, and the switch, increasing the bandwidth to access the serve. Negative here is first how complicated it is, the loss of redundancy isn’t a deal breaker, and I have a plan for that but it is far more complicated to execute. the server is on a ITX board, so installing the SFP card, would mean removing the GPU, I’m not completely oppose to that, I didn’t have it before and it was fine, and I could use it in a thin client I have to make a console for PS2 emulation.
So there you have it, if you have questions, or more importantly if you see I have missed something or could improve something, please contribute.