I host a few applications on an Unraid server on my home LAN.
I had 1G fiber from my ISP. I regularly saturate that link and was able to upgrade my internet to 5Gbps. So with that there is now a need for 10Gbe interfaces and layer 1-3 changes to support this. I would target 5Gbps equipment but that seems shortsighted.
I do not want to host PfSense from my aforementioned server
The plan:
Acquire some type of prebuilt PC that can support (or include) a dual port 10Gbe card. I also need this hardware to include at least a 1Gbe port. Hopefully if included the ports are T/Electrical/RJ45.
Add what hardware is missing if any
Use 1x10Gbe port for WAN to ISP
Use 1x10Gbe port to my server
Use 1x1Gbe port to my switch(and the rest of the LAN)
Help needed:
I need prebuilt hardware suggestions…
The smaller the footprint of this box, the better, I plan to keep it in or near my small half depth rack. I have looked into the Netgate lineup and though the comfort of totally compatible hardware is great, I suspect I will be fine with a prebuilt box that supports basic functionality. I know the statement (“basic functionality”) is vague, but the truth is I have a ton to learn and only know enough to be dangerous. I will have to start with the basics and match my google routers functionality which from my testing is the bare minimum that PfSense brings. I’ll venture into all that PfSense can do eventually, so as much compatibility as I can get is ideal.
I need dual 10Gbe NIC recommendations. …
The more I read on the FreeBSD site, the more I hesitate to buy anything. I don’t need to route all LAN traffic in a VPN. But maybe non-server traffic which I would estimate is less than 100Mbps.
Generally it should be quiet, I don’t need it to be silent, but I’m not putting in a nose maker either.
The last thing I should mention is that I would rather use PfSense but the Ubiquiti UDM Pro is very compelling at ~$380 USD. So I can stretch to about $500 all in, but beyond that I don’t know that it would be worth the effort.
I’m sure I have left out some details but I’m happy to provide any additional detail as its asked.
Don’t get too attached to the idea of running pfsense.
When we went up to gig internet in 2020 I did some benches and with identical hardware config I got just over 2gb/s NAT performance on pfsense, but over 5gbs with openwrt. Linux based firewall distro’s route faster and have better hardware support.
Also, you shouldn’t use 10gbe, you should use sfp+, with an rj45 10gbe sfp+ module if absolutely necessary. If you want to be future proof get sfp28 instead of sfp+.
I can’t recommend you hardware as our openwrt install is virtualized, but you might want to consider trying that in the short term, as you would presumably then only need a 10gb card for your unraid server, rather than an extra device.
What @Ruklaw said if you want future proofing on >5Gbit connectivity, I have switched recently to Vyos, running virtualized on Truenas Scale, and am very happy with the perfromance
To your original question, for once an appliance from netgate that doesn’t cost an arm and a leg may be what you want (the Netgate 6100):
I have no recommendation for any prebuild hardware. When you want to stay RJ45 compatible you can look into the Intel X550-T2. Dual 10Gbit RJ45. Important here is that it is also NBASE-T (2.5GBit and 5GBit) compatible and has general BSD support. I run it under OPNSense. You can checkout https://bsd-hardware.info/.
This is probably a good place to start if you want to fire up a VM/use some hardware you have already:
As you’ve seen it can be installed on a range of routers etc although performance on those can be quite limited as compared to what an actual pc can achieve.
Vyos as mentioned above is another Linux based router distro, although as I recall is command line based so perhaps a bit hard to get to grips with - nethserver can work as a router/firewall so might be another good option to look at if you want something a bit easier to manage.
The 10gb ports on the UDM pro cam link at 10gbit, but they have a total aggregated bandwidth (theoretical) of 10 gbit. If you look at the datasheet you’ll see that maximum firewalled performance across the two ports is 3.5Gbps
The supermicro will route at 10gbps between two ports, whether it will be able to apply packet filtering at that speed will depend on the os and the amount of filtering you need… Linux will be able to push more packets than freebsd in general, due to implementation differences of kernel packet filtering
When you say the supermicro is expensive, are you looking at the 1500usd list price or at the 700usd ebay street price ?
800-1000 usd is what you’ll need to spend for a router that can push 10gbit, unless you want to go completely dyi and used… At least for now… The unit from netgate looks promising, but I have no direct experience with it … @lawrencesystems has a video reviewing it though …