Seeking Advice on Forbidden Router/Server Build

Hey everyone,

I’m planning a server/router build for my new home and wanted to tap into your expertise. I’d love your thoughts on the hardware I’m considering, any compatibility concerns, and suggestions for improvements.

Goals

Instead of a separate router and server, I’m combining them into one system. I’ll be using Proxmox with a VM running pfSense (or OPNsense) as the router, and hosting multiple other VMs (e.g., Home Assistant, NVR, k3s). Here’s what I need:

  • Solid Linux/virtualization support (good IOMMU groups).
  • Pass-through for GPU and NIC.
  • Enough horsepower for my workloads.

Planned Hardware

  1. CPU: AMD Ryzen 9 7950X

  2. RAM: 2x48GB DDR5-6000 (CL30-36-36-76)

  3. Mainboard:
    a. ASUS ProArt X670E/X870E-Creator WiFi

    • Direct CPU Lanes:
      • PCIe 5.0 x16 (at x8) for GPU (I’m reusing a GTX 1080, which should be fine at PCIe 3.0 x8).
      • PCIe 5.0 x16 (at x4, since all m.2 slots will be used) for the NIC.
      • M.2 SSD at PCIe 5.0 x4.
    • Chipset Lanes:
      • 2x M.2 SSDs (PCIe 5.0 x4, PCIe 4.0 x4).
      • Integrated 2.5G LAN (Intel I226-V) and 10G LAN (Marvell).

    b. Gigabyte X870E Aorus Pro (alternative option)

    • Direct CPU Lanes:
      • PCIe 5.0 x16 (at x8) for GPU
      • 3x M.2 SSDs running at PCIE5.0 x4
    • Chipset Lanes:
      • 1x M.2 running at PCIE4.0 x4
      • 1x RJ-45 2.5Gb LAN (Realtek)
        I prefer Intel or Marvell NICs
      • PCIe 4.0 x4 for the NIC
        From what I’ve read I get a few microseconds latency per chipset, but my gut feeling (scientific, i know) is that i won’t notice it, even if i have two 10G devices talking through the firewall with heavy workloads.
  4. NIC: Intel X710-DA2
    With the Mainboards above it’ll run at PCIe 3.0 x4 (instead of x8), sufficient for two 10G ports, right?
    Any similar cards currently being phased out on ebay?

I’ve watched Wendell’s thoughts on the ProArt X670E, and it seems like a great fit for me. The Gigabyte board has one more m2 which would allow me to have 1 main SSD (Samsung 990 PRO 2TB?) and 3 m.2 for raid-z. Parity checks would be nice but I can do without, this won’t be a HA setup anyway, also no ECC.

Thoughts on these boards? Any other recommendations for my setup?

I couldn’t find similarly priced server hardware that ticks my boxes. Epyc Milan is pricey, but i don’t want to go further back in generations. Extra lanes are lovely but it’s hard get a nice balance on efficiency and price. I’m open to suggestions.

Network Switch

I need a switch that supports:

  • 4+ PoE+ ports (preferably 2.5G, but 1G is fine).
  • 2+ 10G SFP+ ports: 4 preferred.
  • 16+ additional ports (1G RJ45 or SFP, PoE not required).
  • Managed Layer 3 or Layer 2+ (VLAN tagging is a must, inter-VLAN routing is optional).
    • VLAN tagging is a must, i have devices on the switch that must not talk to each other (IOT)
    • inter VLAN routing is a nice to have

Here are some options I’m considering:

  1. MikroTik CRS320-8P-8B-4S+RM

  2. MikroTik CRS328-24P-4S+RM
    For all the love on reddit, MikroTik seems to have an aversion to 2.5G Poe.

  3. UniFi Pro Max 24 PoE
    Sadly only 2 SFP+ Ports, but the only option i’ve found with 2.5G poe.
    I’d need to self-host a UniFi Controller.

  4. FS S3400-24T4SP
    I get their Ads regularly but I’ve not seen them recommended in r/homelab a lot. Still looks like good value.

  5. FS S3200-8MG4S-U
    Does not fit all my criteria, but I’m open to a combo suggestion and this would cover the POE and could serve as an aggregation.

What do you think of these? Are there better options that fit my requirements without breaking the bank?

Thanks for reading this far! I’d appreciate any feedback or ideas you have. Looking forward to your insights!

For anyone still reading, a Bonus Topic:

Cameras

For my NVR setup, I’m looking for WiFi cameras that:

  • Don’t rely on cloud services (updates are fine).
  • Integrate well with self-hosted NVRs or Home Assistant.

I’ve seen UniFi cameras mentioned often, and Reolink seems popular too—though I’m unsure if that’s due to quality or marketing. Suggestions?