Trace: Router Hardware

Router Hardware

This is an old revision of the document!


(Jan 2023) For my router, including DNS (BIND9) and DHCP (ISC DHCP) I am using a Supermicro SYS-E200-9B that comes with a Supermicro motherboard X11SBA-LN4F. I purchased this in 2016 and got functional in 2017, whilst waiting for NFTables to run all required features on Ubuntu. The X11SBA-LN4F has an Intel Pentium N3700 system with 4 x Intel i210-AT GbE LAN. I got with maximum 8GB RAM and 120GB mSata HD. Sadly the mSata HD was a Chinese branded unit that failed after 3 years operation. I replaced it with an old Samsung 256GB 860 SSD that I had on hand. I also took the opportunity to change the router from Ubuntu to Debian at this time. The N3700 CPU had reasonable performance at the time and includes AES instruction, which a number of common lower priced options at the time did not, e.g. J1900 CPU. The AES CPU instruction helps improve encryption performance significantly, handy for SSL / VPN. The unit is still performing well now. including the 10 year old Samsung SSD. I run the following software on it, all bare metal:

  • NFtables for firewall and routing
  • Bind9 for DNS
  • ISC DHCP for DHCP
  • Wireguard for remote access to my network

I would consider to try setting up a VM and Docker on this machine, however I suspect it maybe under powered for this. I would want Docker to be on a VM as I do not like the amount of IPtables configuration it does on its host. This would interfere with my NFTables router firewall configuration, if on the same host.

I looked at the various options for the router hardware, written in 2016.

tldr;

Comments on Proxmox;

tldr

  • DNS
  • DHCP
  • VPN (for secure public access to LAN)

Assumptions and Limitations

  • Low power means low CPU resources, hence care with applications that require significant or otherwise unnecessary resources.
  • Some services on bare metal to ensure reliable performance
  • This machine is much slower than usual hardware, and this is noticeable on interface usage, even no graphical.
  • The network and related services performance must NOT limit performance on upstream IP connectivity to greater than 100Mb/s and preferably only limit as speed get close to NIC's 1 Gb/s hardware speed. (At the moment my internet connection is via VSDL and is limited to about 65Mb/s down and 16MB/s up and this hardware and setup seem to be performing well.)

Docker really does some work on the firewall using iptables. For this reason I decided to setup a virtual machine (VM) environment, Linux QEMU/KVM/Libvirt based. VM's seem to impact the firewall / network setup less adversely than Docker. The use of the VM isolates the Docker firewall machinations from the bare metal.

Why not Proxmox

  • I have not used to date, this is I have no experience with Proxmox
  • I already have a lot of experience on run Debian, libvirt/qemu/kvm, which is what Proxmox seems to be built on
  • Proxmox seems to need to be installed on bare metal. I am not so sure this would work well with my bare metal firewall feature requirements

Specific issues with use of headless X11SBA-LN4F hardware

IPMI KVM Display Problems

Forcing Display option at boot in Ubuntu

Controlling BMC Terminal Resolution in Ubuntu

Router Ethernet Hardware Consideration

/app/www/public/data/attic/linux_router/hardware.1681608847.txt.gz · Last modified: 2023-04-30 Sun wk17 17:44
CC Attribution-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International