Router Hardware

• Processor: Intel Alder Lake-N i3-N305 (Also N100 option, stadnard without system fans)
• Memory: 1 x SO-DIMM DDR5 4800MHz, 32GB(SAMSUNG).
• Ethernet Ports: 2 x Marvell AQC113C-B1-C 10Gbps Network cards(via PCIe 3.0 x 2), 2 x Intel i226-v 2.5G network cards (via PCIe 3.0 x 1)
  • AQC113C-B1-C is a 6-Speed Commercial Temperature Grade, RoHS 6/6* network chipset
• Storage: 2 x M.2 2242/2280 NVMe SSD, PCIe 2.0 x 1
• USB Ports: 2 x USB-A 3.0(5Gbps), 1 x USB-C 3.2 Gen2(10Gbps)
• Display: HDMI 2.0 and Type-C display output with 4K 60fps support
• Cooling System: Full aluminum body passive cooling, dual 4010 fans active cooling for aluminum fins
• System Compatibility: Compatible with Windows, Linux, pfSense, OPNsense, OpenWrt, Proxmox VE, VMware ESXi, Unraid and more
• BIOS: AMI EFI BIOS with Auto Power-on, WOL, and PXE support
• Power Supply: DC IN 12-19V
• Dimensions: 157 x 118 x 40 mm
• Weight: Main unit 1050g (1110g for Fanless Unit), packed about 1600g
• More:
  • Product wiki: wiki.ikoolcore.com
  • Drivers, BIOS, Firmware: dl.ikoolcore.com

More Information AND FAQs, please visit wiki.ikoolcore.com.

For my router, including DNS (BIND9) and DHCP (ISC DHCP) I am using a Supermicro SYS-E200-9B that comes with a Supermicro motherboard X11SBA-LN4F. I purchased this in 2016 and got functional in 2017, whilst waiting for NFTables to run all required features on Ubuntu. The X11SBA-LN4F has an Intel Pentium N3700 system with 4 x Intel i210-AT GbE LAN. I got with maximum 8GB RAM and 120GB mSata HD. Sadly the mSata HD was a Chinese branded unit that failed after 3 years operation. I replaced it with an old Samsung 256GB 860 SSD that I had on hand. I also took the opportunity to change the router from Ubuntu to Debian at this time. The N3700 CPU had reasonable performance at the time and includes AES instruction, which a number of common lower priced options at the time did not, e.g. J1900 CPU. The AES CPU instruction helps improve encryption performance significantly, handy for SSL / VPN. The unit is still performing well now. including the 10 year old Samsung SSD. I run the following software on it, all bare metal:

• NFtables for firewall and routing
• Bind9 for DNS
• ISC DHCP for DHCP
• Wireguard for remote access to my network

I would consider to try setting up a VM and Docker on this machine, however I suspect it maybe under powered for this. I would want Docker to be on a VM as I do not like the amount of IPtables configuration it does on its host. This would interfere with my NFTables router firewall configuration, if on the same host.

I looked at the various options for the router hardware, written in 2016.

• A small ARM based machine, e.g. Raspberry Pi 3. (The current RPi looks much more capable.) However these machines are generally limited in a number of way, including by definition not x86 based. Many do not have more than one NIC and the NIC are often not full Gigabit. (To be fair this hardware may be sufficient in most cases, as most homes do not have better than 100Mb/s internet connections, and in general much slower.) The main upside is that they are small, low power and relatively cheap. Those with only one NIC need to be setup with USB NIC adaptors, that further complicates setup, performance and reliability. Although better spec'ed machines, e.g. with multiple gigabit NICs, start getting more pricey too. I suppose you get what you pay for….
• The Raspberry Pi 4 & 5 looks like a much better option than earlier versions for a home router. Still has the complexity of only native 1 NIC, but that is full 1Gbe and there are 2 USB 3 port to allow another full 1Gbe NIC off USB.
• An older x86 based machine. The main downside to these is poor power consumption and large size, even an old server tends to use more than 30W at the wall, or greater than $60/year power. Also the board I had only had one built in NIC, so I would need a PCIe NIC card. There is also the issue of reliability and performance for the older hardware, although it is probably good enough in this respect. That all being said if one is strapped for cash this may be a good way to start as the upfront cost would be smallest, if not zero.
• At the moment, 2016, there are a lot of Intel Celeron J1900 based units with 4 NICs around. The J1900 is an older CPU, 4 cores, 2.0-2.42 GHz. Also in many cases the NIC hardware is older, particularly on the cheaper units, so care must be taken if you want to ensure more up to date hardware. These machines are a good option, low power (~8 - 10W), small size. They come with 2 SATA ports and mini PCI-E slots. By the time you fit them out they cost out USD250 - 350, with 4-8GB RAM and 120GB mSata drive. The cheaper options are as noted above usually with older NIC hardware and lower memory and HD size and can be had at even lower prices.
• I decided to get a Supermicro SYS-E200-9B that comes with a Supermicro motherboard X11SBA-LN4F, an Intel Pentium N3700 system with 4 x Intel i210-AT GbE LAN, from Mitxpc. I got with maximum 8GB RAM and 120GB mSata HD. The N3700 CPU is more modern than the J1900 and includes AES instruction that the J1900 does not have. The AES CPU instruction helps improve encryption performance significantly, handy for SSL / VPN. Otherwise the overall performance is similar (4 cores at 1.6-2.4GHz) and power slightly lower than the J1900. (The Intel LAN controllers are also the more modern ones). This unit also comes with a dedicated IPMI LAN Port, allowing full remote KVM operation on the network. A downside of the IPMI is that it uses another 3.5W of power (1W power 24/7 costs $2.29/year @ $0.25/kWhr, so 3.5W IPMI costs $7.67/yr extra for power over the main units 9W at $19.71/year). The upside is that the unit can be remotely off-site operated, with configuration options for auto on at power up and heart-beat with auto reset. (My home server is also a Supermicro based unit with dedicated IPMI LAN Port and has given me a good 5 years of service to date.) Downside is mainly the price, USD490 + delivery, as these units are not sold locally I purchase in USA and had it mailed at USD75. In any case this hardware should allow for a router with great performance for some years to come. Again you get what you paid for….. So some 7 years later I am having problems with the BMC on this unit, it is very unreliable now and requires the entire computer is reset, which in many aspect defeats the purpose of having it. The main unit otherwise works, but it is now much more difficult to use headlessly. The main unit is still go enough for my home internet which can be provided up to 1000Mb/s, however is usually much lower than this upstream….

I don't see the point installing a 64bit OS on systems with less than 4GB of RAM. A 32bit OS can only natively access up 4 GB RAM, but should give better compromise with such limited RAM.

• I have not used to date, this is I have no experience with Proxmox
• I already have a lot of experience on run Debian, libvirt/qemu/kvm, which is what Proxmox seems to be built on
• Proxmox seems to need to be installed on bare metal. I am not so sure this would work well with my bare metal firewall feature requirements