Personal computing discussed

Moderators: renee, Steel, notfred

 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 11:34 am

I'm lucky enough to live in an area of good connectivity and, today, put in the order to ugrade my home internet connection to 1Gb/1Gb.

For the past 7 years, a Zyxel USG 50 has been dutifully running interference between my home network and the wild west of the internet. Unfortunately its max throughput is 250Mbps and thats in the best case. Any of the advanced protection/inspection features knocks that way down to around 25-30Mbps. I've really just been using its firewall and VPN facilities and it has been just fine on my current connection (45/5).

Does anyone have a good recommendation for a new firewall/VPN appliance? I plan to go do the research, but I figure there have to be a few people on TR who have gigabit connections at home, so I figured I see what people were using. I'm going to lean more towards the pro-sumer/small business side of things rather than consumer gear.

--SS
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 11:36 am

Are you wanting to do full-time SPI? If so, the EdgeRouter X is out because I think it bottlenecks about 300mbps.
 
DragonDaddyBear
Gerbil Elite
Posts: 985
Joined: Fri Jan 30, 2009 8:01 am

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 11:55 am

I really like my PFSense box. I'm running on an old, super-hungry server, though. If you can find an Intel dual-NIC NUC (or similar) with at least an i3 in it (AES acceleration) it should preform very well. The catch is you want to avoid a Realtek controller if you can. Worst case is you put the Realtek on the inside.

EDIT:
I was perusing the internet to find stuff and I found a device that reportedly does very well with VPN.
https://www.amazon.com/Firewall-Applian ... 64YEPZ17EH
 
TheRazorsEdge
Gerbil Team Leader
Posts: 219
Joined: Tue Apr 03, 2007 1:10 pm

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 12:23 pm

I strongly suggest looking at pfSense and Smoothwall. The consumer router/firewall market has the same problem as the Android tablet market: lots of hit-and-miss products, lots of overpriced stuff, and very few amazing/compelling products at reasonable prices.

With pfSense or Smoothwall:

You'll have virtually total control over how many interfaces and what speeds you run (subject to the hardware being supported, of course). Are 10Gb NICs suddenly affordable? Swap one in.

Regular updates for security and features.

Inclusion of features that are either high rent in the consumer space or only available in SoHo gear.

They're both FOSS products, so you can try them as long as you like. You're only laying out money if you buy hardware, and there are lot of workable low-cost options for that.
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 12:57 pm

Conceptually, I like Ubiquiti gear, but the whole need for an external controller kind turns me off. For AP management, I kind of get it, but I shouldn't need anything outside of the appliance for a firewall.

For those suggesting the roll your own solutions, it's an option, but pretty low on the list. I have plenty of projects and things to tinker with and maintain. I really don't need something else. Plus, we you are looking at ~$250 for the barebones hardware, plus memory and storage, plus my time, at $370 a Zywall USG 60, isn't really much of a jump. Not out of the question, but my tolerance for tinkering is going to be pretty low.

Right now, the USG60 is the leading candidate. It's rated at 1Gbps throughput for the SPI firewall. You are a bit more limited if you turn on IDP or AV scanning, but I don't use those on my current USG50, so no difference there. VPN throughput is specced at 180Mbps, which I am okay with.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 1:30 pm

SecretSquirrel wrote:
Conceptually, I like Ubiquiti gear, but the whole need for an external controller kind turns me off. For AP management, I kind of get it, but I shouldn't need anything outside of the appliance for a firewall.

Just FYI, you don't need an controller. I've never used one for the ER-X Router or the AP.
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 1:56 pm

Usacomp2k3 wrote:
SecretSquirrel wrote:
Conceptually, I like Ubiquiti gear, but the whole need for an external controller kind turns me off. For AP management, I kind of get it, but I shouldn't need anything outside of the appliance for a firewall.

Just FYI, you don't need an controller. I've never used one for the ER-X Router or the AP.


Boy, their documentation sure implies you do.

USG-PRO-4 quick start quide wrote:
Network Requirement

A UniFi Cloud Key or management station running the UniFi
Controller software, located either on-site and connected to
the same Layer-2 network, or off-site in the cloud or NOC
 
DragonDaddyBear
Gerbil Elite
Posts: 985
Joined: Fri Jan 30, 2009 8:01 am

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 2:09 pm

SecretSquirrel wrote:
For those suggesting the roll your own solutions, it's an option, but pretty low on the list. I have plenty of projects and things to tinker with and maintain. I really don't need something else. Plus, we you are looking at ~$250 for the barebones hardware, plus memory and storage, plus my time, at $370 a Zywall USG 60, isn't really much of a jump. Not out of the question, but my tolerance for tinkering is going to be pretty low.


NetGate (PfSense) has gear you can purchase. The more expensive gear is only really needed if you want to push VPN at the full rate you have. That's a reason I like the extra grunt. I use Plex through it. Not "ideal" but I'm paranoid about putting stuff on the internet.
https://store.netgate.com/pfSense/SG-1100.aspx

Says it can do 1Gpbs (but not through VPN).
 
Chaseme
Gerbil Team Leader
Posts: 205
Joined: Thu Aug 28, 2003 6:21 am
Location: Lachine
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 2:45 pm

Edgerouter Lite from Ubiquiti can hit close to 1Gbps. It's affordable, solid/stable and pro enough for the best home setups for sure.

As for needing a controller (UniFi controller etc), that's for products in the UniFi family, Edgerouters are in the EdgeMAX product range and do not need a controller.
This forum owns.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 3:03 pm

I'm still digging my pfsense box also. The only thing I really need from it is a way to create my own DNS entries for setting up local dev sites. I probably could have just installed something from the third party firmware available for the RT-AC66U, but I also didn't want to be stuck configuring all the things.

That was a few years ago now, and overall it's been pretty nifty. I haven't messed with the firewall much, but if you do get something pfsense based just be careful while doing updates...

FYI, I did eventually track down the cause of those sporadic connection problems I was having. It turned out to be something boneheaded on my part, and not a problem with pfsense or any of the other stuff involved here.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
SuperSpy
Minister of Gerbil Affairs
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 3:28 pm

If it were me, I'd roll my own hardware, then stuff pfSense on it. Anything with a modern CPU should be able to do gigabit through the firewall (make sure it has AES-NI support) but might require a clock speed bump or extra cores to do AV scanning or heavy VPN depending on the protocol used.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 3:53 pm

DragonDaddyBear wrote:
SecretSquirrel wrote:
For those suggesting the roll your own solutions, it's an option, but pretty low on the list. I have plenty of projects and things to tinker with and maintain. I really don't need something else. Plus, we you are looking at ~$250 for the barebones hardware, plus memory and storage, plus my time, at $370 a Zywall USG 60, isn't really much of a jump. Not out of the question, but my tolerance for tinkering is going to be pretty low.


NetGate (PfSense) has gear you can purchase. The more expensive gear is only really needed if you want to push VPN at the full rate you have. That's a reason I like the extra grunt. I use Plex through it. Not "ideal" but I'm paranoid about putting stuff on the internet.
https://store.netgate.com/pfSense/SG-1100.aspx

Says it can do 1Gpbs (but not through VPN).


Ports are 1GBps. Hard to find real perf numbers on it, but the one chart I found limits it to 762Mbps with the firewall enabled, at 1500 byte packet sizes. Looking close at the chart (https://www.servethehome.com/wp-content ... rmance.jpg), it looks like it is limited to about 64k packets per second with the firewall enabled. The SG-3100 is capable of about double that, but then you are squarely back in the $350 range and competing with a number of other VPN/firewall appliances. Now, its entirely possible that NetGate is being a bit more honest with their numbers than others, so the SG-3100 is certainly a possible option.
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 4:38 pm

Chaseme wrote:
Edgerouter Lite from Ubiquiti can hit close to 1Gbps. It's affordable, solid/stable and pro enough for the best home setups for sure.

As for needing a controller (UniFi controller etc), that's for products in the UniFi family, Edgerouters are in the EdgeMAX product range and do not need a controller.


Ubiquiti is really not doing the Edgerouters any favors on their website. You have to dig into the user manual to find out that it offers pretty much all the features I care about. The web site presents them as routers when really they are much more capable than that. Need to do a bit more reading, but it might just fit the bill. Do wish is was rack mount. Don't know if the extra for the Edgerouter-4, plus the rack kit, is worth it.

--SS
 
ludi
Lord High Gerbil
Posts: 8646
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 5:40 pm

SecretSquirrel wrote:
Ubiquiti is really not doing the Edgerouters any favors on their website. You have to dig into the user manual to find out that it offers pretty much all the features I care about.
--SS

Ubuquiti is the Linux of network hardware. It's cheap for what it does and the tools are all in there, but the support and promotion comes mainly from the user community.

That said, I've been using the EdgeRouter Lite and a UniFi AP for a couple years in our home and haven't had any problems. The last uptime count was at something like 20 months, and would still be going had a four-hour power outage in January not taken down the UPS.

EDIT: EdgeRouterX.
Last edited by ludi on Wed Feb 06, 2019 12:14 pm, edited 1 time in total.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
Convert
Grand Gerbil Poohbah
Posts: 3452
Joined: Fri Nov 14, 2003 6:47 am

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Tue Feb 05, 2019 10:37 pm

SecretSquirrel wrote:
Don't know if the extra for the Edgerouter-4, plus the rack kit, is worth it.

--SS

I have the ER4 with the rack kit. I only have a 100mb connection but I'd be happy to answer any questions you might have.
Tachyonic Karma: Future decisions traveling backwards in time to smite you now.
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 06, 2019 8:59 am

Opted for the Edgerouter 4. Good comparison of all the Edgerouter specs:https://www.ui.com/edgemax/comparison

The Edgerouter Lite just isn't up to the task on a 1Gb connection when the packet size drops down.

--SS
 
demolition
Gerbil First Class
Posts: 123
Joined: Wed Nov 01, 2017 3:27 am

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 06, 2019 10:00 am

I am very happy with my EdgeRouter X as well. It may not be able to saturate a 1GBps connection if you need SPI, but without SPI it will handle it just fine. Due to the ridiculously low price it may seem like a low-end product at first glance, but it most certainly is not.
 
alloyD
Gerbil First Class
Posts: 178
Joined: Thu Apr 14, 2005 4:44 pm
Location: Missouri

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 06, 2019 1:27 pm

I'm all in on Ubiquiti at home. I have a USG, UniFi switch and AP. The controller just runs in a jail on the server I'm already running at home. It's easy to set up and use, but I wouldn't use the USG if you had complicated routing needs. The network I built for my church is also mostly UniFi stuff and it works great, but I opted for a pfSense router because it offers much finer grain control. That being said, one of the former pfSense developers now works for Ubiquiti on their USG products, so I expect eventual feature parity, but so far progress has been a bit slow.
"The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it." --Neil Stephenson
 
Scrotos
Graphmaster Gerbil
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 06, 2019 5:39 pm

Erlite 3 at home and erpro-8 at work. Work has a gigabit line and I don’t see issues. It only handles a separate WiFi network and not our hard lined network, but it just hums along.
 
Ummagumma
Gerbil
Posts: 42
Joined: Fri May 27, 2016 9:18 pm

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 06, 2019 7:05 pm

I have operated a Linux-based firewall for many years now. I have used Smoothwall in the past. I hear good things about pfSense.

I do not like commercial firewalls because I always find that constrain my desired usage in some way. YMMV

Here's a few things that I have learned from running a Linux-based firewall:

    - The CPU is not likely to saturate/overload unless you are performing DPI (Deep Packet Inspection, for "intrusion detection") or running other "heavy apps" on the firewall.
    - Intel NICs are the way to go. Realtek NICs seem to die or perform poorly compared to Intel NICs when they have to operate around the clock.
    - Memory usage should be low unless you are doing DPI or running other "heavy apps" on the firewall.
    - A good Linux kernel shuttles packets from NIC to NIC via memory, and does so without any delay that you will notice.
    - You should achieve "almost" 1Gbps speeds without issue. Remember there will always be some packet overhead to take away from your total speed.

My current firewall is built on an old (can't buy it any more) Supermicro motherboard, an X11SBA-LN4F that is Mini-ITX format. That uses a Pentium 3700 CPU. I monitor the firewall with Monitorix. My CPU load is typically around 0.2 percent. My memory usage is about 1GB. That platform only sees it's usage surge when I perform Linux updates! You might think CPU and memory usage would surge if you ran multiple Youtube streams, but my experience say, "Nope."

I have run Linux-based firewall software on an even older Supermicro X7SPA-H that is Mini-ITX format and has dual Intel 1Gbps NICs. It uses the old Intel Atom in-order CPU design. It easily handled the firewall job for me, though it's CPU and memory did experience more loading compared to the Intel Pentium 3700 platform.

Some Mini-ITX boards from ASRock and others now have dual Intel NICs. Some only have a PCIe x1 slot (likely a SoC-based board) and others have a PCIe x16 slot (likely a standard desktop CPU board. You can find multiport Intel NIC cards that "should work" in the PCIe x16 slot, but some motherboard vendors are dorks and do something that only allows video cards to work in those slots.

Even a lowest-end dual-core Intel Celeron CPU should have no issues running Linux-based firewall software. If you do DPI or run some "heavy apps" on the firewall then you might have to scale up the CPU and memory. For purposes of experimenting I once scaled my firewall up to an Intel i3-3240 Ivy Bridge CPU and then an Intel C2558-based board. The performance stats from those experiments proved that those CPUs were never pushed to any of their limits; CPU load was something like 0.1 percent at all times.

Consider carefully how you will use the firewall. DPI is reasonable, but it can be CPU and memory intensive, and then you have to consider who is going to review & maintain the DPI function/rules. Running a local DNS and DHCP setup, commonly done with "dnsmasq" under Linux, is reasonable, but be certain to properly secure it. Running other apps, like a database or a drive storage array, might create unwanted security risks. Wi-Fi is another potential security risk. If you stick to something like pfSense or Smoothwall you should be ok since they are very cautious about their product designs.

In closing, the usage and performance profile of a firewall is different, very different, from any desktop and most server computers. That profile difference is due to the very specific nature of a firewall's job, and I am assuming a "purist definition" here, not a "throw everything you want/think into a single box" approach.
Did you expect to read anything useful here?
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Thu Feb 07, 2019 4:08 pm

The wonders of Amazon:

Image

I'm going to try and spend some time with it between now and next Monday. The plan is to set it up with all the same firewall rules, and general configuration, as the Zyplex so that I can just drop it in place.

--SS
 
alloyD
Gerbil First Class
Posts: 178
Joined: Thu Apr 14, 2005 4:44 pm
Location: Missouri

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Thu Feb 07, 2019 4:23 pm

Cool! Let us know how the setup goes, I've never configured any of the Edge gear.
"The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it." --Neil Stephenson
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Thu Feb 07, 2019 8:50 pm

Nice! If you haven’t watched it already, there was a great series that Chris did over on Crosstalk Solutions about Ubiquiti routing.

Here’s part 9:
https://youtu.be/7biQLEka_r4
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Fri Feb 08, 2019 12:15 am

I spent a bit of time, about an hour, poking around the ER4 interface. Definitely friendlier than my old Zyxel. I've got my NAT rules transferred over. I didn't really have to transfer firewall rules because of the nice little "Enable auto firewall" check box. Since I have an single external IP address, I don't have any non-NAT/port fowarded firewall traversal. On a 1G/1G connection, I could bring all my web hosting and other services "in house", but I think I'm ok paying someone else to maintain internet facing systems. I can do it, but it goes back to limited time for tinkering with things and plenty of other things I'd rather tinker with -- like restoring Ms PacMan.

The config tree interface is a bit clunky to use, but once you figure it out, its definitely powerful. Though I think I'd probably drop to full command line for a lot of it.

I think I've got it ready to drop in place though I'm considering whether to hold off until the new service comes online. New router will mean a different IP address, and new service will likely also mean a new IP address. While I have a DCHP assigned address, it has remained unchanged for 3+ years and doing two changes in a short period would be annoying as it means two separate DNS updates. Of course now that I type that, it sounds pretty lazy to try and avoid logging in to the DNS control panel and updating a single record....

---SS
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Fri Feb 08, 2019 10:51 pm

ER4 doing routing/firewall duties on the house network.
Image

Very few issues bringing it online, at least not much related to the ER4. About the only oddity I came across was when I switch the modem setting to make the ER4 a "DMZ" device and assign it my external IP address. Renewing the DHCP lease on the WAN interface on the ER4 was not enough to make it pick up the external IP address. I had to down/up the WAN interface. I don't think this is actually a bug in the ER4, but more a side effect of how DHCP works combined with my modems behavior. Renewing a lease does just that, it asks the DHCP server if it can continue using its existing address for another renewal cycle. Because the IP is still valid on the modems private subnet, it ACKs the renewal. When the interface is taken down and brought back up, it asks for a new lease. The modem recognizes that its supposed to place it in the DMZ and assigns it the public IP. Turns out I didn't pull a new IP address either because its the modem that pulls the IP address, rather than the router.

I did run into one problem. About half way through, as I was starting to test running through the ER4, it switched back to a private IP address and I stopped being able to resolve DNS entries. Took me a bit to realize I had knocked the ethernet cable out of the modem. Found out that, at some point in the past, the latching tab had been broken off the connector and moving the cable would cause it to disconnect. :evil: I now have a new cable running to the modem. While I was looking for the source of the problem, I found that the 5GHz radio was still on on my modem. No idea how long it has been that way, but it does make me wonder how much of the flakiness of my 5GHz Wifi has been because I had two 5GHz APs sitting within about four feet of each other. That has also been fixed.

So things are up and running as fast as ever. Pulled 57Mbps connected directly to the ER4. Mind you, I'm currently paying for a 45/5 connection. Got my appointment scheduled for next Wednesday for the tech to come out. The thought of being about to pull down down the CentOS Everything DVD in around 90 seconds makes me giggle just a little bit. :D

--SS
 
Airmantharp
Emperor Gerbilius I
Posts: 6192
Joined: Fri Oct 15, 2004 10:41 pm

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Sat Feb 09, 2019 1:40 am

Damn, missed all the fun- but running an ER-4 here, for now, with 200/20. I plan on messing with pfSense or OPNsense on the edge and have an appliance for it (J3160-based), but like having a solid, purpose-built setup that I can rely on.

Also, it'll probably handle a 1Gbps symmetrical connection if I ever get one.

As for the Unifi stuff, namely the AP's: you can roll a controller into a minimal Ubuntu Server VM with ease, and throw a UNMS install in right next to it. Have that running on my appliance through ESXi alongside pihole for DNS blacklisting. It's stuff that I want always up; could run it anywhere, but a cheap QOTOM-style box with a bunch of Intel ethernet controllers works very well for this. At some point I'll get pfSense configured on that and play around with a DMZ too.
 
JustAnEngineer
Gerbil God
Posts: 19673
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Sat Feb 09, 2019 5:20 am

Will all switches and cables inside the house keep up with your new 1 Gb/s internet speed? When Xfinity bumped my folks up to 150 Mb/s internet, I noticed that they were using a few old and/or poorly-assembled or damaged patch cables that limited some connected devices to 100 Mb/s.
· R7-5800X, Liquid Freezer II 280, RoG Strix X570-E, 64GiB PC4-28800, Suprim Liquid RTX4090, 2TB SX8200Pro +4TB S860 +NAS, Define 7 Compact, Super Flower SF-1000F14TP, S3220DGF +32UD99, FC900R OE, DeathAdder2
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Sat Feb 09, 2019 10:43 am

JustAnEngineer wrote:
Will all switches and cables inside the house keep up with your new 1 Gb/s internet speed? When Xfinity bumped my folks up to 150 Mb/s internet, I noticed that they were using a few old and/or poorly-assembled or damaged patch cables that limited some connected devices to 100 Mb/s.


Yes. I'm lucky enough that the house was wired with quality cable. Between my workstation and the file server upstairs, there are three switches (Dell 2824, Netgear GS308, and D-Link GO-SW-8G) and six cable segments. Measured transfer rates are 942Mbps and that's with a 1500 byte MTU. Server to server, only crossing the Dell switch gives 943Mbps. I'm sure I could eek out a little bit more by turning on jumbo frames, but since not everything in the house may support them, it would likely cause more problems than I care to deal with.

--SS
 
SecretSquirrel
Minister of Gerbil Affairs
Topic Author
Posts: 2726
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Upgrading internet connection, time to upgrade firewall -- recommendations?

Wed Feb 13, 2019 10:17 pm

Image

Though their was a bit of silliness in the process, the install went smooth. I say install because what should have been an upgrade turned out to be a full blown new install, up to, and including, running new fiber to the house. Though I ordered an upgrade from DSLExtreme, but the time the order was sent out to the installation tech, it had been transmogrified into a new account install with notes to leave the existing account in place, so no reusing equipment or wiring. So now, I have a house with two gigabit capable fiber lines terminated at the garage. I could actually have, if I wanted to pay, two gigabit internet connections. Now, since I likely couldn't bond them, and since they go to the same splitter, there wouldn't be any redundancy, and I'd just be fighting with myself for bandwidth.

Web browsing is a bit snappier, but where I really notice it is when uploading images for sharing. I click ok, and it's done. No upload bar, not delay. It was unnerving at first.

Of course I had to download something big, with something fast. CentOS 7 "everything" DVD, via bittorrent.

Image

Image

The Edgerouter 4 seems to be doing well. I haven't run anything that would generate massive amounts of tiny packets, but for my normal usage it looks like a champ.

--SS

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On