Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3]

Author Topic: OPNsense, fanless N100/N305 barebone router options  (Read 4543 times)

heavyrain

  • Member
  • **
  • Posts: 31
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #30 on: February 23, 2024, 06:56:44 PM »

What do you think about this?

https://www.amazon.co.uk/CETAITUN-Firewall-N100-OPNsense-Computer/dp/B0CJC4J5RC

More expensive but 2 more Ethernet ports.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #31 on: February 23, 2024, 11:35:19 PM »

Thats from a Chinese seller as well just different marketplace, looks fine for firewall use.  Overpriced though in my opinion compared to what some of us on here have been paying.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5270
    • Thinkbroadband Quality Monitors
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #32 on: February 24, 2024, 12:33:24 AM »

You can I assume buy a NUC from somewhere like amazon but it will be more expensive.

Everything I have purchased from ali has arrived in working order, the issue with them is people buying things like fake branded samsung storage that is too good to be true.  But these NUC's are the real deal on hardware.

Ali also has buyer protection.
I definitely want 4 Ethernet ports (may aswell be 2.5 Gbps I guess). 1 for WAN, 1 for Eero and allowing 2 wired connections for PCs.

That's not generally what you use the ethernet ports for as that requires making them into a bridge (if you don't want each port to be its own independent LAN) which uses CPU time to switch the packets (most consumer routers have an actual switch inside which handles this) so is competing on the CPU with actual routing.  Its also very fiddly to configure in pfSense without locking yourself out of the WebUI as its not really intended to bridge your main LAN for the reason above.

I've done it, it works fine but if you were to copy files between things connected to different ethernet ports it potentially would slow down the Internet due to overhead on the routers CPU.  If you don't need 2.5Gbit on those devices, a cheap switch is highly recommended instead of doing this.  If you do need 2.5Gbit then a not so cheap switch would be needed.
« Last Edit: February 24, 2024, 12:35:37 AM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

heavyrain

  • Member
  • **
  • Posts: 31
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #33 on: February 24, 2024, 08:20:41 AM »

Oh I didn't know that. So say I had this N100 device and I connected a printer to the eero system, every device connected to the eero would see the printer but on the other ethernet ports of the N100 that had say a pc connected, I couldn't see the printer since it's a different lan? Like this:



But the below would allow any device to see the printer if it was connected to the switch?



Is there any type N100 devices that have a switch built in or am I better just abandoning OPNsense and getting a OpenWRT compatible router?



« Last Edit: February 24, 2024, 08:24:45 AM by heavyrain »
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5270
    • Thinkbroadband Quality Monitors
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #34 on: February 25, 2024, 01:56:41 AM »

By default a router OS will have 1 WAN port and 1 LAN, the others will be unassigned as they are intended for say if you want other physical LANs or multi-WAN.

There are no PCs with built-in switches I'm aware of, I've been dismayed about this myself for years but the workaround of bridging those ports into a single LAN for low-bandwidth devices has always worked fine, its just not recommended.

You have to realise an OS like pfSense is intended for more advances users where all the things you normally have in a combined gateway is split-out into its individual pieces.  This way you get to choose if you have an unmanaged or managed switch for the LAN, what WiFi Access Points you want, etc.  Its not intended to be your entire network in a single box like consumer routers are.  I used OpenWRT for years on consumer routers, then on a PC, before moving to pfSense. Immediately I felt pages loaded faster even compared to OpenWRT on the same PC.

So yes, the second picture is what you want.  Its likely a 4 port appliance is cheaper than a 6 or 8 port anyway, the difference should get you a cheap Chinese  2.5Gbit switch.
« Last Edit: February 25, 2024, 02:00:26 AM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

j0hn

  • Kitizen
  • ****
  • Posts: 4098
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #35 on: February 25, 2024, 03:40:18 AM »

I used OpenWRT for years on consumer routers, then on a PC, before moving to pfSense. Immediately I felt pages loaded faster even compared to OpenWRT on the same PC.


The difference in latency between different router chipsets is below human perception. Latency between to cheapest Talktalk hub and a 300 Asus router or dd-wrt/openwrt running on high end hardware isn't visible on a ping/bqm.
When the connection is heavily utilised is a different matter.

The advantages of things like pfsense is the configurability and the efficiency of good code when a lot is getting thrown at the CPU.

Simply browsing a website over a wired connection with little other traffic on the network will be near identical between any modern router.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5270
    • Thinkbroadband Quality Monitors
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #36 on: February 25, 2024, 03:51:27 AM »


The difference in latency between different router chipsets is below human perception. Latency between to cheapest Talktalk hub and a 300 Asus router or dd-wrt/openwrt running on high end hardware isn't visible on a ping/bqm.
When the connection is heavily utilised is a different matter.

The advantages of things like pfsense is the configurability and the efficiency of good code when a lot is getting thrown at the CPU.

Simply browsing a website over a wired connection with little other traffic on the network will be near identical between any modern router.

It certainly wasn't, I know it "should" be but the browser was clearly more responsive.  I can't explain it scientifically either, but it was observable.  Its not that I thought it was faster because I expected it, as I wasn't expecting any difference.

Now if it would still be the case on modern hardware, perhaps not, without adblock you tend to run into the awful performance of advert servers and their janky Javascript more than anything.

But now I'd never go back to OpenWRT because its a PITA to update on PC, would be extremely hard to replicate my configuration and consumer router wise they'd choke on my monitoring scripts.
« Last Edit: February 25, 2024, 03:57:03 AM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

heavyrain

  • Member
  • **
  • Posts: 31
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #37 on: February 25, 2024, 12:45:14 PM »

Might sound like a stupid question but see if you follow the opnsense setup wizard does that like auto configure firewall zones on the wan for you or is that all manual?

I can't say much about the page loading but I did have weirdness years ago when I had IPv6 enabled on a BT router. Pings would be much worse. That's auto enabled on OpenWRT, maybe not on OPNSense.

I don't know when you last tried OpenWRT but the inclusion of wifi 6 hardware has had a big increase in the availability of processing power and RAM. You can now run SQM Cake at over 2 Gbps which was previously unheard of. That seems one area that OPNSense lacks over OpenWRT, the SQM. Cake is not a an option on OPNSense and the fq_codel on OPNSense from what I saw is much worse giving only A results. A+ is basically guaranteed on OpenWRT with little to no configuration.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #38 on: February 25, 2024, 02:47:01 PM »

Features like "serve expired " on unbound DNS can make a very noticeable impact on browser responsiveness, every page access requires at least one DNS lookup, the majority require multiple, and now days low TTL is common on mainstream services.

OPNSense and pfSense both support this feature as an example but your typical ISP hub, Zyxel or whatever wont have that thing in mind.  So what Alex observes I dont think is snake oil.

Quote
serve-expired: <yes or no>

    If enabled, Unbound attempts to serve old responses from cache with a TTL of serve-expired-reply-ttl: in the response without waiting for the actual resolution to finish. The actual resolution answer ends up in the cache later on.

But yeah pfSense can be ran as a switch, it just isnt designed to be run that way and it will be a software emulated switch.

My opinion is all in one box solutions are just not the way to go for an optimal setup, I use OpenWRT for managed switches and AP's and I use pfSense for firewall, DHCP and routing.  When on xDSL I also deliberately kept the modem separate as well so its uptime was independent of the rest of the setup.

Heavyrain yep both the sense's qre behind on shaping, its because the underlying FreeBSD doesnt have them implemented.  I have played with Cake and I have the opinion it is superior for home broadband connections.  FQ_Codel can be improved with some tinkering though, its defaults are more suited for very fat pipes than things like DSL.
« Last Edit: February 25, 2024, 03:32:16 PM by Chrysalis »
Logged

heavyrain

  • Member
  • **
  • Posts: 31
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #39 on: February 25, 2024, 04:31:05 PM »

Will it matter what type of Switch I end up getting? Is something like a Netgear GS305 to low end?

Logged

doofus

  • Member
  • **
  • Posts: 15
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #40 on: February 25, 2024, 10:01:51 PM »

Hi Alex Atkin UK,

you seem to have loads of dropped packets (red on the top) of your BQM graph: https://www.thinkbroadband.com/broadband/monitoring/quality/share/d4f4686308b345d3b095b3c0542a1d88
Do you think your router is under powered or the ISP is overloaded perhaps?

Logged
AAISP 1000/115, Openreach FTTP

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5270
    • Thinkbroadband Quality Monitors
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #41 on: February 27, 2024, 01:35:21 AM »

Snapshot from when you commented on 25th:


Hi Alex Atkin UK,

you seem to have loads of dropped packets (red on the top) of your BQM graph: https://www.thinkbroadband.com/broadband/monitoring/quality/share/d4f4686308b345d3b095b3c0542a1d88
Do you think your router is under powered or the ISP is overloaded perhaps?

That's far from loads and has zero real-world impact.

You have to remember that as its a constant monitor, any response that takes longer than a second is counted as dropped in the chart.

Its also only monitoring from one route into the ISP.  Traffic coming to you may take a different route to traffic going from you, though I don't think it does for TBB, delays can occur that actually aren't happening for outbound or any normal use. 

My router may be busy serving REAL traffic and just delay ICMP response, I have no QoS enabled right now as its not been necessary since on FTTP, you can often fake a smoother graph by making ICMP high priority but this is pointless as it then wont reflect real-world load.  But this is exactly what you'd do for gaming, VoIP, anything that needs the lowest latency.

Code: [Select]
traceroute to pingbox1.thinkbroadband.com (80.249.99.164), 30 hops max, 60 byte packets
 1  vt1.cor2.lond1.ptn.zen.net.uk (51.148.72.22)  9.543 ms  9.716 ms  9.424 ms
 2  lag-9.p1.thn-lon.zen.net.uk (51.148.73.160)  9.244 ms lag-9.p2.thn-lon.zen.net.uk (51.148.73.174)  9.299 ms lag-9.p1.thn-lon.zen.net.uk (51.148.73.160)  9.238 ms
 3  netconnex-gw.zen.net.uk (82.71.254.2)  8.967 ms  8.964 ms  8.961 ms
 4  ae11-11.edge-rt2.thdo.ncuk.net (80.249.97.21)  26.404 ms  26.401 ms  26.427 ms
 5  te1-51-36.core-rs3.thdo.ncuk.net (80.249.97.72)  9.727 ms  9.602 ms  9.447 ms
 6  po5-32.core-rs4.thdo.ncuk.net (80.249.97.90)  9.209 ms  8.268 ms  8.419 ms
 7  pingbox1.thinkbroadband.com (80.249.99.164)  8.077 ms  9.320 ms  9.316 ms

Code: [Select]
PING pingbox1.thinkbroadband.com (80.249.99.164) 56(84) bytes of data.
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=1 ttl=252 time=8.03 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=2 ttl=252 time=8.25 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=3 ttl=252 time=8.15 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=4 ttl=252 time=8.38 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=5 ttl=252 time=7.97 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=6 ttl=252 time=8.08 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=7 ttl=252 time=8.14 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=8 ttl=252 time=8.29 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=9 ttl=252 time=8.17 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=10 ttl=252 time=8.16 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=11 ttl=252 time=7.94 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=12 ttl=252 time=8.00 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=13 ttl=252 time=8.01 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=14 ttl=252 time=8.33 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=15 ttl=252 time=8.06 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=16 ttl=252 time=8.17 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=17 ttl=252 time=8.14 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=18 ttl=252 time=7.99 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=19 ttl=252 time=7.92 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=20 ttl=252 time=8.15 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=21 ttl=252 time=8.17 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=22 ttl=252 time=8.26 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=23 ttl=252 time=8.39 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=24 ttl=252 time=8.10 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=25 ttl=252 time=8.35 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=26 ttl=252 time=8.02 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=27 ttl=252 time=8.48 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=28 ttl=252 time=8.22 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=29 ttl=252 time=8.03 ms
64 bytes from pingbox1.thinkbroadband.com (80.249.99.164): icmp_seq=30 ttl=252 time=8.49 ms

REAL packet loss I would expect to be combined with huge spikes in maximum latency.
« Last Edit: February 27, 2024, 03:35:55 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

doofus

  • Member
  • **
  • Posts: 15
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #42 on: February 27, 2024, 08:03:26 AM »

Very interesting, I see your point. Thanks  ;D
Logged
AAISP 1000/115, Openreach FTTP

heavyrain

  • Member
  • **
  • Posts: 31
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #43 on: February 27, 2024, 09:07:16 PM »

I know your logic but I've seen BT FTTP graphs from people and I've never seen a dropped packet.

Some I just picked from thinkbroadband forums right now:

https://www.thinkbroadband.com/broadband/monitoring/quality/share/bb81c81a494454bea495f206cfb871b4175ab938

https://www.thinkbroadband.com/broadband/monitoring/quality/share/84aef83c9e97ed921fa594237c70ac7e4c2ee5f2

There's no way your network is so busy at 4am it can't respond to a ping in under a second. If you posted that on tbb bqm forum section they would tell you that your line has problems.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5270
    • Thinkbroadband Quality Monitors
Re: OPNsense, fanless N100/N305 barebone router options
« Reply #44 on: February 28, 2024, 02:36:41 AM »

There's no way your network is so busy at 4am it can't respond to a ping in under a second.

My waking hours the last week have been about midnight to 5pm. :p
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
Pages: 1 2 [3]
 

anything