TLDR; looking to combine Lenovo ThinkCentre M720q with a Mellanox dual 10Gbps SFP+ PCIe card to create my dream homelab router/firewall

Hi,

I’m looking to set up a router/firewall for my home network, behind my ISP’s router.

Here’s my current setup :

  • ISP Router : 1xSFP+ 10Gbps, 4xRJ45 1Gbps, used as a (temporary) NAS

  • Switch : 1xSFP+ 10Gbps, 3xRJ45 2.5Gbps, 8xRJ45 1Gbps

  • Proxmox Host : RJ45 2.5Gbps

  • 3 laptops, IoT devices, …

I’m looking to insert this new device in-between the existing router and the switch, meaning it has to have dual SFP+ to be able to uplink and downlink at 10Gbps. It’s a bit overkill but it means I’ll be fully utilizing my ISP box and my switch to their full potential, with some headroom.

I’ve looked around and found nothing that checks all boxes, while trying to keep this under budget (~300€ max). I’ve finally landed on a frankenstein combination but I wanted to verify that the parts all are compatible and that I wouldn’t have any nasty surprises when everything finally comes together (from different sources)

Here’s my router proposal :

I’m wondering especially about these things :

  • is the card compatible with the pc?

  • will the 65W adapter suffice to power everything ? and if not, can i safely use a larger brick?

  • can the pc handle the dual 10G traffic, knowing either stream will rarely be fully saturated? RAM upgrades are no issue, planning at least 16GB to start

  • any other issues I should be wary of?

  • any other hardware suggestions that work better/are cheaper?

This combination should also be a good thing if i run it with proxmox to host a few network related services, such as pihole, wireguard…

Thank you :D

At a minimum, you’d want to allocate 8GB RAM to the pfSense/OPNsense guest, so 16GB may not be enough if you plan on running other VMs or CTs under Proxmox.

@peregus@lemmy.world
link
fedilink
English
21Y

Have a look at the Fujitsu Futro S720/920, they’re about 30/40€ on eBay. If you’re not in EU, have a look at some other thin client like the HP T730. They are cheap and they consume about 6W! Well, maybe a bit more with the dual SFP+ PCI card, but way less than the 65W of the Lenovo (are you sure it consumes that much?) I’ve been using one S729 for some months now and I’m very happy (not with the fiber thow since I’ve just a 100/20 vDSL ☹️)

@squigglycunt@lemmy.world
creator
link
fedilink
English
11Y

this doesnt seem to have a pcie slot for the dual 10gig, at least from this fujitsu tech spec

https://www.fujitsu.com/global/products/computing/pc/thin-clients/FUTRO-S720/

@peregus@lemmy.world
link
fedilink
English
11Y

Sorry about that, I’m using the PCI for a dual 1Gbps Ethernet card, I didn’t know it wouldn’t support such card. It does have a PCI x4 slot and if it’s gen 3 if could support 2 10Gbps ports, but I don’t know which generation it is.

@infinitevalence@discuss.online
link
fedilink
English
8
edit-2
1Y

No that card wont work, it will cook its self in an M720q.

What you want is a https://www.ebay.com/sch/i.html?_from=R40&_trksid=p3814320.m570.l1313&_nkw=MCX312B-XCCT&_sacat=0 MCX312B which runs much cooler and can comfortably fit in an M720q.

the default 65w PSU is fine with an i3/i5, but you can get a larger one if you want. I can try testing idle power though I am on a 110v/60hz system so it may not be exactly the same.

I have seen line speeds at nearly full bandwidth on mine in synthetic testing.

I ended up adding a M.2 A+E 2.5gb network card in place of the wifi card which gives me 4 network interfaces. stock intel 1gb, M.2 Realtec 2.5gb, and 2x Melanox 10gb SFP’s.

Last thing, DO NOT USE RJ45 SFPs. The draw way to much power and generate lots of heat. Use direct attach cables, or fiber to connect to switches/routers.

Toaster
link
fedilink
English
11Y

That ebay link is broken

@squigglycunt@lemmy.world
creator
link
fedilink
English
11Y

its working for me, its just an ebay search with the terms “mcx312b-xcct”

Toaster
link
fedilink
English
11Y

Thanks. I would bet then that it’s because it’s an Amp link.

@draecas@lemmy.world
link
fedilink
English
1
edit-2
1Y

The & is the html escape code for an ampersand (&) symbol, which is used to separate query params in a url – it appears like this has been re-encoded so the single & in the URL becomes & by something breaking the link. If you change all of the &s to $ it works. it’s not really an “amp” link in the “Google Amp” meaning.

Also after posting this comment, it appears to be Lenny’s url encoding, I think I’ve fixed it but if not, remove the amp; from the 3 sections of the url you see it and it’ll work

@squigglycunt@lemmy.world
creator
link
fedilink
English
11Y

thanks for the detailed reply!

its cool seeing someone running this exact config. I’ll look into the card you suggested. may i ask what’s the difference between them?

im planning to run dac to uplink/downlink, currently running my switch directly to the isp box using dac

extra question: can i install some wireless card in the m.2 slot that can do vlan tagging on different SSIDs, or is that job better left off to a dedicated access point?

The version I posted is connect x3 and the b variant which is the lower power version. It is still well supported in most Linux/BSD based operating systems. The connect x2 less so, plus it’s on an older more power hungry design.

IDK about using the wireless card. I have APs so I never tried. I will say an AP will have much better coverage than any Wi-Fi card.

@squigglycunt@lemmy.world
creator
link
fedilink
English
11Y

thanks man

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 215 users / day
  • 438 users / week
  • 1.15K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.71K Posts
  • 74.7K Comments
  • Modlog