pfSense – A move to an easier life?

Even up to having the FTTP installed I was a MikroTik router through and through kidn of guy however running my CHR in the way I did meant some trade offs were made and my day to day work life forking further away from Mikrotik based or even theorised usage meant that my mind went that way for my home network as well. I did the unthinkable.

I’ve repurposed my DellR210ii which has been rebuilt with a Xeon E3-1220 v2, 8GB of RAM and an SSD. I also added in some Noctua fans to keep the noise down below a whisper as the rebuild meant it won’t be working hard as the whole install is now “bare metal” rather than the complexitiy of being virtualised.

Has it made a huge difference to my life? No. I still have a working router/firewall however it is now a decent GUI rather than an app that had to be levered onto my laptop (I’m also now a Mac boi) and to be honest the OpenVPN implementation has been a breeze to get working as has all of the firewalling and NAt rules as well as pushing on with trying to squeeze more from the LAN itself (10Gb backbone and tolerance).

I’ve gone for pfSense+ as it’s my home firewall and I qualify as such for the + usage FOC (for now) and I’m pretty happy with it. Time will tell but currently I don’t see me folding back to ESXi with a CHR running on top.

Go Gig or Go Home

Install day was today and I’ve finally gone to FTTP. Installation was an absolute breeze, I’d put in a draw cord to get the fibre into the house and the Openreach engineer even took down the copper as well so nice and tidy. I have a neat little ONT in my house next to the living room patch ports and we are running a CHR with Gb internet.

Before install from a wired in connection during a working day.
Following install but before ONT upgrade
After ONT upgrade and a PPP drop and reconnect, this was Steam downloading a game on my CHR.

As you can see, the move wasn’t flawless, following the upgrade, my download speed held at the 55Mb I was profiled at previously but following an ONT firmware upgrade and then a PPP disconnect and reconnect from the CHR, we released the full power. My laptop couldn’t even manage to get the throughput due to the USB dock for a speedtest so a Steam download on the main gaming/editing PC was in order to show it off.

Less than a week

We’ve just dropped below a week until my new FTTP service is scheduled for install. I’ve been doing a bit of prep work in anticipation as well, the CHR is back alive on a new server, low powered Xeon this time rather than monster. With the new efficiencies of RouterOS it’s now more capable than ever and I am “only” going to be pushing 1Gb max.

I’ve also upgraded it to ROSv7 so I can take advantage of the newer queueing algorithms, FQ_CoDel being the main one I wanted to get my hands on but I will try with CAKE once things have settled down although I hopeful that with a 1000/115 connection I shouldn’t need to QoS much of anything.

CHR – Now faster and more efficient!

I’ve finally had some time to pull drag a monitor up into the attic to make some changes to the ESXi server that hosts my CHR. After some extensive reading on the MikroTik forum, it looks to read that a virtual CHR benefits from a “real” core and not a virtual one, in some cases virtual cores hindering performance! Even though my residential 55/15 connection isn’t going to set the world alight, I want to do some really in depth packet inspection next year so having raw performance is top of my list.

The changes I’ve made were to move the server BIOS performance setting from “OS Control” which was initially set to try and minimise noise in the cave to maximum performance, a few packets made there maybe?

The second big change was to turn off the hyperthreading on my Xeon. When I bought the Xeon I went out of my way to buy one with 4c/8t for maximum cores but RouterOS itself is very single core based and can’t multi-thread so single core efficiency is key. It also benefits from L3 cache so splitting the cache between 4 rather than 8 helps more so. There is also some heat efficiency to be made by running the processor without HT which counter balances the BIOS performance setting which could increase heat.

Overall testing without firewall now yields a far healthier 10+Gbps speedtesting to itself on a single core compared to the previous 7(ish).

All will be undone though if/when rOS7 launches with multicore!

CHR completed! But not how I hoped it would be

My long ongoing build of a 1U ESXi server to run CHR on has come to an end, a frustrating end that meant I simply couldn’t live with the noise it was kicking out because of the 40mm fans and constantly comparing it to my massively overpowered i7 mATX fileserver.

As a fairly large change to the home setup I decided to pull apart about 3 of my home servers and rebuild the main storage into the spare N54L and then rebuild the “Node” into an ESXi server to host the CHR. Quad port NIC in the Node and a quick install onto the Crucial M4 128GB and it was up and running, installed the CHR and it’s moving along really well and actually turning about double the traffic capability of what the “older” Xeon was doing!

So a really big shuffle around but now I feel like I’m actually starting to do my i7 some justice and not just using it for a ridiculously overpowered power hungry file server.

Whilst doing the work I had the dog in the cave with me (not that she was much help)