Affordable firewall and router with sfp

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

alex1002

Member
Apr 9, 2013
519
19
18
Affordable firewall and router with sfp
Looking for one of these. Should be able to handle 1gbe wan.
 

33_viper_33

Member
Aug 3, 2013
204
3
18
Are you looking to build something or a preconfigured "enterprise" solution?

For a custom solution:

BLUF: A 1000base router is easy. Utilizing SFP may be a bit trickier due to drivers. I found ESXi along with another flavors of virtualization can be a good work around.

The long answer with experiences:

I'm doing 10gb utilizing ESXI's VMXNET2 virtual NIC on a pfsense guest. It took some time to get the VMXNET2 driver to work under pfsense, but it seem to work ok. You will have to update the stock pfsense install with the latest bsd NIC drivers. For 1000 base, just use the standard E1000 virtual NIC. For external ports, I'm using an Intel X540 network adapter. I have not had a chance to test 10Gbe through the pfsense vm yet.

I have minimal experience with SFP, so take my next sentence with a grain of salt. You should be able to use an SFP PCIE card which would present itself as a NIC capable of being attached to the virtual network. Pfsense and most BSD based firewalls don't play too well with a lot of newer cards due to lack of drivers. Most open source routers, especially BSD based tend to be behind the times of driver support. This is one of many reasons I virtualized my router. It aids me in getting around the driver issues.

My solution is working well for me. I do notice my processor can get hit hard at times with large and fast transfers between guests (one of which is Openindiana for ZFS raid) and physical hosts which peaks my ESXI box out around 60% utilization across 8 x L5520 cores. I'm successfully transferring at 400MB/s sustained between 2 nodes which is maxing out my SATA controller. If I had SATA III or SAS II for my SSDs, I'm sure I could do better. For the moment, the setup is in my C6100 for testing purposes and I'm limited by it's hardware.

One thing that would be important to you is how well pfsense can handle the workload. This will be highly based on how many features you are utilizing on your router. For instance, if you are using intrusion detection, proxy, content filters, etc, expect a performance hit if your processor isn’t strong enough. Newer hardware shouldn’t have much issue. My 10Gbe transfers are just going through the Vswitch, not through the pfsense VM. Testing pfsense max throughput is a project in my future.

Since your only looking for 1Gb, I don't think you would have an issue. 1Gb is not that resource intensive and there are a lot of individuals and corporations using pfsense in that manner. I have the 1gb onboard NIC dedicated to the cable modem. My connection is faster than what a 100base card can handle but nowhere near that of a 1000 base. My internet is definitely not hampered by the network cards/pfsense box. A couple years ago, I had a dedicated pfsense box set up with 1gb cards, one for private LAN, and one for public LAN. I had no issues transferring at 1000base speeds through the router. The part of equation I cannot attest to is SFP.

For 10Gbe purposes, I have not had a chance to optimize my setup. If you look for the 10gbe network thread, it provides some tips to increase your router/VM's efficiency. Some things it mentions are customizing your IRQs and dedicating processors for network traffic.

All I can say is, do your research and maybe get some others to chime in here.
 
Last edited:

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
that's fine just tell them to limit the port to gigabit - heck maybe they'll give you gigabit CIR over 10gbe with bursting!
 

mobilenvidia

Moderator
Sep 25, 2011
1,956
212
63
New Zealand
Its a Firewall router with SFP card and it's cheap, everything you wanted.
But it's the 155Mbps SFP, not the fastest kid on the block.
But just chuck in a Gbe or 10Gbe

Draytek are good, I have a Modem of theirs that allows me to write this :)
 

s0lid

Active Member
Feb 25, 2013
259
35
28
Tampere, Finland
I got this: RouterBoard.com : RB2011UAS-IN

Great little router, hardware is robust but I warn you, RouterOS 6 is bit dodgy... Granted it's in beta right now :)
ROV5 works fine though, and I was never able to max that board with 100/10Mbps connection, not even with heavy torrenting.
 
Last edited:

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
how about a switch. those are cheap. most $100 switches have dual personality SFP/gigabit shared ports. my hp's have 'em. cheaper than a nic!