New to Networking, need bomb proof systems

[sixerfixer]

Hi everyone!

Sorry in advance if this is out there already. I'm sure someone has posted something similar but I have some specific help that I'm looking for! Also sorry if this is the wrong area!

Anyways! I am looking to build several bomb proof routers. I am fairly competent when it comes to the absolute basics of networking. I personally have a decent size home lab with several old data center servers I got for free and I run one as a OPNsense router currently.

I am moving to a new area and the price per kW of electricity is significantly higher so I am getting rid of my servers to build a high density machine. But for networking I have no idea what I'm going to do. I need to build a router for myself and several family members but as the title says I need them to be bomb proof so to speak. I don't see my family but once ever year or two and I need the hardware of these systems to need little to no maintenance and last "forever". I will be getting a fiber upgrade in my new area and will be getting probably 5Gig over my current gig DSL.

Does anyone have any recommendations for parts or configs for my new router and ones for family. While they don't need higher than gig setups. I want to build something ridiculously small (sub 5L case) with minimal noise and minimal maintenance. So I have currently been thinking about some sort of server like build. I want to have ever possible feature I can configured. IDS/IPS, support for 2+ Gig Wiregaurd VPN speeds, the whole 9.

Any info would be great! As I see this as an amazing learning opportunity into the network side of homelabing! Thanks!

 

[Goossens]

If you need "little to no maintenance" and are only on-site "once ever year or two", I suggest dropping IDS/IPS and going for a small and efficient OpenWrt device. BPI-R4 can easily route 10Gbps, for example.

 

[CyklonDX]

several bomb proof routers.

I recommend using AR500 steel cage and if you add 2nd cage over it - with vacuum between those 2 or fluid, will protect your routers/hardware from most bombs, including rpg if you use fluid in between the steel plates. In terms of cooling, if you are afraid of over pressure i recommend using peltier plates, and connect heatsink/s to your steel cage - and vacuum sealed.

 

[Scott Laird]

I've been using a Minisforum MS-01 running VyOS as a router with 10 Gb fiber service for the past year or so. Just using the built-in 10G interfaces, it draws ~15W at idle. Adding a Mellanox 100G NIC pushes the power up, but the hardware can handle at least 40 Gbps of home traffic in that case.

See Routing with VyOS on a Minisforum MS-01, part 1: Background for my writeup.

Minisforum hardware is perhaps not the most bulletproof that you can get, but I haven't had any problems with ~5 of them.

 

[reasonsandreasons]

If you're willing to drop the IDS/IPS requirement, Wyse 5070 Extended thin clients are less that $100 on eBay and work well with a dual 10G NIC. The PCIe slot taps out at 2.0x4, but that's enough for 18 Gbps total traffic on your LAN and WAN interfaces. Mine's been great with OPNSense. A nice bonus is that there's an internal speaker that plays tones when the machine is shut down and when it's back up, which makes remote debugging with someone who isn't tech savvy a lot easier.

 

[sixerfixer]

I recommend using AR500 steel cage and if you add 2nd cage over it - with vacuum between those 2 or fluid, will protect your routers/hardware from most bombs, including rpg if you use fluid in between the steel plates. In terms of cooling, if you are afraid of over pressure i recommend using peltier plates, and connect heatsink/s to your steel cage - and vacuum sealed.

While this is definitely end game goals I don't have the time to custome build the cases of AR500 steel. It's definitely a great future proof plan though!

 

[sixerfixer]

I've been using a Minisforum MS-01 running VyOS as a router with 10 Gb fiber service for the past year or so.

While a minisforum was definitely a thought! In my research and knowledge of the networks of my loved ones, SFP cages will an additional point of failure. in the form the SFP to Ethernet adapters. While I'm sure they are fine. I want to reduce where I can. My current idea is to get asrock rack deep mini itx boards for the amd epyc 4004/4005. Get a 4 core or 6 core of one of those with the dual 10Gb rj45 jacks built on the board. And then just find a small enough case. I think that will handle my requirements quite nicely. I am mostly thinking of this so that I can keep cost "down" by only needing a finite number of parts that could fail and also because the servers I have, ran for years in a data center and then been running for me for almost 4 years at this point. While most server stuff is loud, hot, and power hungry I feel like a small system like that will sip power even if it's more than something like a minisforum. It's still small and they have cheap electricity. but it's server validated components that hopefully will just work for a long time! But I'm open to more suggestions. I have a few more weeks to nail this down and get stuff ordered.

And while IDS/IPS can be annoying from what I hear. I want this as a piece of mind for my loved ones. I already get a call or text ever other week because my family thinks someone has hacked their computer or broke into their internet or whatever. I will be setting up a private instance of RustDesk and installing on everyone's machines. And then having my VPN to remotely connect to their network to do basic things.