Skribent: Adrian Zaugg Dato: Til: Devuan ML Emne: Re: [DNG] networking thinking
Hi TIA
In der Nachricht vom Sunday, 28 November 2021 14:20:14 CET steht:
> 1. is my splitting the network system into the three parts a good idea or
> should I truncate parts 1 and 2 into the router? If you would please give
> reasons - - - please? Less devices, less to setup and maintain and less to break: I would go with 1
Firewall and 1 Switch.
Get a box with an SFP Port for your firewall and install OPNSense on it. Stick
your fiber directly in your firewall, if your provider lets you chose and does
not insist on some plastic box. If he does, then try to use it in bridge mode.
Upon request, the providers over here tell what one has to do, when using a
media converter (e.g. VLAN tag or PPPoE).
OPNSense and pfSense are excellent firewall distributions and IPv6 is well
integrated with both of them. They are almost identical, coming the same way.
OPNSense is more community oriented where as pfSense drifted away to be more
commercial now, but Documentation is better.
PCEngines is a stable, bullet-proof hardware, it's industrial grade, lasts for
ever and has a core boot BIOS. There soon will be a version with an SFP port
available. You won't get Gigabit-Speed through an APU with OPNSense (around
800Mbit/s), get something with a CPU on par with a Intel N4100, if you want to
be ready for gigabit speed.
There are many nice boxes around without SFP ports (like the ones from AsRock
industrial e.g.) but don't use Zotac nano ci329 with pfSense, it doesn't run
stable (Linux in contrary runs like a charm on these).
Zyxel Switches are basically OK, but you don't get security updates after some
years, the interface doesn't work on all browsers and they have weird bugs
(e.g. prios in RSTP together with LAGGs). You're better of with a MikroTik
using SwOS. The MikroTiks boot amazingly fast, SwOS is easy to configure and
they are rather cheap. You get a Desktop Switch with 2x 10GbE and 8x 1 GbE for
<$100. If you want to play around with your Zyxel to install whatever on it,
that's fine, but I wouldn't invest my time on that ─ better get your lab
running.
Opinions on the topic will go apart, you'll get tons of advice in any
direction. To a certain extent it's about your personal liking. Mine you
probably just read above...