Mert Tekmir

New pfsense Router

Homelab Hardware

Pfsense Router

As a fun project I decided to build a 1u rack mount pfsense router. I wanted to upgrade my network to 10G. Do I need it? Probably not, but it’s a great excuse to build some new servers. And that’s a big part of homelabbery for me. I just like tinkering with hardware.

Right now I have a protectli mini pc that runs pfsense which has an Intel® J3160 and 4 gigabit NICs. It has 8 gigs of ram which is the max it supports. Every Sunday it’s running out of memory and unbound crashes because of that. So another excuse for an upgrade.

So with this new pfsense box, I want to run Suricata for IPS/IDS, Wireguard and PfblockerNG. I also want some headroom for experimentation as well. So I’ll need a more powerful CPU and more ram. I’ve read that for 10G networking a higher clock speed is more useful. I’ve also read that Wireguard and Suricata are multi-threaded.

I wanted to build this in a 1U rack mount case. Why? I guess two reasons. First is that I like the 1U form factor, it looks neat. And also, I didn’t want to use 2U of rack space for a router. As you might expect, choosing 1U created many challenges but for me that’s part of the fun. Worse part of 1U instead of something like 2U is the use of 40mm fans which are almost always noisier than bigger fans.

So for the case, I went with the Inwin IW-RF100. It can be configured to have Front I/O which is nice.

empty case

The first challenge with a 1U case is to find a PSU that is not obnoxiously loud. Most 1U PSUs are ridiculously loud and unsuitable for anywhere else other than a sound insulated server room. Luckily this case supports flex ATX PSUs. I managed to find some silent PSUs in this form factor that are designed for SFF builds. So I went with Enhance ENP-8345L-OVT 450W PSU.

psu

Now, while writing this, I’m not sure if this was a good choice for something that’ll run 24/7. Hopefully, this won’t even draw 100 Watts so the PSU will run way below it’s capacity. I’ll test it for a while, if I’m not convinced I might sell this and buy Seasonic SSP-300SUG instead.

I bought Asus P10S-E/4L motherboard second hand for a decent price. It has a dedicated IPMI, and ASMB8-iKVM module. It supports unbuffered ECC ram, but I’ll use regular ram for this build. It also has 4 Intel 1G ethernet ports.

asus motherboard

It only supports Xeon® E3-1200 series CPUs though. I bought the motherboard together with a Xeon E3-1270 v6 CPU. It has 4 cores, 8 threads. 3.8 GHz base frequency and 4.2 GHz turbo frequency. 8 MB cache. And 72 Watts TDP, which is not great but we’ll see how much it’ll consume. I’m curious if this CPU will stay cool in this 1U case.

This motherboard seems to be great for a 1U case since the cpu and ram is placed right in front of the fans.

I installed a Supermicro 1U passive heatsink. The height of the heatsink from the motherboard is 33mm including the mounting bracket. There is still 3mm space left.

1u heatsink

Alternatively I could use Thermalright AXP90-X36 without the fan. The heatsink is 21mm tall. This may perform better than the Supermicro heatsink, as it has a solid copper base with 4 heatpipes.

Noctua NH-L9i would also fit. The height without the fan is 23 millimeters. Not sure if it’ll cool the CPU better than Thermalright or not. I wouldn’t expect a big difference since the airflow will come from the 40mm fans in both cases. Not sure how tall would these coolers would be when mounted on the motherboard though.

Initially I bought Arctic 40x30mm fans for this build. They are great for replacing server fans but I find them to be too loud. Even with a Noctua low noise adapter, they have a high pitch sound which is pretty distinct. However, they have much higher airflow than Noctua 40x20mm fans. With the Noctua low noise adapter, CPU idles at 29-32 C, and 58-59 under moderate load. I’ll run proper testing once I assemble everything.

arctic fans

So instead of these I installed 2x 40mmx20mm and a 40mmx10mm Noctua fans. I haven’t used low noise adapter since these fans don’t have as much airflow as Arctic ones. The temps seem to be very similar. CPU idles around 27 degrees and under load it hits similar temperatures.

noctua fans

I repurposed 2x16Gb ddr4 ram that I had lying around. Should be more than enough for my use case. ECC UDIMMs are for some reason pretty expensive, and I’ve read that for pfsense ECC ram is not essential.

For 10G connectivity I’m using Intel X710-DA4 which has 4 10G SFP+ ports. It’s mounted with a Supermicro pci-e riser card. This case supports one full sized pci-e card. So it fits perfectly.

This mb has 2 mvme slots. I decided not to use them because they fall right under the network card. Nvme ssds usually get pretty hot so I didn’t want to heat the network card. I’m not sure though, I’ll test this. I’m not sure if the network card runs hot or not. The heatsink is pretty small so I guess it doesn’t run that hot.

m2 slots

I’ll send the logs to a remote server, so I don’t expect much disc I/O so it may not overheat but putting them that close to the network card doesn’t seem like a great idea. Using m2s instead of regular ssds would save me some space in the case but it won’t affect the airflow. I’ll just need one extra SFF-8634 to sata cable, and a sata power cable from the PSU.

ssds

I went with 2 250gb MX500 ssds, in a zfs mirror pool. Though, most probably unnecessary, it’ll give some redundancy.

I chose to go with the front I/O layout as this will sit right on top of the network switch. I’ve made a crude I/O plate. It certainly doesn’t look great but I guess it’s better than nothing.

front-io

So, yeah. Here it is. I’m going to start testing this soon. I’ll pair it with a Mikrotik CRS317CRS317-1G-16S+RM which I’ll use for Layer 2 switching. Let’s see how it’ll perform under load. I’m curious if it’ll overheat or not.