There's a reason people don't leave bedrooms and other places people actually live in unfinished. Also, all that equipment with fans in it is just stirring it up.
Finally, a decent video that goes over some stuff that I've been looking into for awhile. I prefer a visual presentation along with the reading material I've been gathering. Thank you, thank you a ton.
You mentioned that 20% isn't much, and I agree. However, if the task is single-threaded and you're using a 4-core CPU, 25% usage would mean one core is fully utilized. I Learned that the hard way with a 16 Core CPU. It said the CPU is at 6%. Which is nothing but still it was one core fully utilized.
True my virtual pfSense has 2 cores of a amd 7700. You need to tweak some things to use more then one core efficient. I think you bottleneck things when only assign one core of a 8400t.
@@chinesepopsongs00 Yes. I did not wanted to say, that less cores is better. I just wanted to say, that the CPU can be the bottleneck despite having just a 20% load, because a single core is too slow for a single thread task.
@@wiziek it counts the percentage usage in a fixed timeframe. If thing much shorter then that timeframe are not done fast enough because for example your cpu single thread performance is too low. Then you can have a cpu bottleneck with low utilization. I know i had that problem when my pfSense was running on a older hypervisor (i7 3770) my solution was going to 2 cores and i just migrated that over to my new hypervisor. I had about 35% utilization and was limited in troughput on the old hypervisor with a single core assigned. I doubted my isp at first but because i am on 1gbit plan it is very easy to test your own router local by just putting a machine with gbit connection on the wan side and test without your isp. That was proof enough for me the bottleneck was in my setup.
M920Q doesnt have 2x M.2 slots either. To get that (from factory) you'd need to get a M920X/P330/P340/P350/P360/M90Q. There is however some people that have figured out that you can solder the "missing" M.2 connector (and some other components) to the M720Q and the M920Q to get the second slot. More info about that in the linked STH thread. You can even hack the bios to support bifurcation on the PCIe slot. (8x to 4x4x) An easier alternative is to buy one of the community PCIe risers that exist for these boxes. They utilize the extra 4x PCIe lanes available on the chipset to add a extra M.2 slot.
With custom riser card you can have x16 slot (with x8 lanes from cpu) toghether with 2 x4 nvme slots from chipset. Which adds the possibility to have 4 nvme drives (5 in fact if you use wifi m.2 e-keyed slot too) and 2x10gbit ethernet in this single little PC. Those little PCs (920q/x especially) are great for home LABbing. Even the newer version of them aren't so great.
Congratulation for such a fast Fiber Internet Speed, up&down! 💪🏻 I am from germany and that is only a Dream here, perhaps only companies have such a fast Fiber Internet… Great Video, really nice homelab!
Very helpful video. One thought / question: I noticed at around the 8 minute mark you mentioned about how warm the system is. I wonder if you might have considered (or perhaps tried) undervolting the CPU - since later in the video you mentioned most of the time the cpu was being underutilized - and see if that might help with the heat issue? Especially since it seems to get quite toasty in the basement where all the equipment is housed (I imagine the fiberglass insulation seems to be doing its job rather well of keeping the warmth from going to the upper level(s) 😊)
Wow, just found this channel, this is first video that I watched. Wow, you've got some great content. I need to build some type of Router / Firewall for home network. I'm just using a cheaper D-Link router that I got when my Xfinity was slower, but now, it's faster so I might need to get something with more horsepower. So, that's a good idea that system you have. Brilliant idea.
Super cool setup man! Also: thanks for all the really cool Tailscale videos: I am setting up loads of selfhosted stuff, being helped by my 10 year old kid - and he is practicing his English listening to you + me translating to Finnish as needed. Keep up the good work!
Appreciate the content. I admit, I did not watch the entire video. So, I may have missed where it's explained the reasoning behind virtualizing the firewall. I feel this over complicates things while also losing performance. There has been many attempts on my end to virtualize my networks firewall but it always ends creating unnecessary issues. For example, you reboot the host and the pass-through for some reason fails. You will then need to jump through a few hoops to regain access and resolve it. In my experience it's just not worth the headache.
So you left pFsense because open source is better (Opnsense) and now you moved to proprietary Dream machine? I hope you explain such a big shift, on the next video.
I do have the dream machine Pro Max with a 8Gbps symmetrical but with IDS on I'm getting around 5/6Gbps, any idea how much your firewall can handle with Suricata or any kind of IPS? would love opnsense in my Proxmox :D also id love to see your setup after installing the UDM Pro max! (PS LOVE TAILSCAL, have that on most of my LXC /VM now)
does the m720q 8500T cpu support 64GB RAM officially or there is some kind of tweaks as i think its Up to 32GB DDR4-2666 and from your experience how many VMs it can handel on proxmox in case of kubernests clustering , thanks for the informative video
What device do you use to measure power thru wifi? (18:36) And, then, how do you measure the temperatures of rooms (19:36)? That is really incredible. I live in Houston, Texas, and plan to upgrade my insulation in attic, because it is very costly monthly with my A/C bills. So, I'd like to monitor (like you do) from outside house to see if my attic tricks lower my electric bills. Also, can you (maybe) make videos on those? I've got cheesy devices from Amazon to monitor temp thru Bluetooth, but it doesn't hook up with PC's or share data over network. Be nice to see how your implementation works. That's really an incredible innovation that you've built.
just seeing your channel, check ecoflow grid inverters so you can pop on Solar panel to greatly off-set during the day your hardware consumption! Plug-and-play literally just plugs into wall socket.
I bought several HP EliteDesk 800 G4 Mini's for a proxmox cluster - dual M.2 NVMe 2280 slots (and SATA), but sadly no exposed PCIe slot like the M720q. The M720q and M920q both seem to be in same price range on ebay as the HP, but it's a real shame that Lenovo didn't offer a 2nd M.2 slot in these models. As someone posted below, the M920x provides the 2nd slot, but then the price goes way up.
How do you put the containers (caddy, pihole) on your LAN if the SFP ports are passed through to the opnsense vm? Did you put it on Proxmox's virtual switch? And then plug the 1Gbit port into your physical switch?
Can you please link where you found that 90 degree PCIe adapter? I have an M720q that I'd like to add a 10G NIC to as well and am having a hard time finding one that would fit in the case.
I have been running this for a while now too. Part of me wishes I only passed-through one of the SFP+ ports so other VMs and LXCs can share the internal facing port.
Does this tinies support IOMMU to virtualize PCIs passed through, so that other VMs have access to the devices? ( I am just entering the forest of proxmox and co, so that's a legitimate question)
Hey man, where did you get the cute little 3d printed cover for the network card? I checked the untrusted source site and don't see them there. My intel dial 10gbe nic is just sticking out the back of my Lenovo at the moment.
I recently got at&t fiber but only did the 1gb up/down because I got older ubiquity hardware so can't go faster than that on my network. Time to upgrade to 10G!
Not that long ago I Iearned that testing networks in a browser is limited to the browser as a bottleneck. The speedtest has a win app. And recently I updated my fiber to 2Gb and disabling the networkcard buffers is at the moment of testing better. I wash thinking to use a second new zimaboard to use opnsense, what do you think❓🤔💬 as I like these Lenovo very much. 🤩
I have the AMD Ryzen pro, and it has been very useful, I run jelly fin on it and it's my prefered "daily driver" I have added 12TB of storage and upped the ram to 24GB, I must say it runs like a champ. I don't game, so no worries there, photoshop runs fine. I like it, saves on electricity and space. my towers just sit to the side!
Nice video, I suddenly consider my 4/4 gbit to be very cheap for €67,50 a month. (I checked what 5/5 costs at AT&T, $245) Intel 82599ES is getting really old, though a good solution, I went for a i5 MS-01 because of the X710 chipset instead of the really old 82599 you'll find on afforable cards. Later on I found some cheap X710 card though. Good thing you don't have nasty PPPoE, really costs a lot of CPU.
Just to get the maximum info from your setup. Is HA running as another VM on the 720q? Do your other VMs only get access to the 1gig ethernet? Just trying to visualise the full setup. Thanks.
@@ktzsystems Google "RTX a2000 one Slot cooler diy". 😉 You need also undervolt it. Its Tricky But Work. For Gen9 Intels you need Coffeetime to add Microcode for the Gen9 CPU.
@@ktzsystems also you can DL a 3D STL File to make a Case that Suite the A2000 without cooler Mod. A4000 ADA SFF Work also. Main drawback is the 75W Powerlimit of the PCI-E Slot and also PSU. Without GPU you can use also Non K and KF CPU's with High Performance cooler.
I inserted a GPU and drilled many small holes so that the GPU fan gets fresh cold air to blow over the heatsink. You sould du similar for that custom blower
get spray foam insulation or enclose the ceilings - neither option is a huge project and you're a handy fellow ;) the pink stuff only degrades over time and gets everywhere and is just awful lol
Oh wow I have one of those. I didn’t know you could put 64 gigs of RAM in there. Which network card is that, does it have to be a certain model or any Intel or similar.
@@markstanchin1692 Any model will do basically. It’s just PCIe, but it has to fit physically. Take a look at Supermicro AOC-STGN-i2S. They are both half height and half length dual SFP+ cards. It leaves room in the Tiny’s for even a shucked SATA SSD.
Since I’m thinking about adding a SFP+ card myself I can give you one more thing to consider: power consumption & heat. From what I’ve seen Intel X710 based cards might support ASPM with high C states (C7 according to what I’ve read), while many other NICs either don’t support ASPM at all or only reach C3). Might or might not be an issue for you…
Maybe I missed you explaining it in the video but wouldn't it be possible to plug the SFP straight into the Lenovo box instead of using the AT&T provided media "modem"?
your grasteful to have fiber... we had DSL for many many years until recent with 56k speeds.... thanks AT&T. I gave up and called AT&T business and am getting dedicated internet (ADI) this week. We tried using a hotspot but we are to far away from any useable towers for it to be any count.
Hey Alex (great name, by the way :D) Why virtualize the firewall? Why not run it natively on the hardware? My PFSense box is running on a Xeon E3 with 8 gigs of RAM, including Suricata, Tailscale, dual WAN (1 x 1G fiber and 1 x 400mbit cable) and it's very very stable and quick while running below 40 Watts in total.
@@ktzsystems it may be less responsive as the hypervisor needs to balance all workloads and schedule all vCPU requests. So ping times may be impacted. Also, throughput may be less. I notice that when I run OpenSpeedTest on my virtual environment, I get a max throughput of 8 gigabit on a 10 gig line. So it may have limiting factors.
if you look when he does the lspci command (12:57) it's an intel 82599, which is very similar to the x520-da2. Both are pcie gen2 x8 cards, with no ASPM support, from 2009. If I were to build a machine today with a dual sfp+ nic I would go with a little higher tier card, hopefully with aspm support, like a connect-x 4 LX.
you should make a similar video but instead of lenovo m720q try minisforum ms-01, it has 2x SFP+ and 2x 2.5Gib rj45, also 2x thunderbolt that could be used for cluster traffic
I have seen a max of 4.5gbps routing through here with no issue. The on device speedtests from the modem don’t go higher than that so I’m satisfied that I I’m not bottlenecked.
Bro. I haven't even watched much of this video and I feel that upload pain you're talking about. I work at a place that is rural, and we pay $600/mo for friggen 20/20mbit..... Do you know how long it takes to initiate a new backup to an S3 bucket over that? At home, Comcast's best plan was 1200/20...... I ended up on Tmobile home internet and get 250/50. SMH At least *that* is a reasonable ratio.
Well, the swiss to, if you are a customer of Init7, you can get 1 Gbit/s, 10 Gbit/s or even 25 Gbit/s symmetrical fiber. All of that for the cost of 65 CHF (~78 USD) per month, or 111 CHF (~131 USD) for a business contract.
In Italy 1 or 2.5gb fiber is quite readily available. 10g mostly in bigger cities over xgs-pon. I can get a 2.5/0.5 line for roughly 30€/month, 10g/2.5g is usually 60-80 depending on the operator and carrying network. Main problem is most ISP do use PPPoE, which is a bit hard on OPNsense / PFsense. I do have a m720q as well with a 10G nic, waiting for fiber to be installed next month.
Please trust me: take this video down, block out instead of blurring your ipv6 and other information, and re-upload. Blurring is not destructive. Especially in the age of AI someone could definitely read all of the information you blurred out. Never blur important PII, always block it out. (And careful keeping your server room hot and humid 😅)
Brother please close that fibreglass insulation please. Your lungs will thank you. Please take care of yourself
mini dagger stabbing his lungs
There's a reason people don't leave bedrooms and other places people actually live in unfinished.
Also, all that equipment with fans in it is just stirring it up.
Finally, a decent video that goes over some stuff that I've been looking into for awhile. I prefer a visual presentation along with the reading material I've been gathering. Thank you, thank you a ton.
I upgraded mine to an i7 9th gen. Lovely machine. I used it as a backup/experimental server, with WOL, so I can trigger it using HA
You mentioned that 20% isn't much, and I agree. However, if the task is single-threaded and you're using a 4-core CPU, 25% usage would mean one core is fully utilized. I Learned that the hard way with a 16 Core CPU. It said the CPU is at 6%. Which is nothing but still it was one core fully utilized.
True my virtual pfSense has 2 cores of a amd 7700. You need to tweak some things to use more then one core efficient. I think you bottleneck things when only assign one core of a 8400t.
@@chinesepopsongs00 Yes. I did not wanted to say, that less cores is better. I just wanted to say, that the CPU can be the bottleneck despite having just a 20% load, because a single core is too slow for a single thread task.
You don't really have no idea how cpu utilization logs work.
@@wiziek Sure. Enlighten me then.
@@wiziek it counts the percentage usage in a fixed timeframe. If thing much shorter then that timeframe are not done fast enough because for example your cpu single thread performance is too low. Then you can have a cpu bottleneck with low utilization. I know i had that problem when my pfSense was running on a older hypervisor (i7 3770) my solution was going to 2 cores and i just migrated that over to my new hypervisor. I had about 35% utilization and was limited in troughput on the old hypervisor with a single core assigned. I doubted my isp at first but because i am on 1gbit plan it is very easy to test your own router local by just putting a machine with gbit connection on the wan side and test without your isp. That was proof enough for me the bottleneck was in my setup.
The M.2 A/E to M-key adapter is a great idea given these M720qs lack the second M.2 slot of the M920qs (edit: M920x, not q)! Thanks for the video!
You can get an M90q, it has 2 M.2 slots on the bottom, 2.5 bay on top and 16x PCIe 3.0 slot.
M920Q doesnt have 2x M.2 slots either. To get that (from factory) you'd need to get a M920X/P330/P340/P350/P360/M90Q.
There is however some people that have figured out that you can solder the "missing" M.2 connector (and some other components) to the M720Q and the M920Q to get the second slot. More info about that in the linked STH thread. You can even hack the bios to support bifurcation on the PCIe slot. (8x to 4x4x)
An easier alternative is to buy one of the community PCIe risers that exist for these boxes. They utilize the extra 4x PCIe lanes available on the chipset to add a extra M.2 slot.
@@KS-wr8ub You're totally right, it was the M920x I was thinking of.
very nice setup, most people could only dream about getting 5gig or better fiber.
Small correction: That PCIe slot is only x8 not x16. It's only x16 physical.
With custom riser card you can have x16 slot (with x8 lanes from cpu) toghether with 2 x4 nvme slots from chipset. Which adds the possibility to have 4 nvme drives (5 in fact if you use wifi m.2 e-keyed slot too) and 2x10gbit ethernet in this single little PC. Those little PCs (920q/x especially) are great for home LABbing. Even the newer version of them aren't so great.
Congratulation for such a fast Fiber Internet Speed, up&down! 💪🏻
I am from germany and that is only a Dream here, perhaps only companies have such a fast Fiber Internet…
Great Video, really nice homelab!
Very helpful video.
One thought / question: I noticed at around the 8 minute mark you mentioned about how warm the system is. I wonder if you might have considered (or perhaps tried) undervolting the CPU - since later in the video you mentioned most of the time the cpu was being underutilized - and see if that might help with the heat issue? Especially since it seems to get quite toasty in the basement where all the equipment is housed (I imagine the fiberglass insulation seems to be doing its job rather well of keeping the warmth from going to the upper level(s) 😊)
We love these little machines! At my MSP, we have these at client sites to remote into for network troubleshooting if need be.
Hello and thank you Alex for video. I see that you explain many things in the right and proper way. + some tests and interesting solutions.
Wow, just found this channel, this is first video that I watched. Wow, you've got some great content. I need to build some type of Router / Firewall for home network. I'm just using a cheaper D-Link router that I got when my Xfinity was slower, but now, it's faster so I might need to get something with more horsepower. So, that's a good idea that system you have. Brilliant idea.
Super cool setup man! Also: thanks for all the really cool Tailscale videos: I am setting up loads of selfhosted stuff, being helped by my 10 year old kid - and he is practicing his English listening to you + me translating to Finnish as needed. Keep up the good work!
This is great! Where can I get a baffle and shroud for both M720Q and M90Q Gen 01? I'm in the UK!
Appreciate the content. I admit, I did not watch the entire video. So, I may have missed where it's explained the reasoning behind virtualizing the firewall. I feel this over complicates things while also losing performance. There has been many attempts on my end to virtualize my networks firewall but it always ends creating unnecessary issues. For example, you reboot the host and the pass-through for some reason fails. You will then need to jump through a few hoops to regain access and resolve it. In my experience it's just not worth the headache.
So you left pFsense because open source is better (Opnsense) and now you moved to proprietary Dream machine? I hope you explain such a big shift, on the next video.
Better integration with his Ubiquiti equipment. Pretty easy to understand.
So, better integration with his other proprietary equipment. Got it.
@@Kermit2kvendor lock in
I do have the dream machine Pro Max with a 8Gbps symmetrical but with IDS on I'm getting around 5/6Gbps, any idea how much your firewall can handle with Suricata or any kind of IPS? would love opnsense in my Proxmox :D also id love to see your setup after installing the UDM Pro max! (PS LOVE TAILSCAL, have that on most of my LXC /VM now)
I'd be curious about the Ethernet SFP module. It could became pretty hot 60+C which would melt the 3d printed bracket pretty soon.
Cant wait to see the bypass with the WAS-110
does the m720q 8500T cpu support 64GB RAM officially or there is some kind of tweaks as i think its Up to 32GB DDR4-2666 and from your experience how many VMs it can handel on proxmox in case of kubernests clustering , thanks for the informative video
Me gusto ese rack de madera, creo que lo implementare en mi "Home Lab" saludos.
how did you power the second fan on the m720q? would love the additional cooling for my opnsense box too
What device do you use to measure power thru wifi? (18:36) And, then, how do you measure the temperatures of rooms (19:36)? That is really incredible. I live in Houston, Texas, and plan to upgrade my insulation in attic, because it is very costly monthly with my A/C bills. So, I'd like to monitor (like you do) from outside house to see if my attic tricks lower my electric bills. Also, can you (maybe) make videos on those? I've got cheesy devices from Amazon to monitor temp thru Bluetooth, but it doesn't hook up with PC's or share data over network. Be nice to see how your implementation works. That's really an incredible innovation that you've built.
just seeing your channel, check ecoflow grid inverters so you can pop on Solar panel to greatly off-set during the day your hardware consumption! Plug-and-play literally just plugs into wall socket.
I bought several HP EliteDesk 800 G4 Mini's for a proxmox cluster - dual M.2 NVMe 2280 slots (and SATA), but sadly no exposed PCIe slot like the M720q. The M720q and M920q both seem to be in same price range on ebay as the HP, but it's a real shame that Lenovo didn't offer a 2nd M.2 slot in these models. As someone posted below, the M920x provides the 2nd slot, but then the price goes way up.
Which SFP+ card are you using? If you mentioned it in the video I must have missed it. Thanks!
How do you put the containers (caddy, pihole) on your LAN if the SFP ports are passed through to the opnsense vm? Did you put it on Proxmox's virtual switch? And then plug the 1Gbit port into your physical switch?
Yup! Exactly right.
Can you please link where you found that 90 degree PCIe adapter? I have an M720q that I'd like to add a 10G NIC to as well and am having a hard time finding one that would fit in the case.
It’s in the description 👍
I have been running this for a while now too. Part of me wishes I only passed-through one of the SFP+ ports so other VMs and LXCs can share the internal facing port.
Does this tinies support IOMMU to virtualize PCIs passed through, so that other VMs have access to the devices? ( I am just entering the forest of proxmox and co, so that's a legitimate question)
@@pascalabessolo5350 Yes, it was very easy on my m920q and should be similar on the m720q. The latest proxmox versions make it easier than ever.
Hey man, where did you get the cute little 3d printed cover for the network card? I checked the untrusted source site and don't see them there. My intel dial 10gbe nic is just sticking out the back of my Lenovo at the moment.
I recently got at&t fiber but only did the 1gb up/down because I got older ubiquity hardware so can't go faster than that on my network. Time to upgrade to 10G!
Why not run the the ONT directly into the 720q or request an XPON from them?
See the next video after this one about bypassing the ATT gateway.
Can you please do a video on how you set up reverse proxies? The guide on your site never works for me
Does this specific model have pci slot or certain models have it ?
Check the servethehome thread for more info.
why not putting the GPON SFP module directly into the lenovo machine or a switch?
Not that long ago I Iearned that testing networks in a browser is limited to the browser as a bottleneck.
The speedtest has a win app.
And recently I updated my fiber to 2Gb and disabling the networkcard buffers is at the moment of testing better.
I wash thinking to use a second new zimaboard to use opnsense, what do you think❓🤔💬 as I like these Lenovo very much.
🤩
Good video sir ! them 720's make good firewalls !! Opnsense with Zenarmor is very powerfull.
Please give some details about the temperatures running this nic
Warm! Put the fans on “performance mode” and it’s acceptable.
What IPMI KVM Switch do you have?
I have the AMD Ryzen pro, and it has been very useful, I run jelly fin on it and it's my prefered "daily driver" I have added 12TB of storage and upped the ram to 24GB, I must say it runs like a champ. I don't game, so no worries there, photoshop runs fine. I like it, saves on electricity and space. my towers just sit to the side!
Nice video, I suddenly consider my 4/4 gbit to be very cheap for €67,50 a month. (I checked what 5/5 costs at AT&T, $245) Intel 82599ES is getting really old, though a good solution, I went for a i5 MS-01 because of the X710 chipset instead of the really old 82599 you'll find on afforable cards. Later on I found some cheap X710 card though. Good thing you don't have nasty PPPoE, really costs a lot of CPU.
Just to get the maximum info from your setup. Is HA running as another VM on the 720q? Do your other VMs only get access to the 1gig ethernet? Just trying to visualise the full setup. Thanks.
You got it!
Do all Lenovo M720qs come with that angle/riser adapter?
Don’t believe so. See the description link for where to get one (no affiliation)
I use a M910x with Gen9 i9 and a RTX A2000 with a 1 Slot heatsink.
I like this type of PC 😁
You can fit an a2000 in there?!?
@@ktzsystems Google "RTX a2000 one Slot cooler diy". 😉 You need also undervolt it. Its Tricky But Work.
For Gen9 Intels you need Coffeetime to add Microcode for the Gen9 CPU.
@@ktzsystems also you can DL a 3D STL File to make a Case that Suite the A2000 without cooler Mod. A4000 ADA SFF Work also. Main drawback is the 75W Powerlimit of the PCI-E Slot and also PSU. Without GPU you can use also Non K and KF CPU's with High Performance cooler.
I inserted a GPU and drilled many small holes so that the GPU fan gets fresh cold air to blow over the heatsink. You sould du similar for that custom blower
get spray foam insulation or enclose the ceilings - neither option is a huge project and you're a handy fellow ;)
the pink stuff only degrades over time and gets everywhere and is just awful lol
I’ll add it to the list.
Why pci passthrough for rhe 10g nic? Just create 2 Linux Bridges in Proxmox and add those as a network device in OpnSense VM?
May i ask why you use the AT&T Router and not just run the fiber directly intro the M720Q SFP+ nic?
To be supported by AT&T in case of failure I guess.
You need an ONT to convert the WAN side fiber and get an IP from ATT.
Did you 3D print a low profile io bracket for the 10G dual port NIC, or buy one from someone like untrustedsource?
He sent it to me but it should be an easy print if you can find the file
Oh wow I have one of those. I didn’t know you could put 64 gigs of RAM in there. Which network card is that, does it have to be a certain model or any Intel or similar.
@@markstanchin1692 Any model will do basically. It’s just PCIe, but it has to fit physically. Take a look at Supermicro AOC-STGN-i2S. They are both half height and half length dual SFP+ cards. It leaves room in the Tiny’s for even a shucked SATA SSD.
have a look at the reference thread mentioned to get some recommendations for NICs.
Since I’m thinking about adding a SFP+ card myself I can give you one more thing to consider: power consumption & heat. From what I’ve seen Intel X710 based cards might support ASPM with high C states (C7 according to what I’ve read), while many other NICs either don’t support ASPM at all or only reach C3). Might or might not be an issue for you…
Would love a video on how and why you immigrated to the US. Any hurdle or obstacles you faced. Considering it myself but don't know where to start
Being born in the US helped a bit ;)
the speed test you ran the equipment was connected to the Unifi?
The UniFi is still in the box
You should be able to put the ONT directly into the Dream Machine so no extra (AT&T) modem is needed.
Should have watched your video from yesterday lol
Well i guess i have to be that guy. How did you get the "neo" art in your shell?
oh. it is figurine
Yup! Figurine. I made a video about it a few months ago. Enjoy being fancy!
What is the Nic that you are using?
Does at&t allow you to put their xgs-pon sfp+ straight into your own router instead of going throught their box?
Nevermind, I've read in an older comment you have an ont-sfp in the works...
It’s on the way from the 8311 discord group buy 👍
Maybe I missed you explaining it in the video but wouldn't it be possible to plug the SFP straight into the Lenovo box instead of using the AT&T provided media "modem"?
No those are basic sfp bidi fiber modules The pon functions are all handled by the gateway.
I have an “ont on a stick” on the way. But for now I need to use the ATT gateway to handle that.
pon.wiki/category/att/ yes sir there is ;)
Why not mirror the NVME and A/E SSDs?
That fiber glass is going to coat the inside of your electronics. It’s constantly breaking down into glass particles.
Probably. But these systems have been down there for 5 years and counting and are fine so far 👍
Maby I missed it but is that 8400T in the Lenovo fast enough to handle 10gbit routing internally at full speed?
Seems to be. I’ve managed 5gig iperf tests to a buddy with 5gig just fine. I can’t speak to faster than that though.
@@ktzsystems ok. Good to know. Was that with tailscale?
@@djvincon yup
@@ktzsystems awesome thanks!
your grasteful to have fiber... we had DSL for many many years until recent with 56k speeds.... thanks AT&T. I gave up and called AT&T business and am getting dedicated internet (ADI) this week. We tried using a hotspot but we are to far away from any useable towers for it to be any count.
Tailscale plugin for OPNsense when? :)
Get in line!
Hey Alex (great name, by the way :D) Why virtualize the firewall? Why not run it natively on the hardware? My PFSense box is running on a Xeon E3 with 8 gigs of RAM, including Suricata, Tailscale, dual WAN (1 x 1G fiber and 1 x 400mbit cable) and it's very very stable and quick while running below 40 Watts in total.
@@NTVN-Alex what motherboard?
Flexibility I suppose.
Being able to run it as a VM has no real downsides and means I can make the hardware sweat a bit harder.
@@rajilsaraswat9763 Supermicro X9-SCM-F
@@ktzsystems it may be less responsive as the hypervisor needs to balance all workloads and schedule all vCPU requests. So ping times may be impacted. Also, throughput may be less. I notice that when I run OpenSpeedTest on my virtual environment, I get a max throughput of 8 gigabit on a 10 gig line. So it may have limiting factors.
As always, great content Alex! I assume your WiFI network name and password are not the ones shown on your router label, right? 😃
Of course not! 😍
There’s a guide to add the parts for the second m2 slot. It only supports SATA SSD though. Not NVMe.
@@ROFLMAOwithExtraCheese SATA M.2 on the M720Q and NVMe M.2 on the M920Q. 👍
Hey Alex, could you share the link for the SFP+ card you use in this video?
I'm not sure it matters too much but the one in here is a Fujitsi card of some type. Sorry I don't have the exact details.
if you look when he does the lspci command (12:57) it's an intel 82599, which is very similar to the x520-da2. Both are pcie gen2 x8 cards, with no ASPM support, from 2009. If I were to build a machine today with a dual sfp+ nic I would go with a little higher tier card, hopefully with aspm support, like a connect-x 4 LX.
Thanks!
@@ktzsystemsthe card shows it does 1g/10g link speeds. It’s able to negotiate with that switching adapter?
@@Natebur Yep!
you should make a similar video but instead of lenovo m720q try minisforum ms-01, it has 2x SFP+ and 2x 2.5Gib rj45, also 2x thunderbolt that could be used for cluster traffic
It’s a sick box but spendy
I just bought one of these for the same reason
I have a Ryzen 2400GE M715Q I would love to do this with but it doesn't have a full PCI-e slot :(
20% idle means your cpu is 80% busy… pfSense usually performs better on proxmox
How do you scale this to get linespeed of 5gbps?
I have seen a max of 4.5gbps routing through here with no issue. The on device speedtests from the modem don’t go higher than that so I’m satisfied that I I’m not bottlenecked.
@@ktzsystems is that with suricata switched on?
I didn’t test that yet
Bro. I haven't even watched much of this video and I feel that upload pain you're talking about. I work at a place that is rural, and we pay $600/mo for friggen 20/20mbit..... Do you know how long it takes to initiate a new backup to an S3 bucket over that? At home, Comcast's best plan was 1200/20......
I ended up on Tmobile home internet and get 250/50. SMH At least *that* is a reasonable ratio.
Plastic sheet (visqueen) stapled to the joist will keep it out of your hair and eyes.
My dude, 5000Mbps?! it's USA! we don't even have that in EU, probably only in Japan. How did you get it? :D also, it must be extremely pricey!
Gulp $240 pm
Well, the swiss to, if you are a customer of Init7, you can get 1 Gbit/s, 10 Gbit/s or even 25 Gbit/s symmetrical fiber.
All of that for the cost of 65 CHF (~78 USD) per month, or 111 CHF (~131 USD) for a business contract.
We’ve had 10Gbps available here in Sweden for quite some time now. It’s mostly in the cities though.
In Italy 1 or 2.5gb fiber is quite readily available. 10g mostly in bigger cities over xgs-pon. I can get a 2.5/0.5 line for roughly 30€/month, 10g/2.5g is usually 60-80 depending on the operator and carrying network. Main problem is most ISP do use PPPoE, which is a bit hard on OPNsense / PFsense. I do have a m720q as well with a 10G nic, waiting for fiber to be installed next month.
I have 10 gbit Symetrical in Switzerland. You can get this for as low as 45 CHF or somtimes even lower but not everywere. i have to pay 79 CHF .
Looks more like a crawl space than a basement.
Pretty much
If u worry about temperature - just open it
10Gbps routing easy, 10Gbps IPS/IDS thats the challenge....
If its humit there why is your equipment there then?!
in germany deal with 50k upload 🙈
That’s dial up?!
@@ktzsystemsprobably some shitty asynchronous DSL connect. There are still ISP that love and sell this.
Laptop usb cooler below it to cool it
WOW 男人的天堂
👀
Why is a pc a firewall is that just a computer
thats a crawl space bro not a real basement to put walls up
Firewall with no wall
Pro max? Thats so pointless for this setup, 🙄
u are breathing in literal glass please put mdf up
I know it looks like I live down there on the internet but in reality it’s just when I’m filming. Minimal time really.
@@ktzsystems oh ok! just worried for ya
Please trust me: take this video down, block out instead of blurring your ipv6 and other information, and re-upload.
Blurring is not destructive. Especially in the age of AI someone could definitely read all of the information you blurred out.
Never blur important PII, always block it out.
(And careful keeping your server room hot and humid 😅)
I’d be genuinely curious and interested to see this
9:57
I see that it has a wifi config, isn't this double NAT?
If that's the case, could it be set up as a router and just buy a cheapo 10gbe switch?
The ATT gateway has an IP pass through mode so I get the WAN IP on OPNsense. No double NAT.
You need the ATT box as that is doing ONT duties.