.png)
4 months ago
7
.... in the computer realm, of course.
There are sites and forums dedicated to this topic, and this blog is not. But with that said I've been doing data networking for literally my entire professional life both for "personal" (home) and on a commercial ($work) basis, all the way back to the original "less expensive" coax ethernet which had been dubbed "cheapernet" -- and it was by comparison.
As data capacity into the house has gone up (and not a little either; many areas now have symmetrical gigabit fiber for reasonable cost, my home being one of them) there has been a commensurate rise in interest in quite-high-performance devices to both firewall and serve content and such within homes.
IMHO people should think before putting something like this together.
First, contemplate what it is you need and want, and not just today -- tomorrow. Think forward 10 years anyway, and perhaps 20. Why? Because putting cabling in should last that amount of time on a reasonable forward expectation basis. Pulling wire is a pain in the neck in the first place, particularly if you didn't plan for it when the building was first put up (and nobody ever does in a home environment.) For most users gigabit wired networking is enough to most places and will be on a forward basis, but not to all places. Even full resolution 4k video with no games (not Netflix or similar) is under 100Mbps of data flow so 1Gbps wired connections are ten times that performance level. Even if you go to full 8k in the next 10 years you'll still be comfortably within that bandwidth level to a single device.
With that said wireless is not comparable in performance -- ever. Everyone has WiFi nowdays but unless your home has a football-field or more of space on all sides your home is being polluted with all your neighbor's WiFi access points and devices and you are all sharing the same spectrum -- and thus congestion is a real thing and will really matter.
Thus the first maxim I've always preached: If you can reasonably get wire to where you want to regularly consume data in your home or office run the wire. It will outperform wireless every time -- and not by a little. WiFi is fine if you're on your phone or laptop while laying on the recliner or couch -- and many if not most people are and do at least some of the time, but do pull wire to wherever your primary media devices are, such as your TV, Roku and similar and rather than pull five cables into there pull two (so you have one extra, which is foolish to not do anywhere that's worth the trouble to install it in the first place), buy one $20 cheap unmanaged gigabit switch and stick that next to the four consumers with five $2 Amazon cables. They use next to zero power and are the right answer to this problem every time you can reasonably do that.
If you have a "home office" or other fixed place where you work pull wire there too for that desktop or other similar machine. If you have more than two such devices in one place (e.g. printers, etc.) consider another of those $20 cheap switches although if its a "home office" or similar four jacks (and wires) will go in a standard keystone wall plate (six-place ones are available however some brands and types of the commonly-available jacks will not fit in the 6-place plates.) Doing this will be much faster than WiFi and more-reliable. You're welcome.
Oh, and when it comes to network wire: Under no circumstance use "CCA" network wire in anything intended to be permanent. "CCA" is copper-coated aluminum and while it is a bit cheaper when you punch it down on either keystone jacks or 110 blocks the IDC connection will go through the copper cladding. This leads to the potential for galvanic corrosion over time and thus failures. I hear people all the time arguing against network cable installations because after 5 or so years they start having trouble with it. I installed data wiring in my Florida house when I bought it and 20 years later not one of the connections had needed re-termination or otherwise failed. When I put it in 100MBps was the common network speed; when I sold the house it was gigabit and I had been using them all for gigabit for several years, upgrading only the switch. These days if the cable is not listed as 100% copper it is CCA. Spend the money and get the proper wire. If you don't understand code requirements pay someone who does; low-voltage wiring is not the same as power in that regard but there are rules and those rules exist for good reasons.
Next, IMHO you should always separate out the gateway/firewall from the Internet and your inside-the-house "stuff." Why? Several reasons with the most-serious being that if you have any sort of security system that uses your link, or any need to connect back to your home when away knowing that the gateway will come back online after a power failure is really important. Anything that has storage mounted read/write cannot be trusted to do this on a 100% of the time basis. (Incidentally I've put up the software load I use on this sort of device on my personal web page; you put it on a USB stick and boot from that. Its FreeBSD-based and includes a whole plethora of useful stuff already in the load including the Strongswan VPN software. It "just works.") Provided that device comes back up if you design things correctly you can work around and recover almost anything else but without a dead-reliable gateway to the Internet if you're not home when the event occurs you're very likely to be hosed until you can get back to your residence.
If you are on (can get) high-bitrate symmetrical service (e.g. fiber to the home) you need a firewall/gateway that can limit certain types of outbound traffic or you will be identified by various malefactors around the Internet as a source for amplifying DDOS attacks on other people and your link will be exploited for this purpose. That is very un-funny if it happens and you are an extremely attractive target for that kind of abuse if your gateway doesn't rate-limit these sorts of transmissions.
Incidentally if you can find a small form-factor machine that doesn't break the rules on the ethernet ports, or are willing to use the SFP+ ports ONLY and not the included Intel 2.5G ports, which unfortunately I've found have a very serious wiring issue on many these boxes made in China rendering them unsafe to use both for the port and possibly people, an N150 machine can get into the ~5Gbps range of traffic handling on one thread and effectively pin the port on two or more. This strongly implies it can likely route close to 10Gbp speeds across both SFP+ ports using all four cores although obviously firewall processing and such, depending on complexity, along with VPN encryption will impact that. The N150 chip based "small computers" do support the AES-NI instructions and as a result for "gigabit and beyond, within reason" as an edge router if you use the SFP+ ports and do not run 10G copper (see below) they are a reasonable choice.
And third power consumption, heat dissipation and noise matter -- a lot. I've never met someone who likes noisy gear and I've also never met anyone who likes getting a crazy power bill. Remember that whatever you put up for this is going to be on all the time and in some parts of the country while power costs are reasonable in others they're definitely not (here's looking at you, California and Texas!) never mind that every dollar you pay in power to run a computer in the summer months you get to pay twice because your A/C system has to remove the heat it generates. In addition power conditioning is a must and this means both a quality "at panel" surge suppressor (Siemens FS or their newer FSPD units are my preference) and an online UPS with proper interaction capacity to your operating system, which many consumer units do not have, if you actually have a media server. In other words upon a power failure the UPS/host communication must look like this:
- UPS -> Host: Power has failed
- UPS -> Host: Batteries are low, you have ~2 minutes to shut down cleanly
- Host -> UPS: Confirmed, you are clear to turn power off in 2 minutes
- Host completes shutdown and is now in a "halt" state.
Once that third message is sent from the host to the UPS the UPS must turn the power off even if, after it is sent, the utility power comes back on. Why? Because the host has shut down and can only restart on a power cycle without a human being preset to push the reset button or use the keyboard. In addition the UPS, on power restoration, must not return power output until the batteries are charged far enough to do the above again, plus a short (couple of minute) margin. Why? Because a no-notice shutdown is identical to no UPS at all thus you must be able to set, for example, a parameter so the UPS does not turn the outputs back on until the batteries have reached a user-defined charge and where you want it set depends on typical load. Most people will want this set to around 25%.
Note that "consumer" grade solid-state disks -- including virtually every single "nVME" disk-on-stick -- has zero power-fail protection and in event of an unannounced power failure the block mapping table on the drive can be damaged or destroyed which renders all the data on that drive unrecoverable. This is an extremely-serious risk for a server you have your media or other files on you care about.
Most "consumer" UPS systems cannot handle the required steps above AT ALL. Most of APC's UPS units, including the much-older ones (SUA series) that have only LEDs on the front panel (no LCD display) will and do. You're welcome (again), they're available very reasonably on the used market (usually w/o batteries but that's ok as those are heavy and you can buy the packs or even individual batteries in the pack separately) and your data thanks you. The only exception to this rule is if you have a dead-balls reliable automatic-start/transfer generator, in which case the UPS will "never" (presuming it all works) run out of battery power.
BTW the reason there are so many APC UPSs in the used market (e.g. Ebay) has nothing to do with them being junk. They're not -- in fact, they're excellent and quite-rarely fail. While they're fancier the SMT series are also more fragile than the older SUAs. The "original" 2u rack and stand-alone (SUA series) units, for example, were forced off the market by energy efficiency standards in the chargers rather than anything actually wrong with them which is IMHO pretty-stupid if it comes with more fragility through complexity in the device, and it does. Yes, it is true that the SMT units use less power when everything is charged and the utility is on -- their "internal need" (e.g. nothing plugged into them and batteries fully charged) is around 20 watts (in fact if there's no battery connected to them they idle around 10 watts) where the SUAs draw around 30. The SMT meets the "newer standard" which the government imposed and which forced the older one off the market with a trickle-charge board used to top off the batteries that is (1) more efficient and (2) more fragile and thus likely to fail, especially if the pack develops a shorted cell or you use external battery packs. The huge glut of SMTs you see on the used market today got dumped in the last few years as everyone went ga-ga for lithium batteries -- it is typically not because that second board is bad (if it is then the pack will never fully charge and thus the unit is defective, not "used.") Yes lithium is lighter (why do you care what it weighs with it sitting on the floor next to your gear or in your rack?) and has more energy per unit (a benefit but with higher cost) but that's worth little in a home environment never mind the batteries are a fire risk if anything goes wrong with them where SLAs really are not. The older non-rack APC SUA/SUT units are all over the place as well. You'd be shocked at how many small businesses changed perfectly-good ones out on some sort of "refresh" schedule (at $1,000 or more in cost) rather than buying $100 worth of batteries, which is all that is a true "consumable" -- and yes, you can change them in 15 minutes with nothing more than a screwdriver rather than buying the entire "cartridge" for three times the money. Most of the ones on Ebay and similar have no batteries in them for this exact reason; the original pack died due to age and the owners did not realize (or were conned by some consultant) that it was going to be expensive to replace them. The really stupid part of that is that most folks discard the tray when that happens before they sell it - the trays can be had for $50 or so but there's nothing wrong with them when the batteries wear out of course since they're just bent metal and wire. Be aware that while the SUA and SUT trays are the same physical size the plugs are different and thus they will not interchange. Yes that was and is stupid considering both use the same size, cell and AH SLA battery pack but it is what it is.
Now back to the heat issue. Your home is not a data center. Data centers have raised, perforated floors under the racks of gear and thus nice cold air pumped in there flows upward through the racks -- or in smaller installations the gear may be on wireframe racks with fairly high-velocity cooled airflow through the entire room and typically have "all-device" power protection in the from of both a fully online UPS for short-term disturbances and automated generator backup. This matters bigly -- power problems kill things with computers in them very regularly and equally-important heat is a serious enemy of electronics and in particular 10Gig-E (10 gigabit over twisted pair) is notoriously nasty in the heat department to the point that honest switch manufacturers will tell you not to run more than one of those interfaces in their box unless you are in said controlled environment -- meaning you really ought to be using fiber instead of copper for 10Gig and above. Violate that rule and you may have failure issues with either the transceivers or, much worse for your wallet, the device you plugged them into. Oh by the way, if you're curious I've never had a switch fail in my homes all the way back to the early 1990s -- if you have, and have been using SFP+ 10G copper transceivers or otherwise ignoring heat issues.....
Here's the "inexpensive" and no-downside "hack" around that problem -- for 10G+ connections in the same closet space don't run transceivers at all; instead buy and use what is called a "DAC" (direct-attach cable) which is a pair of small-diameter coax cables with a bit of conditioning electronics on each end; they use almost no power and run room-temperature cool. To connect your fileserver to a network switch, for example, that's just as fast, produces nearly no heat, consumes almost no power and is a lot cheaper, often by 75% or more, than two transceivers of any sort into a SFP+ or QSFP port on a network card whether you use a twisted pair jumper or multi-mode (e.g. OM4) glass (e.g. the Mellanox Connect-X4s which are available at very nice prices on the used market.) There are reasonably-priced 2.5G network switches on the market (ZyXel has a nice 18 port one with POE+ on half the ports along with two SFP+ connections; you can buy it here) and a lot of consumer (especially gaming-oriented) PCs come with 2.5Gbps network ports these days that run over ordinary gigabit copper wiring; even some older Cat 5/5e runs will work at that speed although technically you want Cat6 which, assuming you installed it in the last ten years, it probably is ok. However, beyond that speed the right choice if the devices are not in the same physical space is fiber and its not hideously expensive anymore; a 50' pre-terminated OM4 cable can be had for $30 today so if you have a need for it somewhere outside of wherever your gear is that's the right decision to make. OM4 is good to 100Gbps out to ~150m or so and the transceivers are far more power and heat-friendly than are those for 10Gbps on copper wire.
If you do not need more than 1Gbps to your "home" server (and many if not most people do not, even for media as discussed above) then skip the SFP+ ports (and their price; a switch with them is $100-150 more money than one with SFP ports or no transceiver ports at all, both of which are 1Gbps anyway) and save both the power consumption and money. A switch is easily changed five years down the road so unless you need the additional speed today for some reason don't pay for it. 2.5Gbps from your "gaming" PC is worth zero if your internet connection is 1Gbps or less; just buy the gigabit switch for today and save the additional money. Ditto for POE; unless you're using it for security cameras or similar its an expensive option on the switch and in addition requires fan cooling where no-fan (thus silent) switches are all over the place in the 1Gbps arena.
I'm as much of a tech weenie as anyone and have been doing this stuff for my entire professional career in one form or another and while I have no quarrel with spending money where it makes sense doing so where it doesn't is idiotic. Feel free to sound off below with comments and questions.
