[Guide] What equipment to buy for Sonic 10 Gigabits Fiber

[sdnick484]

Anyone have experience using a Netgear R9000 (aka Nighthawk X10 AD7200) as a router? It has a SFP+ port that supports various 10g card types. I am intrigued as both openwrt and dd-wrt support it, and the 10g port can be used as the uplink. Also, just so I am clear, will the Sonic equipment connect to the router via RJ45 or does it support other options (I hear SFP+ 10GbaseT RJ-45 cards modules tend to run hot).

[robertmarkenger]

Multi-tcp-stream testing makes the ISP look good, but can mask subtle packet loss and buffer-overrun issues.
The PON upstream MAC can introduce some latencies, opening the potential for bulk packet drop at the (often under-buffered) ONT during sustained upstream transmission.

It would be interesting to see results for single-tcp-stream testing. (Especially for the upstream direction)

I reviewed the SpeedTest-CLI and cannot identify a way to force it to use single-tcp-stream operation. (Wireshark shows it is opening multiple tcp channels in parallel.)

Browser-based SpeedTest.net has a provision to force single-stream operation. But the overhead of dealing with the browser can adversely affect test results. IPERF3 seems to be the only reliable single-tcp-stream test available. And there are no public iperf3 test servers in this country.

Is there an undocumented way to force the speedtest-cli to operate in single-tcp-stream mode?

[majortom]

• Ubiquiti Dream Machine Pro $379

UDM Pro can only reach ~7.5 to 8 Gbps throughput. TP-Link ER8411 has a more powerful processor that can reach full 10Gbps throughput.

Unless things have changed recently, it cannot even achieve those speeds with their IDS active. Ubiquiti used to be very much at the leading edge in the product space, but their UniFi line has only one WiFi 6E capable access point (that is 2.5 times the price of their already more expensive WiFi 6 ones), has cancelled their plans for their 25Gb/s / 100Gb/s leaf switch (they released an early access version and then decided against making it a product) and has released almost no new UniFi gear in several years. Having deployed their gear in several locations, I am not very happy with them right now.

[mlincoln]

Would it be possible to use a mini pc with two 2.5gb ports (such as this one: https://www.amazon.com/Beelink-Network- ... 0BZH87Q2Y/ ) in this configuration:
Sonic ONT > beelink mini pc > google nest mesh for wifi

My wifi speeds are adequate as-is, but it would be nice to have higher speeds for my media server (while still sending a steady 1gb signal to the Nest).

[artakamoose]

• Ubiquiti Dream Machine Pro $379

UDM Pro can only reach ~7.5 to 8 Gbps throughput. TP-Link ER8411 has a more powerful processor that can reach full 10Gbps throughput.

Unless things have changed recently, it cannot even achieve those speeds with their IDS active. Ubiquiti used to be very much at the leading edge in the product space, but their UniFi line has only one WiFi 6E capable access point (that is 2.5 times the price of their already more expensive WiFi 6 ones), has cancelled their plans for their 25Gb/s / 100Gb/s leaf switch (they released an early access version and then decided against making it a product) and has released almost no new UniFi gear in several years. Having deployed their gear in several locations, I am not very happy with them right now.

Ubiquit deserves a lot of the flak they get, but some of the comments here aren't accurate.

As has been stated many times in these forums (and this thread I believe), no 10G capable hardware is going to test out to a full 10G. This includes the TP-Link ER8411. Overhead reduces 10G ethernet to a max of around 8.5G in the real world, with a lot of people topping out in the low 8s. So, the throughput stated above for the UDM Pro is right about where it should be.

Also, have fun paying for hardware that is capable of providing full throughput IDS/IPS on a 10G connection. You're talking serious enterprise gear with very serious enterprise price tags. Ubiquiti is pretty upfront about IDS/IPS throughput on the UDM series. Both the UDM PRO and UDM SE max out around 3.5G.

From what I've read, pfSense struggles also. Netgate built TNSR to address this.

[drbubbles]

I'm determined to make the most of 10Gbe from Sonic (when I get it installed in December hopefully) despite it being so ahead of the game that hardware is just starting to catch up.

But if I want to stick with the Ubiquiti ecosystem I'm going to have to wait for them to release a gateway with a 10Gbe wan socket and a built in 10Gbe L3 switch with three 10Gbe RJ-45 lan ports (one for an AP one for a desktop and one for a NAS).

I'm sure this must be a popular enough setup to justify such a product?

It appears that for fast (~10GBbps?) inter-vlan routing we can't rely on a UDM-SE, we'll need to off-load some routing to a functional L3 switch, rather than an L2 like the USW-Aggregation for $270 + adaptors, or the USW-Flex-XG for $300. The L3 alternatives are: US-XG-6POE for $600 (compact but noisy and apparently runs hot) or the USW-Pro-Aggregation for $900 (which needs modules for fiber or copper) or the USW-EnterpriseXG-24 for $1300. Plus the UDM-SE for $500. So ~$1100 to ~$1800, plus an AP.

What would be reasonable for an integrated device? $800-$1000?

There's other options from Mikrotik or QNAP but I'd rather use the Ubiquiti interface if they'll produce a product that does this.

What are others doing?


(post from inquisitive_idiot about SE performance for inter vlan: https://www.reddit.com/r/Ubiquiti/comme ... buy_an_se/ )

[tarzxf]

Would it be possible to use a mini pc with two 2.5gb ports (such as this one: https://www.amazon.com/Beelink-Network- ... 0BZH87Q2Y/ ) in this configuration:
Sonic ONT > beelink mini pc > google nest mesh for wifi

My wifi speeds are adequate as-is, but it would be nice to have higher speeds for my media server (while still sending a steady 1gb signal to the Nest).

I've been using a 2.5GbE fanless PC running pfSense with great success, https://www.amazon.com/Firewall-Applian ... B09PHJSFP1 and 2.5GbE switches ( https://www.amazon.com/YuLinca-Port-2-5 ... B0BV9Q3H7L or similar) for the 'backhaul' and 1gig switches connected to those for non-2.5GbE systems and wifi.

I had an xbox game downloading at 800-900mbit during a MS Teams call with no noticeable dropping or audio clipping on a Mac with 2.5GbE USB adapter, https://www.amazon.com/gp/product/B09TB9TJ54/ or https://www.amazon.com/gp/product/B09JSHYGN6/

[dwheet]

For my upcoming 10gig fiber install I purchased a gw-r86s-n305b from Gowin Solution.

gw-r86s-n305b (not available on the site but I can provide contact info if your looking to order) This is the updated r86s with the intel n305 processor. a huge improvement from the previous r86s.
2 10gig spf+ ports
3 2.5gig ports
32 gigs of ram
intel i3 n305 processor.
I think this was 550ish?

If you wanted a plain router this is over kill. Currently I have untangle on it but the 2.5 gig ports aren't seen by untangle. I might switch to opnsense although I don't typically need the 2.5 gig ports. Can this do ids/threat at full 10gig rate with everything turned on? Probably not although I haven't tested (fiber isn't installed yet) but then again I dont have everything turned on. I think it'll do pretty decent tbqh. (if you read https://www.servethehome.com/new-4x-2-5 ... appliance/) it mentions they are reviewing a vastly upgraded r86s... they are talking about this one.

I also picked up a

mikrotik CRS317-1G-16S+RM
16 port sfp+ ports.

I'll probably be buying an intel 10gig card for my server as well but haven't done that yet. As for wifi using eero pro 6e's which has 2.5gig ports on it.

[artakamoose]

Can this do ids/threat at full 10gig rate with everything turned on? Probably not although I haven't tested (fiber isn't installed yet) but then again I dont have everything turned on. I think it'll do pretty decent tbqh. (if you read https://www.servethehome.com/new-4x-2-5 ... appliance/) it mentions they are reviewing a vastly upgraded r86s... they are talking about this one.

There's only one way to find out, but I highly doubt you're going be able to do line-rate with IDS/IPS turned on. From all I've read, pfSense and OPNSense can't get close to 10G with those features turned on.

[dwheet]

Yup. Will let you know. I know servethehome is doing a review on it but I really never see them test like actual firewall software what not. at least most of the reviews I watch. its hardware testing and regular line rate stuff using iperf etc. I'll keep ya all posted. My due date is in November. I saw the folks outside Monday up the poles. (I asked them what they were installing) they said sonic fiber so I'm hopeful I'll get it in November. (its been pushed out two months so far)