• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: October 28th, 2023

help-circle
  • It’s really hard to tell, and the devil is in the details.

    On bare metal, a single server containing both the front-end application and the DB may be faster (no networking overhead), but only to a point. As load increases, a split system (front-end on one machine, DB on another, or even on a cluster) becomes more attractive.

    When everything is virtualized and machines talk to each other over virtual interfaces, I would think a single database server usable by multiple front-end applications would be a good idea. This way, you have only one DB server overhead. Also, maintenance is more straightforward; you look after a single database server, even though it contains multiple databases.

    It’s probably a good idea to pair each application with a dedicated database (within the same database server) and assign each application a unique user name with rights only for that database.



  • Please elaborate. What do you expect your box to do? And how many ports do you need?

    Assuming you’re not planning for anything computationally intensive such as VPN or deep packet inspection, you can take a look at the four-port Sophos SG 105 / XG 105 (will require one change in BIOS settings for pfSense to install and run) or a five-port Barracuda F12 (doesn’t have video output and therefore will require a console cable for installation). Occasionally, the six-port Check Point T-110 pops up at low prices. Very occasionally, someone lists for cheap a Lanner unit with anywhere between two and six ports. Four-port Sophos UTM 110/120 units still pop up occasionally, but those are REALLY old (went out of support in 2018).

    You may happen upon a three-port APU or a rebrand thereof (SimpleWAN or even Netgate; they used to sell pfSense Plus preinstalled on APUs), but those are extremely configurable and sometimes come with stock OS installed on a CF card, so you may need to buy an mPCIe SSD separately.

    And, of course, oodles of dual-RJ-45 mini-PCs, new and used. Potential problem with those is, the cheaper they are, the more likely they are to come with Realtek NICs (and those NICs used to have a big stigma in the pfSense community due to poor drivers; more recently, things have improved, but many people still don’t want to deal with Realtek). Also, if the seller doesn’t know or doesn’t say what the NICs are, they are probably Realtek.



  • Please elaborate on VPN. How fast do you want it and what kind is it? This will have meaningful implications for the choice of the processor.

    Given your stated need for VPN, it would appear that Synology is out. Factory-built NAS devices are in most cases relatively weak in the processor department, so virtualization and computationally intensive things like VPN tend to bog them down.

    Same logic applies to mini-PCs. VPNs can generate sustained high loads, for which passively cooled mini-PCs are often not prepared. So choose carefully if you decide to go that route.

    But do you really have to virtualize your router?


  • I look after two AdGuard Home installations.

    One is local, running on a super-tiny PC (Intel Atom x5, 4 GB RAM, 64 GB eMMC, Debian 12, and I see no reason why AGH wouldn’t run just as well on a 2 / 32 GB version of that PC). The average handling time for a DNS request is 30 ms. You could easily do something similar in a Proxmox container, give it a local IP address, and have you router use it as the DNS server instead of whatever it’s using now.

    The other is in the cloud, running on a virtual server with 1 GB RAM. The average handling time for a DNS request is 10 ms.



  • Michel de Montaigne, a French philosopher from the 1500s, wrote three volumes of essays full of anecdotes from history both ancient and recent (to him), some amusing, others tragic. If you were to summarize this work in one sentence, you could say, “anything that can happen, does”. Specifically, the opening essay on the first volume is titled, That Men by Various Ways Arrive at the Same End, while the twenty-third essay in the same volume bears the heading Various Events from the Same Counsel.

    Getting back to the matter at hand, the answer is, nobody knows (or, as Montaigne himself used to put it, ''Que sçay-je?", “What do I know?”). There are people whose careers have been helped by their homelab exploits, people who have been passed over because the person in charge looked at their homelabbing askance, and people in whose careers it simply never came up. Sometimes, the same person has experienced both extremes and plenty of in-between…