@Smallpot

Have fun and success with your project! 🙂

AX7501 as a bridge with custom firewall (OPNsense) has been running “perfectly” for me for some time now.

(Unfortunately, I have to admit that the fixed IP is still only 1 Gbps).

If possible without going beyond the scope of the discussion:

From personal experience, I would advise against the device you choose for your purpose.

Take a closer look at page #9 of the report:

[https://www.anandtech.com/show/15906/supermicro-superserver-e3029d-review-a-fanless-10g-pfsense-powerhouse/9](https://www.anandtech.com/show/15906/ supermicro-superserver-e3029d-review-a-fanless-10g-pfsense-powerhouse/9)

I have a comparable, passively cooled 1Gbps version from Supermicro:

[https://www.supermicro.com/en/products/system/Box\_PC/SYS-E100-9S-L.cfm](https://www.supermicro.com/en/products/system/Box_PC/ SYS-E100-9S-L.cfm)

In my opinion, the cooling is inadequate, especially if you really want to get some performance.
This means: The service life of the hardware suffers as a result, the CPU throttles performance, as do other components (e.g. SSD).

Another thing to keep in mind is that the casing gets really warm to hot, so touching it is no longer necessary at times.

Greeting

P.S. As already noted by user109: In terms of latency, you definitely have no advantage with XGS-PON compared to 1 GBps FTTH. Apart from that, the further lines, prioritizations, workloads, transitions,… up to your final destination definitely have a much greater influence on the latency.

Hello everyone

Regarding latency: I am not currently on fiber optic, but still with UPC Business 1G as the main provider. There 12-16ms is the rule, along with a generally not very reliable service. As a backup I have Swisscom 100/30, where the latency is 10ms.

About the project: Yes, about the heat. I currently have three fans (bottom, top, back) to swirl and direct the exhaust air away. Without devices, but with the fans, I’m currently measuring around 37 to 39db, i.e. in the whisper range. Hopefully that and plenty of space for the Supermicro will help, otherwise I’ll throttle the system to a responsible operating temperature.

I’m happy to hear that Swisscom-Zyxel works as a bride-private firewall. So if it doesn’t work for me on the first try, then I know that the dog is buried with me and not with the provider!

So I now use the following in my “home lab”:

• Fractal Define C (Midi Tower, Quiet & Soundproof)

• ASRock X570 Pro4 board

• AMD Ryzen 7 3700X with stock cooler

• 2 × 32 GB SAMSUNG M391A4G43MB1-CTD Unbuffered ECC (the only thing supported by the 3700X)

• 2 x Corsair 1TB Force MP600 in ZFS RAID1

• Asus

• Hypervisor: Proxmox VE

• Networking: everything about OVS / Open vSwitch Bridges.

• Main Uplink: UPC Business 1 Gbit/s (fiber optic not available, similar experience as @Smallpot regarding reliability i.e. at least 30 minutes down per year. Fiber optic would be very welcome. G.fast Gebastel would also be available, but currently no alternative because of the UPC contract.)

• Secondary Uplink: Salt 4G via Netgear M1.

• Firewall: pfSense in a VM. Trunk splitting takes place on the OVS or via Proxmox and not in the VM. The VM receives its own virtual interface for each subnet.

• Other projects on it: K8s Cluster with Rancher with 3 nodes, Unifi Controller as LXC, Windows 10 VM, Hass.io.

I achieve stable iperf3 measurements of 9.7 Gb/s in the same subnetwork at layer 2 between my workstation and an Ubuntu VM in Proxmox, without any PCIe passthrough or other tinkering, but purely via the Proxmox “native” OVS bridges. From VM to VM it is even 25 Gbit/s over the same OVS bridge.

In routing operation between two subnets or Layer 3 via pfSense I achieve around 4.8 Gbit/s. I haven’t optimized anything here yet. Pure stock installation according to the netgate manual.

And yes: The home lab should be in a separate room in accordance with WAF. Although it produces little noise, it does produce waste heat. The Minergie ventilation with WRG but good electric heating in winter.

Hello everyone

I’m selling my Zyxel AX7501 (with XGSPON SFP+), send me a PM if you’re interested.

Before summer, Swisscom will probably not change much in the SME sector (by which I mean with fixed IP -> PPPoE) and more than 1Gbps will not be activated. Very annoying, but a degenerate discussion about it would certainly not be productive.

@millernet

Exciting setting, sounds like a top price/performance combination for a home lab!
We have also recently been using an ASRock

Instead of aQuantia, we use Intel NICs because I haven’t had the best experiences with aQuantia (the copper version “ASUS XG-C100C”) in desktop operation. However, nice to hear that things are going so well for you!

The main reason for this step in our case was to (finally) have a flexible, “expandable and convertible” system. SBCs and passively cooled solutions rarely offer this level of performance and flexibility (or/and you are quickly faced with extremely high prices).

If not “quite” as much power is required, I still like to use the APU2 platform, top reliable SBCs.

---

@Sennhauser-ITS wrote:

Hello everyone

I’m selling my Zyxel AX7501 (with XGSPON SFP+), send me a PM if you’re interested.

Before summer, Swisscom will probably not change much in the SME sector (by which I mean with fixed IP -> PPPoE) and more than 1Gbps will not be activated. Very annoying, but a degenerate discussion about it would certainly not be productive.

@millernet

Exciting setting, sounds like a top price/performance combination for a home lab!
We have also recently been using an ASRock

Instead of aQuantia, we use Intel NICs because I haven’t had the best experiences with aQuantia (the copper version “ASUS XG-C100C”) in desktop operation. However, nice to hear that things are going so well for you!

The main reason for this step in our case was to (finally) have a flexible “expandable and convertible” system. SBCs and passively cooled solutions rarely offer this level of performance and flexibility (or/and you are quickly faced with extremely high prices).

If not “quite” as much power is required, I still like to use the APU2 platform, top reliable SBCs.

---

Well the Aquantia / Marvell chips are the only affordable ones, unless you find an Intel NIC on the used market. The setup runs really well, but is usually only used at 5 Gbit/s (workstation - Diskstation 1817+ with 6 × 8 TB RAID6 Seagate IronWolf disks). My aim was always to have some kind of hyper converged platform and to run everything virtualized on a single server. As soon as you have your own house, a nice cluster with GlusterFS and all the bells and whistles including high availability with CARP from pfSense is set up in a dedicated technical room. For many people, virtualizing a firewall is still a bit strange. I’ve been running my firewalls on ESXi for 5 years now and now on Proxmox VE. Additional hardware only causes costs, requires energy, and generates waste heat and noise. The setup runs very well and does not cause any problems, apart from the rather high energy consumption. However, the disk station with 6 HDDs consumes the most energy.

I’ve already looked at the APU2 from PC Engines. However, this barely achieves gigabit performance, although fine tuning is required ([https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/](https://teklager.se/ en/knowledge-base/apu2-1-gigabit-throughput-pfsense/)). I can’t live with the fact that I pay and get 1 gigabit/s and then my firewall “castrates” it. I have sleepless nights. I have been using PC hardware and pfSense or OPNsense for my firewall for years. More out of necessity, because there is simply nothing better for advanced home use (including IPS with suricate or snort). I’ve been looking for the perfect home firewall as a dedicated device for a long time and haven’t found it yet. Unless you want to switch to Fortigate and Zywall’s, which comes with corresponding license costs. Most Zywalls are also very weak, but are quite acceptable as pure firewalls and routers. My Eltern has a Zywall 110 that has been running continuously for 7 years. The device is still available in stores today, receives software updates and even free support. Something like this is almost unheard of in the IT world. I’ve already tried my luck at Ubiquiti. The Dream Machines would be 99% suitable, but can’t even address an IPv4 subnet on the WAN. Only IPv4 is permitted. Because of these and other shortcomings, which Ubiquiti hasn’t fixed for years, it’s not for me. The EdgeRouters (12) offer the most features, but in terms of performance they are more noise and smoke from the marketing department. A simple WAN-to-LAN throughput test with iperf3 revealed too many TCP retransmissions for my liking. Performance is also only achieved with the ominous HW offloading, which is not even activated by default. Only pfSense and OPNsense offer the absolute best combination of comfortable operation in the UI, flexibility in hardware, the possibility of virtualization and open source code. However, due to the necessary x86 processors, the systems consume quite a lot of power. Finding the perfect firewall has become a lifelong task. 😂

Additionally I realised now that the step by step info you provided includes 2 broadband setting, one for IPOE and the other one for PPPOE is that correct?

Yes, that’s correct.

Also I have a 10gbps connection from Swisscom, however right now the zyxel only gets 1gbps even though my ONT is a 10GBps.

Sadly: You won’t get 10g over PPPoE yet (only 1g), one reason I changed back to CB2 at the moment.

Some supporters rumor about “Summer 2021” could come a new Business-Router and 10G with fix IP…

… let’s hope and wait

Thank you for your response,

Ok I understand, its quite incredible that they won’t let you do 10gbps on PPPOE, how are you managing on CB2 since it can only handle 1GBPS?

To make sure, I create 2 broadband settings for IPOE and PPPOE and that will allow me to do a PPPOE passthrough to the unifi dream machine pro? With the CB2 it worked perfectly with the passthrough and Unifi dream machine pro.

@Sennhauser-ITS Hello again

i tried your solution. On the zyxel side it works.
but as soon as I set up pppoe via unifi dream machine pro. With or without dhcp option 60 and vlan 10/11 the zyxel no longer gives an IP address to the udm pro.

i don’t know what to do. Any pointers?

I wasn’t happy with PPPoE passthrough had problems with disconnects, so I changed to Bridge-Mode.
Worked better with Bridge-Mode but I had irregular Interrupts every ₁-12 Days.

Because it never worked perfectly and problem-free, only 1 Gbps is possible yet and I wanted to Use Internet-Backup again I’ve changed back to CB2.

As I wrote some posts above (maybe in German:
Without PPPoE it seems to be a very good and fast solution, but not (yet?) with PPPoE. Maybe others had better experiences than me…

@Sennhauser-ITS

Thank you so much for your time and help,

I ended up sending back the Zyxel as I didn’t find the need for 400CHF box for the same results that the CB2.0.

For now it seems impossible to get anything above 10GBps with PPPOE, I confirm that, however I have never managed to get the Zyxel running on bridge mode.

@Sennhauser-ITS

Hello how are you,

I have an idea to maybe make this work,

I believe that getting a media converter: https://www.digitec.ch/fr/s1/product/delock-convertisseur-de-medias-sfp-en-rj45-convertisseur-de-medias-accessoires-reseau-12083690 10gb off course then connect it to a unifi dream machine pro could potentially work.

It remains to be seen if we can achieve the 10gb with this, indeed, the dream machine can clone a mac address, can have option 60 and vlans.

I am ready to do the test, I just would like to have a confirmation that PPPoe cannot do 10gb.

Thank you

@KC This will not work. The converter can use Ethernet, but the SFP + module is XGS-PON and still needs an ONT (e.g. for encryption (AES128) -> the hardware needs software). A Zyxel AX7501 works with the correct settings (is officially certified by Swisscom).

See the comments on the product at Digitec:

https://www.digitec.ch/en/s1/QuestionAndAnswer/ist-der-konverter-mit-dem-xgspon-onu-sfp-modul-ltf7225-bh-von-hisense-kompatibel-das-modul-wird-von–304098?productTypeId=432

@user109 Thank you for your response,

For having tried the Zyxel AX7501-B0 I can confirm that with PPPOE passthrough, you do not achieve 10gb. It seems that PPPOE passthrough is capped at 1GB. Additionally it seems that it is impossible to get the Zyxel on Bridge mode, even if you create the dual session with IPE (DHCP) and bridge mode. Which in essence copy the way the Centro Business 2.0 does things.

Furthermore., It seems that the unifi dream machine pro has the ability to be connected via Fiber directly, I do not know if it does ONT and encryption thought. When I try to put any fiber module on the UDM Pro directly, the SFP+ port doesn’t light up.

I believe it was because it needs a media converter, thus why I wanted to try the converter to have the signal transformed to be understood by the UDM PRO.

Furthermore the UDM Pro is capable of doing DHCP Option 60 and the VLAN 10 and or 11.

Thank you

You won’t get more than 1 Gbps with fix IP -> PPPoE with any solution (at least this ist my last Information from Swisscom Support _February). Only regular “IPoE-” Users can “benefit” from up to 10Gbps.

I don’t know if there is any working XGS-PON Mediaconverter, but regular Mediaconverters or “FTTH Converter” won’t work (as described above).