Roll your own Router - pfSense, etc



  • Educate me please. Pro's and con's of the DIY approach.

    As I'm familiar with them, especially against an all in one solution like a Fortigate.



  • The benefits of DIY is that you can customize everything and build your hardware as big as you want. This is important if you want to get 10Gb/s or faster for cheap. VyOS provides a really excellent router OS that is open source and free. You get a lot of power but you need to get your OS support and your hardware support separately and often this is very expensive.



  • Buying prebuilt with any degree of quality hardware is normally cheaper and comes with integrated support. Products like UBNT EdgeRouter comes with EdgeOS which is nearly identical to VyOS, also heavily developed, loaded with features but you get cost effective and battle tested hardware, a large community of users on the same exactly hardware and software combination so that you are not the only one facing issues when they arise, documentation is common and there is support for everything - one throat to choke.



  • @scottalanmiller Is there any case to be made for this is SMB space ?



  • Comparing costs.... to get a router class bit of hardware I'm likely going to spend upwards of $300 and then need to spend time getting VyOS, pfSense or SmoothWall installed. This can be more complicated than anticipated as router hardware tends to be ARM RISC based and most DIY OSes tend to be AMD64 based. So when it comes to by time and the hardware, I'm unlikely to be below $500 for an entry level device that I have to support myself.

    From UBNT I can buy a reasonably competitive device, prebuilt for me and fully supported for under $100.



  • @MattSpeller said in Roll your own Router - pfSense, etc:

    @scottalanmiller Is there any case to be made for this is SMB space ?

    I honestly don't believe so, or maybe only in the most extreme situation. You can't do it cheaply enough to make cost the driver. And the lack of support makes it hard to make reliability the driver.



  • Before vendors like Ubiquiti were on the market, DIY routers sometimes made sense. Vendors like SonicWall and Fortigate change many times more and you get quite a bit less than with Ubiquiti and some others. So just a few years ago, DIY made sense because there wasn't much cost effective on the market. But with vendors like UBNT available now, the need for DIY in the SMB space has all but disappeared. Even products like Meraki which used to have unique advantages don't have that place any longer with products like UniFi replacing them as well.



  • @scottalanmiller Would knowing how to setup a DIY router (pf/vyos/etc) be a highly marketable skill?





  • I used pfsense before I was introduced to the edgerouters. Once I learned it was s fork of VYOS and saw how easy it was to learn, and how inexpensive it was, I switched from pfsense and never looked back.



  • @MattSpeller said in Roll your own Router - pfSense, etc:

    @scottalanmiller Would knowing how to setup a DIY router (pf/vyos/etc) be a highly marketable skill?

    I'd put that as a zero value skill. 🙂 Both because I've never heard of nor can I imagine a business willing to pay for that skill. But also because it's so trivial to pick up that skill, that's a one hour learning curve skill, basically. At least for pfSense. VyOS is a general router management skill set, but that's different. Knowing how to manage a router is different and valuable, knowing how to install one is worthless.



  • @fuznutz04 said in Roll your own Router - pfSense, etc:

    I used pfsense before I was introduced to the edgerouters. Once I learned it was s fork of VYOS and saw how easy it was to learn, and how inexpensive it was, I switched from pfsense and never looked back.

    Same here, I used to build my own all of the time. All different kinds. We were on Vyatta for a long time before they went into Brocade. Then on VyOS. Things like Smoothwall before that. But Ubiquiti made it all make no sense any longer.



  • That EdgeOS (Ubiquiti), VyOS (roll your own) and Vyatta (Brocade) share a skill set is valuable, too.



  • I cannot think of a valid reason that I would build a roll my own now that EdgeRouters exist.

    Like others are used to build pfSense boxes all the time



  • Used to make sense to build your own, but it has been a while since I have seen a situation where I would recommend that.



  • I've built one once... It was a Firewall / Router using straight up Linux, Shorewall, and ClamAV for a 10 meg connection. Our main firewall just went kaput, and the company was not responding to phone calls for support (it's a long story).

    Set up Linux on a system with 8 NICs and went to town.

    Edit:

    It's not hard to build one if you understand the concepts of routing and such... Not for the faint of heart if you have to make one work well enough to be used in production.