Category Archives: Hardware Adventures

Replacing Meraki with TP-Link Omada for the new year

Posted on by
Reply

[This post was originally teased on Medium – check it out and follow me there too.]

I’m a big fan of Meraki, but now that I haven’t been an employee of Cisco for over two years, I no longer have the free license renewals or the employee purchase discounts on new products and licenses. So October 28, 2022, was the end of my Meraki era. (Technically a month later, but I needed a plan by October 28 just in case.)

The home network, mostly decabled, that got me through the last 4-5 years.

I needed a replacement solution that wouldn’t set me back over a thousand dollars a year, and my original plan was to use a Sophos SG310 either with the Sophos home firewall version or PFsense or the like. I even got the dual 10gig module for it, so that I could support larger internal networks and work with higher speed connectivity when the WAN links go above 1Gbps. I racked it up with a gigabit PoE switch with 10gig links, and now a patch panel and power switching module.

The not-really-interim network plan. The Pyle power strip and iwillink keystone patch panel stayed in the “final” network rack.

But I didn’t make the time to figure it out and build an equivalent solution in time.

How do you solve a problem like Omada?

Sometime in early to mid 2022 I discovered that TP-Link had a cloud-manageable solution called Omada.

It’s similar in nature to Meraki’s cloud management, but far less polished. But on the flip side, licensing 12 Omada devices would cost less than $120/year, vs about $1500/year (or $3k for 3 years) with Meraki. So I figured I’d give it a try.

The core element of the Omada ecosystem is the router. Currently they have two models, the ER605 at about $60-70, and the ER7206 at about $150. I went with the ER605, one version 1 without USB failover (for home, where I have two wireline ISPs), and one version 2 model with USB failover (for my shop where I have one wireline ISP and plan to set up cellular failover).

You’ll note I said cloud-manageable above. That’s a distinction for Omada compared to Meraki, in that you can manage the Omada devices individually per unit (router, switch, access point), or through a controller model.

The controller has three deployment models:

  • On-site hardware (OC200 at $100, for up to 100 devices, or OC300 at $160, for up to 500 devices)
  • On-site or virtualized software controller, free, self-managed
  • Cloud-based controller, $9.95 per device per year (30 day free trial for up to 10 devices I believe)

I installed the software controller on a VM on my Synology array, but decided to go web-based so I could manage it from anywhere without managing access into my home network.

Working out the VPN kinks

The complication to my network is that I have VPN connectivity between home and the shop across town. I also had a VPN into a lab network in the garage. Meraki did this seamlessly with what you could call a cloud witness or gateway – didn’t have to open any holes or even put my CPE into bridge mode. With Omada, I did have to tweak things, and it didn’t go well at first.

I was in bridge mode on Comcast CPE on both ends of the VPN, and did the “manual” setup of the VPN, but never established a connection. I tried a lot of things myself, even asked on the Omada subreddit (to no direct avail).

I came up with Plan B including the purchase of a Meraki MX65. I was ready drop $300-500 to license the MX65 at home, MX64 at the shop, and the MR56 access point at home to keep things going, with other brands of switches to replace the 4-5 Meraki switches I had in use.

As a hail-mary effort, I posted on one of the Omada subreddits. The indirect help I got from Reddit had me re-read other documentation on TP-Link’s site, wherein I found the trick to the VPN connectivity – IKEv1, not v2. Once I made that change, the link came up, and the “VPN Status” in Insights gave me the connectivity.

The trick to the manual VPN connectivity was IKEv1, not v2

The last trick, which Meraki handled transparently when you specified exported subnets, was routing between the two. I had to go to Settings -> Transmission -> Routing and add a static route with next hop to the other side of the tunnel. Suddenly it worked, and I was able to connect back and forth.

Looking at the old infrastructure

My old Meraki network had 12 devices, including three security appliances, four switches, a cellular gateway, and four access points. The home network used the MX84 as the core, with a MS42p as core switch, a MS220-24 as the “workbench” switch on the other side of the room, and a MS220-8P downstairs feeding the television, TiVo, printers, MR42 access point, and my honey’s workstation, connected via wireless link with a DLink media access point in client mode. I also had a MS510TXPP from Netgear, primarily to provide 2.5GbE PoE for the Meraki MR56 access point.

There was a SG550XG-8F8T in my core “rack” (a 4U wall-mountable rack sitting on top of the MS42p switch) but it was not in use at the time – I didn’t have any 10GBase-T gear, and the MS42p had four 10GbE SFP+ slots for my needs.

The garage lab had a SG500XG-8F8T behind the Z1 teleworker appliance. TP-Link powerline feeds that network from the home office.

The remote shop had a MX64, MS220-8P, and MR18, as well as the MG21E with a Google Fi sim card.

So there was a lot to replace, and complicate in the process.

Looking at the new infrastructure

The new core router is the TP-Link ER605, feeding the MS510TXPP switch for mgig and 10gig distribution (including WiFi), with another downlink to a TL-SG2008P switch ($90 at time of purchase) which offers 4 PoE+ ports and integrated monitoring with Omada.

The ER605 has front-facing ports, so I have those cables going into the patch panel to connect Internet uplinks and the PoE switch. On the SG2008P, ports are on the back and LEDs are on the front, so I have all 8 ports going to the patch panel and they feed things from there.

The MS510TXPP has downlinks to the powerline network, a SG500-48X switch across the room connected by 10 Gigabit DAC, and a few other things in the office.

I have the wireless needs fulfilled by a Netgear Nighthawk router in AP mode, and a TP-Link Omada EAP650 access point that needs some tuning. I expect to replace the Nighthawk with the EAP650 at some point, and I have a Motorola Q11 mesh network kit coming soon which could replace much of the wifi in the house.

The downstairs network is still fed by the DLink wireless bridge (as a client of the Nighthawk), but now it has a random Linksys 8 port switch serving the first floor needs.

The garage lab still has the SG500XG, bridged via powerline, and very limited hardware running due to California electric prices.

In the shop, I have the ER605v2, feeding a random 8-port TP-Link unmanaged switch for now. I’m thinking about getting an Omada switch there, and I recently installed a UeeVii WiFi6 access point (acquired through Amazon Vine, review and photos here) which is more than enough to cover the 500 square feet I need there.

Why’d it take so long to post?

I had found an Etsy seller who made 3d printed rackmount accessories, and I ordered a cablemodem mount, router mount, and a 5-port keystone patch panel. I ordered December 15, shipping label was issued December 21, and I expected it right after Christmas. Alas, after a month and two shipping labels being generated, I had no gear and no useful response from the seller, so I got a refund and went with rack plan B.

I took a 14″ 1U rack shelf like this one (but fewer slots and about half the price) and used zip ties to attach the router and 8-port switch to it. Not a great fit, but inside the CRS08 carpeted rack it’s not so visible.

Where do we go from here?

Right now the networks are stable, except for no wifi in the garage and occasional wifi flakiness in the house. So my next steps will be fixing the home wifi, and probably moving another AP to the garage (possibly even setting up a wireless bridge to replace the powerline connection).

I am looking at some more switching, possibly upgrading the Omada switch to replace the Netgear at home, and then take the existing 8 port Omada to the shop to provide more manageability (and PoE+) over there.

The front runners for the new switch right now are the SX3008F (8 port SFP+ at $230; 16 port SX3016F is $500), SG3428X (24 port gigabit, 4 port SFP+), and the SG3210XHP-M2 (8 port 2.5GbE copper PoE + 2 SFP+ slots at $400, pretty much the same as the Netgear except with no 5GbE ports).

There are a couple of other options, like the $500 SSG3452X which is equivalent to the MS42p, but I’ll have to consider power budget and hardware budget, and what I can get sold from the retired stash this month to further fund the expansion.

I also need to work out client VPN to connect in to both sites. I had client VPN on my travel laptop to the shop for a couple of years, but haven’t tried it with the new platform yet.

TP-LInk supposedly has a combination router/controller/limited switch coming out this year, the ER7212 which also offers 110W PoE across eight gigabit ports. It’s apparently available in Europe for 279 Euros. Hopefully it (and other new products) will be released in the US at CES Las Vegas this week.

I was going to bemoan the lack of 10G ports, but then I saw the ER8411 VPN router with two SFP+ ports (one WAN, one WAN/LAN). Still doesn’t seem to support my 2.5Gbit cable WAN, but it’s at least listed on Amazon albeit out of stock as of this writing.

Pi in the sky: Seven tips for finding the single board computer of your dreams

Posted on by
3

2022-07-03: Updated for AtomicPi

Raspberry Pi boards have been intermittently available this year. They’re still very useful, but your odds of going into a retailer and picking up a few at list price are about as good as Ethereum hitting $5k this month. In other words, don’t hold your breath.

That being said, this type of single board computer is not completely unobtainable, even in today’s supply-chain-constrained market. Here are seven tips for finding the SBC of your dreams. 

1. Check local retailers

This is a long shot, but for some people in some regions, it may still work. My local shop, Central Computers in Silicon Valley, has had them intermittently for a couple of months at reasonable prices. 

2. Check official distributors 

You can find sellers of the Pi boards on the official Raspberry Pi website. Stock may vary from day to day, and preorders may be possible, so check early and often if you’re pursuing this option. 

3. Check Amazon

Right now, I see a number of shippable Pi 4 boards in 4GB and 8Gb on Amazon. They’re pricey, with the 4GB board around $144 and the 8GB board around $195. But if you have to have it for work, or if you’ve found a way to profit majorly from using one of these boards, it may be the way to go. 

4. Consider kits

You may be thinking “I don’t need a power supply, a microSD card, a case, and all the other stuff,” but even when backorders weren’t considered, I saw starter kits with the Pi 4 board available in quantity at the above options. Right now, my local shop has the Okdo starter kit with the 8GB board for $160, limit one per customer. The bare board is $90 but out of stock, as are all of the standalone boards. So if you need access to a board soon (hopefully with someone else footing the bill), this is a very viable option. 

5. Can I interest you in a Pi400?

The Raspberry Pi 400 computer is a Pi 4b equivalent in a different form factor. The board should have the same performance as a 4GB Pi4b, and even when boards and kits were unavailable, the Pi 400 was readily available in a standalone unit at about $80 or a kit with power adapter for $110. Prices on Amazon are a bit higher (like $120 for the standalone or $180 for the kit), but still lower than the 4GB standalone board mentioned at Amazon above.  

You won’t be able to use your Pi cases or enclosures with the Pi 400, since it’s wider, but you can consider building your own stand or looking on Thingiverse and the like for 3d-printable enclosures for these boards. 

See Jeff Geerling’s “Raspberry Pi 400 Teardown” blog post and video to see what’s inside and how you might be able to repurpose the board for your needs. 

6. Check your local marketplaces for new or used boards

You may find some boards locally on Craigslist, Facebook Marketplace, Nextdoor, or the like. eBay is also an option, but it may or may not be local. As I write this post, I see boards in my extended area from $200-325 on Craigslist, and surprisingly $120 and up on Facebook. Someone is selling a complete 8-node cluster, including 6 8GB and 2 2GB boards (and power supply, network switch, tower case, etc) for $1000, which is pretty reasonable for the current market.

With these local marketplace options, be sure to buy locally, and if possible, try the board out before paying (if it’s not sealed). With eBay, read the ad carefully and be aware of buyer protections available to you.

7. Look into other small computer options

Raspberry Pi is the most famous card-sized board, probably with the longest run and best name recognition, But you can also look at things from the RockPi boards to ODROID, to LattePanda x86.

Intel NUC (NUC5PPYB/NUC5PPYH) on a 3d-printed stand with memory and HDMI dummy plug.

You may also be able to find bare board Intel NUC systems (like the remnants of the legendary Rabbit doors from a few years ago) that, while not exactly as tiny and requiring a bit more than 3-5 watts, may well do what you need. 

See the Rabbit Overview (October 2020)
and the Rabbit Launch system build (December 2021)

For example, there are some i3 and even i7 boards here on eBay for as low as $95 shipped (searching under the “motherboard” category). When I searched under “Desktops & All-in-Ones” I found some of the old Rabbit boards (quad core Pentium with Gigabit Ethernet) for around $50 each. You’ll have to add a DDR3 SODIMM, a power supply, and probably storage of some sort, but even then you can get a 4GB system for around $100 or so. 

NVI

If you don’t need an ultra-modern OS, you can also look into systems like the Jetson Nano (which I believe easily runs Ubuntu 18), or even Jetson TK1 (Ubuntu 14/16) from NVIDIA. These outdated boards are still quite interesting, and have many uses if you can “outsource” the security to a system with a newer platform.

And yet another option I found after posting this – Digital Loggers, a Silicon Valley company better known for their Ethernet-connected power controllers (mentioned in a previous post and used in my shop) are apparently the folks behind the AtomicPi Intel Atom-based single board computer. It takes a little bit more work to power, but for $50 you get a board based on the Atom x5-Z8350 1.44GHz CPU with 2GB RAM and 16GB EMMC on board, a breakout board, and an AI camera module. 

Unlike the other boards mentioned, I have not tried this one, but it’s worth a look if you can handle the limitations and get your 5V 3A power into it yourself. 

Where do we go from here?

I’m realizing I have a few boards that may be worth dusting off and using, or even selling. There’s a Pi 3b+ cluster in need of an expansion, and some other projects in the works for the upcoming holiday weekend. 

What are you doing with single board computers, and have you found any tips and tricks I missed? Share in the comments!

Three ways to build low profile Chia (and forks) nodes

Posted on by
1

This is another piece on a part of the Chia and cryptocurrency landscapes. See previous posts at https://rsts11.com/crypto

Need to set up a lightweight VPN to get into your low profile node remotely? Check out Stephen Foskett’s writeup on Zerotier. I’m using it on my Pi nodes to reduce NAT layers.

Many if not most Chia farmers run a full node on their farming / plotting machine. Some larger farms will use the remote harvester model, with a single full node and several machines farming plots on local storage. 

If you’re using Flexfarmer from Flexpool, or just want a supplemental node (maybe to speed up your own resyncing, or to supplement decentralization on the Chia network), you might want a dedicated node that doesn’t farm or plot. And for that use case, you don’t really need dual EPYC or AMD Threadripper machines. 

In fact, a well-planned Raspberry Pi 4B 4GB or 8GB system, with an external USB drive, will do quite well for this use. If you want to do a few forks as well, or another blockchain full node, a moderately-recent Intel NUC would do quite well for not much more. 

So here we’ll look at three builds to get you going. Note that any of these can run a full node plus Flexfarmer if you want, or just a full node. 

If you don’t already have Chia software and a full node installed, go ahead and install and sync the node on a full scale PC. it may save you five days of waiting. My original build for this use case was to test the blockchain syncing time from scratch.

Syncing from a semi-optimal Pi 4B from scratch took about 8 days, for what it’s worth. One member of the Chia public Keybase forum reported about 28 hours to sync on an Intel Core i5 12600k. 

Caveat: Raspberry Pi boards are a bit more challenging to find and even harder to find anywhere near the frequently-touted $35 price point, or even under $150. And for Chia nodes, you want a minimum of the 4GB Pi 4B (8GB wouldn’t hurt). So while it’s possible to run on older hardware, it’s not recommended.

 

You might also be able to run on a Pi400 (the Raspberry Pi 4B in a keyboard case, which is much easier to find for $100 or so, complete). I plan to test this soon.

 

Raspberry Pi with external USB SSD. 

This was my initial build, and today it’s running at the Andromedary Instinct providing an accessible full node for about 10-15 watts maximum. 

Continue reading

My 2021 Amazon order highlights

Posted on by
Reply

As usual, I’ve reused and recycled way too many Amazon Prime packages this year. I’m going to #thread my top 10 purchases in 2021.

These are items I have actually purchased with my own money during 2021. Photos are of the actual items in my possession (I may go back and add obvious stock photos later for the items I didn’t catch in action). .

No seller or manufacturer has asked for a review, provided any incentives, or otherwise interfered with these orders or this post. If you buy through my links here, I may receive a commission.

In no particular order….

Continue reading

Turnkey Chia farming with Evergreen Miner, and making your own compact farmer

Posted on by
Reply

Disclosures at the end, as usual

The Evergreen site and product line have evolved since this post was made in late 2021. I’m planning to update the coverage soon, but don’t be surprised if product names and prices have changed since then.

If you’ve bought your Evergreen Miner, you may have questions answered at my unofficial FAQ.

In the mean time, I have (as of January 2023) joined the Evergreen Systems Co. affiliate program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to the partner site. If you’d like to buy some of their gear, use the link https://evergreenminer.com/?ref=g2vkXM2BkDi2m, or use the referral code RSTS11 for a $10 discount, and I may receive a commission.

A few years ago, a turnkey desktop container/VM platform from Antsle came along, and I thought “this is cool, but I bet I could make one myself.” You can read about that here on rsts11.

Earlier this month I saw a low power Pi-based project similar to the Antsle Nano (which I did build on my own) come out for Chia farming. The project, Evergreen Miner (evergreenminer.com), is the brainchild of a young geek named Dylan Rose who’s worked with Amazon and other companies and has begun an interesting forward-looking Chia project to really bring Chia farming to the masses.

I’ve written about building your own Chia system, and lots of people (tens of thousands at least) have done so. But some people aren’t up for the space, expense, time, tuning, software building, and so forth to make a node and farm.

However, a lot of people could benefit from the technology and platform and even more into the future as the ecosystem matures. So the idea of a turnkey platform that’s relatively easy to build and maintain and expand, even without plotting on your own, sounds pretty good.

Think all of the functionality and potential of Chia, with the ease of setup and management of a typical mobile app, and of course the power draw of an LED light bulb or two. No hardware or Linux or filesystem or SAS knowledge required.

Continue reading