The other thing to keep in mind is to pass through physical nics. Using just the vnics will potentially lead to security risks. That’s the reason I went back to physical fws.
I could throw an extra NIC in the server and pass it through, but what are the security risks of using the virtualized NICs? I'm just using virtio to share a dedicated bridge adapter with the router VM.
If you just use 2 nodes, you will need a q-device to make quorum if you have one of the nodes down
I could just use VRRP / keepalived instead, no?
I should try Proxmox, thanks for the suggestion. I set up ZFS recently on my NAS and I regret not learning it earlier. I can see how the snapshotting would make managing VMs easier!
That is pretty sweet. I have a second server I could use for an HA configuration of the router VM. I've been meaning to play around with live migrations (KVM) so this could be a cool use case for testing.
I appreciate the advice. I have like 3 spare routers I can swap in if the server fails, plus I have internet on my phone lol. It's a home environment, not mission critical. I'm glad you mentioned this though, as it made me realize I should have one of these routers configured and ready-to-go as a backup.
My logic is partly that I think a VM on an x86 server could potentially be more reliable than some random SBC like a Banana Pi because it'll be running a mainline kernel with common peripherals, plus I can have RAID and ECC, etc (better hardware). I just don't fully buy the "separation of concerns" argument because you can always use that against VMs, and the argument for VMs is cost effectiveness via better utilization of hardware. At home, it can also mean spending money on better hardware instead of redundant hardware (why do I need another Linux box?).
There are also risks involved in running your firewall on the same host as all your other VM’s
I don't follow. It's isolated via a dedicated bridge adapter on the host, which is not shared with other VMs. Further, WAN traffic is also isolated by a VLAN, which only the router VM is configured for.
Half-Life 3
Steam Console Exclusive
I haven't tried these but for self-hosting email, Mox looks really good and easy to set up for personal use. For something beefier, Stalwart seems to be gaining traction and has more features a business would want.
FYI the Proton CEO is a Trump sympathizer.
As a GitHub replacement, Gitea is really good and easy to run/maintain.
What you're asking for is like 3 different questions:
A small business might use the same company for all 3 of these, but if you work in tech or are at a larger company, you may be interested in 3 different answers for these because they're all different specializations.
For dedicated servers, GTHost has been excellent. At work, we deal with more than a dozen similar vendors globally and GTHost is near the top. I would put them ahead of OVH.
Pretty much any game newer than Quake 3 uses what I referred to as unlagged, which is now known as backwards reconciliation or lag compensation. You only need to shoot where you actually see the player to be.
This drives me nuts in The Finals as well. I also really want to know what my opponents' pings are, because sometimes it feels like they're exploiting the unlagged netcode with high ping. Edit: And don't give me a little 3 bar signal strength graph - I need numbers.
FYI also in case you didn't know, the sniper rifle for light in The Finals is hitscan up to 40m away, then after that it has travel + bullet drop. This was introduced in a patch about 6 months ago. (I don't think the Pike for medium is hitscan at any range.... someone correct me though)
Half the US doesn't even use the internet outside of Facebook, which is run by one of these assholes. You absolutely do not have excellent communication technologies. The tools you have extremely vulnerable to manipulation. We've only seen a taste of the horrific possibilities with Facebook controlling communication and the entire information space.
Even if the virtualized router is down, I'll still have access to the physical server over the network until the DHCP lease expires. The switch does the work of delivering my packets on the LAN, not the router.
Thanks for the tip about the pfSense limit. After running pfSense for like 8 years, my opinion is that is flush with features but overall, it's trash. Nobody, not even Netgate, understands how to configure limiters, queues, and QoS properly. The official documentation and all the guides on the internet are all contradictory and wrong. I did loads of testing and it worked somewhat, but never as well as it should have on paper (ie. I got ping spikes if I ran a bandwidth test simultaneously, which shouldn't happen.) I don't necessarily think OpenWRT is any better, but I know the Linux kernel has multithreaded PPPOE and I expect some modern basics like SQM to work properly in it.