virgin media, 340 down and 35 up.
i run opnsense in a baremetal dell R310.
- net in via 1g from modem.
- net out via 10g to mikrotik 10g switch which routes to all 3 hypervisors.
- net out via 1g to ubiquiti wifi and home computers.
the sucky part here is that I currently run a bridge between 1 & 10g which is far from optimal.
i also haven’t yet setup VLans which is on the to-do list.
several backup mellanox 10g cards and spare cables ensure redundancy. if the 10g switch was to fail (currently) I’d have to swap over to 1g cables - i’m planning on setting up automatic failover to 1g just in case.
opnsense backs up its config to my nextcloud install every night.
opnsense captures and handles DNS itself. unbound is setup to forward DNS requests (over TLS) to my own public resolvers and then cache the results afterwards. where possible, i like to keep my data away from google/cloudflare. this setup goes some way to accomplishing that.
mostly everything is static, opnsense can assign addresses to new wireless devices. unbound is my resolver of choice due to it being audited, open source and rock solid.
each server is setup with dell enterprise idracs to allow remote admin of the servers themselves, these are secured with certs signed by my own CA and limited to local network access.