Virtualized Modem, Router and Firewall

[Sathyrica]

Hi

I am new to this forum; i tried to find information on running a modem, a router and a firewall in seperate VMs on one hypervisor. Provided I have a SFP compatible NIC that allows to me interface to my provider and one for the firewall to forward the connection to my home network - would this be a practicable solution or am I overseeing some basic obstacles or reasons not to do this?
I am studying software engineering and consider it an interesting task to tinker around, so I don't really have any motive but learning and maybe an expectation of fine performance. Is this unrealistic?

 

[t53186]

All three of those are usually Hardware devices. What does a VM have to do with any of them? Three virtual machines (VM's) consist of three instances of an operating system running. Guess I am confused with what you are trying to do, or maybe how you are explaining it.

 

[Spectre694]

The router and firewall as a VM is no problem (pfsense, sonos, etc.) Isn't typically considered best practice because you don't really want some rouge vm or application taking out your router but it's not impossible.

The modem can't really be VM'd though it is a hardware device designed to interface with your ISP's network.

 

[Sathyrica]

Thanks for your answers, I was actually following up on some pfSense+untangle tutorials to get a rough idea of what is possible and practicable for a home enviroment. There is various reasons why I wanted to get away from classical oem modem/router/firewall-devices, most importantly I want to get my hands dirty with some open source software and increase my knowledge of networking - as this is still rather limited as of today.
I tried to find a fiberoptic modem that would only do the modem job - partly cause I don't trust major manufacturers (i know this sounds paranoid, but some major players have been known to include backdoors in their hardware; or at least i picked that up in a security course that I do attend when i have time for that.)
I am very sorry if it is not easy to understand what I try to achieve, basically I want to build my own modem-router-firewall-combo with a SFP compatible NIC, an RJ45 NIC, some energy efficient hardware and put some open source software on VMs and pipe their out and inputs to each other via virtual networks.
I was wondering if that's a viable project to pursue.

 

[Spectre694]

Thanks for your answers, I was actually following up on some pfSense+untangle tutorials to get a rough idea of what is possible and practicable for a home enviroment. There is various reasons why I wanted to get away from classical oem modem/router/firewall-devices, most importantly I want to get my hands dirty with some open source software and increase my knowledge of networking - as this is still rather limited as of today.
I tried to find a fiberoptic modem that would only do the modem job - partly cause I don't trust major manufacturers (i know this sounds paranoid, but some major players have been known to include backdoors in their hardware; or at least i picked that up in a security course that I do attend when i have time for that.)
I am very sorry if it is not easy to understand what I try to achieve, basically I want to build my own modem-router-firewall-combo with a SFP compatible NIC, an RJ45 NIC, some energy efficient hardware and put some open source software on VMs and pipe their out and inputs to each other via virtual networks.
I was wondering if that's a viable project to pursue.

Well the router/firewall project is a worthwhile project to pursue the modem portion is not.

The problem is a modem really is a piece of specialized hardware (splits and decodes/demultiplexs the various signals) so you would absolutely have to get a modem card for a PC which basically do not exist. There were a few PCI ADSL ones made that I know of but are universally considered to be garbage. No PCI-e ones made that I know of and same for cable couple of older PCI ones no new PCI-e's. I also doubt they are on any ISP's approved list.

you keep mentioning fiber though so I guess you actually have FTTH then. That is another beast all together (though it has some similarities to cable and DSL.) It requires an ONT (more or less the modem) which serves much the same purpose but there is really no analogue in the consumer space (or even enterprise for that matter). at least for Verizon's network it must be able to decode two separate wavelengths and send a third one back over the same fiber pair.

Also like a cable modem a misbehaving ONT can actually cause issues for everyone else due to the way uplinks are handled. That is one of the reasons they tend to have approved hardware lists in order to avoid that.

That said pretty much everyone will let you put their modem into bridge mode so that it simply does its work as a modem and no routing at all.

 

[Sathyrica]

Well the router/firewall project is a worthwhile project to pursue the modem portion is not.

The problem is a modem really is a piece of specialized hardware (splits and decodes/demultiplexs the various signals) so you would absolutely have to get a modem card for a PC which basically do not exist. There were a few PCI ADSL ones made that I know of but are universally considered to be garbage. No PCI-e ones made that I know of and same for cable couple of older PCI ones no new PCI-e's. I also doubt they are on any ISP's approved list.

you keep mentioning fiber though so I guess you actually have FTTH then. That is another beast all together (though it has some similarities to cable and DSL.) It requires an ONT (more or less the modem) which serves much the same purpose but there is really no analogue in the consumer space (or even enterprise for that matter). at least for Verizon's network it must be able to decode two separate wavelengths and send a third one back over the same fiber pair.

Also like a cable modem a misbehaving ONT can actually cause issues for everyone else due to the way uplinks are handled. That is one of the reasons they tend to have approved hardware lists in order to avoid that.

That said pretty much everyone will let you put their modem into bridge mode so that it simply does its work as a modem and no routing at all.

Thanks that has been very helpful to clarify things a bit for me.

I did skim the net for transceivers that would support the both the wavelengths that my provider uses as well as cards that could actually house them, like this - but as far my understanding goes i was not able to conclusively determine if this is a nic or a modem:

https://www.startech.com/Networking-IO/Adapter-Cards/pcie-gigabit-ethernet-fiber-card-open-sfp~PEX1000SFP2
https://www.flexoptix.net/en/transceiver/sfp-bidi-transceiver-1-gigabit-sm-tx1310nm-rx1550nm-10km-12db-ddm-dom.html?co3095=18346

But I guess you're right and I should just bridge the connection and build my security measures after that. I just thought it would be nice to have a fully self-assembled box that uses 10 times the space and power an ASIC would require to handle the job.

 

[Spectre694]

Well the router/firewall project is a worthwhile project to pursue the modem portion is not.

The problem is a modem really is a piece of specialized hardware (splits and decodes/demultiplexs the various signals) so you would absolutely have to get a modem card for a PC which basically do not exist. There were a few PCI ADSL ones made that I know of but are universally considered to be garbage. No PCI-e ones made that I know of and same for cable couple of older PCI ones no new PCI-e's. I also doubt they are on any ISP's approved list.

you keep mentioning fiber though so I guess you actually have FTTH then. That is another beast all together (though it has some similarities to cable and DSL.) It requires an ONT (more or less the modem) which serves much the same purpose but there is really no analogue in the consumer space (or even enterprise for that matter). at least for Verizon's network it must be able to decode two separate wavelengths and send a third one back over the same fiber pair.

Also like a cable modem a misbehaving ONT can actually cause issues for everyone else due to the way uplinks are handled. That is one of the reasons they tend to have approved hardware lists in order to avoid that.

That said pretty much everyone will let you put their modem into bridge mode so that it simply does its work as a modem and no routing at all.

Thanks that has been very helpful to clarify things a bit for me.

I did skim the net for transceivers that would support the both the wavelengths that my provider uses as well as cards that could actually house them, like this - but as far my understanding goes i was not able to conclusively determine if this is a nic or a modem:

https://www.startech.com/Networking-IO/Adapter-Cards/pcie-gigabit-ethernet-fiber-card-open-sfp~PEX1000SFP2
https://www.flexoptix.net/en/transceiver/sfp-bidi-transceiver-1-gigabit-sm-tx1310nm-rx1550nm-10km-12db-ddm-dom.html?co3095=18346

But I guess you're right and I should just bridge the connection and build my security measures after that. I just thought it would be nice to have a fully self-assembled box that uses 10 times the space and power an ASIC would require to handle the job.

No problem and that is a NIC though if you were somehow able to find a fiber modem card it would have that same SFP+ slot most likely.

I will agree though it would be nice to find a modem card unfortunately no one actually appears to make them.