What is the main reason that you don’t want to go with KPN box 14?

Also, check the Tweakers.net Pricewatch, you can put in all the options you require.

Because I want to have...

a more advanced Firewall, VPN, VLAN, Parental controls, DNS, DHCP (maybe replace the Pi-Hole), IDS/IPS.

Thx for the Tweakers link! That brought me down to a single option: MikroTik CCR2004. Not sure if their RouterOS, but could give it a try I guess. Custom build with pfsense/opnsense seems a bit more attractive (and could then also buy that in a smaller form factor than the MikroTik).

Be aware that pfSense/OpnSense is a bit tricky with PPPoE, which you need for making a connection with KPN. You need a good CPU for that, I don’t know if PPPoE is still single threaded.

@gxjansen If you are looking for a router with SFP+ en Speeds above 4Gbs, the choices are limited. Router of Uniquity, Mikrotik, TP-Link, Asus en Draytek are fine but costly. If you want play en tweak, Banana BPI-R4 is great en cheap, with upgrade option to Wifi7

Where would I find the PPPoE config details for KPN? Would I find those in the servicetool once I can login there?

@gxjansen 

Technische details Internet
• PPPoE via VLAN 6 (802.1q).
• PPPoE authenticatie PAP met een gebruikersnaam en wachtwoord (bijv. internet / internet).
• Maximale pakket grote (mtu) 1500 bytes (rfc4638)
• IPv4 adres + DNS servers via PPPoE verkrijgen
• IPv6 adresreeks + DNS servers (IPv6) via DHCPv6-PD verzoek (in PPPoE). Een adres gebruiken uit reeks voor router.

Technische details tv (netwerk specificatie en configuratie)
• Ethernet VLAN 4 (802.1q)
• Adres via DHCP vereist mee sturen option60 (Vendor Class Identifier) met waarde: IPTV_RG.
• Specifieke route informatie via DHCP opvraagbaar (option 55 bevat 1, 3, 28 en 121)
• Extra; DNS servers niet gebruiken + default gateway niet gebruiken. Alleen specifieke routes.
• Inschakelen IGMP-proxy inclusief fast-leave optie vereist voor tv-signaal in thuisnetwerk (min. IGMPv2).
• Routed mode. KPN gebruikt routed mode, geen bridge mode

The BPI-R4 looks perfect in terms of ports and form factor! Would require a SFP+ Transceiver Module to hook it up to the ONT (I heard those run quite hot) but I suppose that migth be a good concession to make.

Will it have enough power to function as a 10GbE router and the KPN PPPoE?

@gxjansen I'm not testing with 4Gbs KPN fibre, but if you enable packet steering, 4 cores 1.8Ghz are enough for PPPoE 4Gbs. 

Would a BPI run opnsense/pfsense on it's ARM architecture? Or are we looking at something else to run on it

Some info here: https://forum.opnsense.org/index.php?topic=35828.0

Is it possible to put an SPF+ connector on the fibre cable directly and put that in the homebrew/BPI-R4 gateway (thereby removing the ONT from the system)? Is there something happening in the ONT that the gateway can't do?

@gxjansen Yes, it is possible to use a SPF+ module in BPI-R4 on KPN fibre network without ONT. At the moment are 3 modules working on KPN network, Precision SFP10G-XSONU-N1I, FS XGS-ONU-25-20NI and Zaram ZXOS11NPI.

I'm not using without KPN ONT, because i only have 1Gbs fibre. I bought BPI-RP4 with case, fan and 2 modules for using with my switches for less than 150,€

Not to my knowledge.

If you plan on using your own SFP, you must notify KPN via their servicetool https://servicetools.kpn.com/v2/#/voip-credentials

As in: I need to get one of these to attach to my incoming fibre cable, correct? Any guides on how to do that, would be a first for me :D

Yes, based on the acronyms, I would go with the one that says XGS, but maybe there are detailed specs available. Your connection with KPN is XGS-PON.

Theoretically you can use any SFP+ with MAC and KPN specs (TX 1260 .. 1280nm, RX 1575 .. 1580nm). But only 3 modules are tested succesfully on KPN network. You can try to be the first to test another modules.

By example E.C.I. Network EN-XGSFPP-OMAC-V2, AddOn Networks SFPP-XGS-ONU-MAC-I-AO, Solid Optics SFP-XGS-Ustick-SO or Zyxel PM7010-R0. But all of them are not cheap, the Zaram is the cheapest, costs around 140,-€

I would first await the connection and the corresponding v14 tobe delivered and  then first fiddle around a bit to see the capabilities of the v14 before making final decisions on choosing your own equipment. 

The most important already mentioned is make sure the hardware is fast enough and supporting pppoE in hardware acceleration otherwise it will be a disappointment for the max speed.

The v14 cannot run in bridged mode however if you do not care about double NAT for ipv4 you could activate both ipv4 and ipv6 DMZ function to forward all ports towards the router behind the v14.  The v14 has a WAN and LAN on 10Gbit available so through the device there should be no bottleneck while at the same time the v14 is handling the pppoE.

For ipv6 path it should also be possible to acquire ipv6 prefixes via the v14 on the LAN side.

Oh interesting! Yeah I don't mind the v14 being there (besides having an extra device that uses energy). Double NAT seemed to be the main problem with keeping it while also having my own custom router.

I'm an KPN technician so I can't reccoment you anything about own hardware. Just wanted to come to this topic to tell you an 4Gb line is always XGS-PON and I wanted to applaud you for your excellent network schema. I'm in love with it and wishes everyone had something like this.

Haha, thx. It's my first ever, needed it to get some clarity in my head for all the different devices and connections. I bet there are a lot of conventions for these kinds of diagrams that I didn't follow :D

@gxjansen

Your diagram looks nice but i would realise the 2 connections between 2 switches on another ways.

Why do you want to use CAT7 or fibre optic cable with RJ45 SFP+ modules? CAT7 is expensive and RJ45 SFP+ modules getting very hot at high speeds.
You can just use 2 SFP+ BiDI modules, wavelength does not matter, if they are supported from the switches, and a fibre optic cable. They are cheaper than RJ45 SFP+ modules of uniquiti.

I connected a 1Gb switch and a 2.5Gb switch with fibre optic cables and SFP+ 10G modules and used link aggregation for switches and NAS. For 4 SFP+ modules en 2x5m fibre optic cables i paid less than 30,-€

Yeah Fiber OR Cat7 is what I meant with

Fiber OR Cat7 (both ends RJ45 with Ubiquiti SFP+ Transceiver Module)

Or that is at least what I tried to imply . Would definately prefer fiber for the reasons you mention (mainly the heat).

Not sure yet on how to connect a SFP+ BiDI module to a fibre cable myself. I've done RJ45 connectors but this would be a first for me. The cable will need to go through the PVC pipes in my house as these switches are in different sections of the house so can't pull a fiber cable with pre-attached module through that and would need to attach those myself. If you have any tips on that: let me know :)

@XS4-Arjan Connecting a SFP+ module to a fibre calbe is easier than RJ45. With the right prefab cables (blue of green connector) is it just "plug and play”.

You should use a cable puller and silicon spray of WD40 spay to make it easier to pull cables through the pipes.

In http://www.routershop.nl of https://www.fs.com/de-en/ you can find almost everthing you need. I bought mostly direct from China, it is the same stuff, but rebranded.

I’ve got the Ubiquiti Dream Machine Pro Max.  Download works well, upload currently limited to 1Gbps but I believe this is a KPN issue.

You connected the fiber directly to the UDM Pro Max and got 4Gbit/s download speeds? I wasn’t aware that the UDM Pro Max is capable of offloading PPPoE to hardware. Can anyone confirm, because I might need to update my hardware in that case :-)