Skip to main content

ssh.nu

Chinese Infrastructure

Table of Contents

For as long as I can remember, (my memory’s only good for a couple of years), we’ve been told to watch out for Chinese hardware (and software). Cars might spy on us, routers may intercept our traffic and be used in botnets, etc. In fact, Huawei’s 5G products are Banned in Sweden.

 

# The homelab

I’ve had a homelab for many many years, where the only requirement is that the hardware in the lab should be cheap (or even better, free). Second hand items or new, no barebone may cost over 2,000SEK ($180,16 US Dollar ATTOW). RAM and storage, if not included, must - of course also be wallet-friendly.

The homelab’s compute power has consisted of many different things over the years, for example:

  • 4 Raspberry PIs (3 B)
  • 3 stacked HP MicroServers (Gen8/Gen10)
  • A super-noisy HP ProLiant 2U server sitting on a desk in a room in my mother’s apartment resulting in angry phone calls every week asking me to get rid of it
  • A couple of DELL Optiplex towers
  • Etc.

Unfortunately, with time comes other priorities, meaning my homelab hasn’t got the attention and care it actually deserves.
In 2024, I scaled the lab down to a single Intel NUC NUC8i3BEH2 (Core i3-8109U CPU, 24GB RAM, 1TB NVMe, released in 2018?) I don’t run a lot of fun stuff in the lab anymore, but a few sandboxes, and of course the all-so-popular Home Assistant and an Unifi Controller, Linkwarden, Bitwarden, etc.

 

As you can see - I haven’t ran any super resource heavy applications in my lab for a very long time, and probably won’t for a while either.

However, the poor NUC has been running very hot over the last few weeks. I have had this weird feeling that my neighbors would be quite upset if they were out of housing due to my homelab catching on fire, and thus, I finally decided it was time for the much needed hardware upgrade.

# The hunt for the perfect homelab

First off - I don’t want to run ARM in the lab.
I want x86(-64), and I want to run Proxmox without issues or dirty hacks.

The cabinet I have at home is a 19", 4HE, 400mm deep one, so I need to fit as much compute here as possible. And thus (unfortunately?) - noisy 2U datacenter servers are not an option. Nor is the old setup with a DELL tower (but maybe I can fit one, lying on its’ side 🤔) a priority since I’d like to have more than one Proxmox node.

I have 2x 1HE shelves in the rack, meaning I can fit a total of 4 Intel NUCs. However, the different NUCs I owned over the years has always been quite noisy - I have no idea if the newer generations are quieter (they most likely are), but they’ve always been quite pricy barebones.

Naturally, I went to eBay, and Tradera, the Swedish local alternative to eBay, to find new barebones for my homelab. I had been eyeing both the HP EliteDesk 800 series, and the Lenovo ThinkCentre M72x Tiny series, hoping to snag a few for a really nice price. However, it seems that people selling these machines know their worth.
I scouted all the “Accepts offer” ads, and placed offers at around €120-140 a piece (+ shipping).

Every once in a while, I also went on a hunt in the ever-so-time-wasting kingdoms of “Blocket” (Sweden’s Craigslist) and Facebook Marketplace.

## Statistics

What Expected Actual
Time spent browsing <2h 14h
eBay offers made 10 284
Angry messages received 0 4
Machines purchased 3 0

# What about China?

I won’t try to sugarcoat anything; I’m a big fan of AliExpress and have been since around 2012 when I realized I could source really cheap - and actually OK quality - underwear (and buy dirt-cheap, worthless, tech gadgets to give to friends!).

But Victor, don't you know, Chinese manufactured equipment is dangerous!?

Well..
Yes, I like danger

 

Every now and then while browsing AliExpress, I would see these “N100 2.5G Router“s pop up and I figured now’s as good a time as any to start investigating these devices a bit deeper. They come with a bunch of different Intel CPU options (usally a few Celerons, an N6000 and the N100). The N100 is a processor from the “Mobile” segment, but after a lot of Googling, I find many people using them in their homelabs with good results, so why shouldn’t I be able to?
However, I don’t really need the 4x 2.5GbE ports, so I’m sure I can find something cheaper.

 

After a while, I found the perfect product on AliExpress - the GMKtec NucBox G3! This model even has the N100 CPU which works with Proxmox.

Just as I’m about to order, I figured I’d check out GMKtec’s website to see if they have some discounts or other interesting christmas deals.

That’s when I stumbled across the NucBox G3 Plus – Enhanced Performance Mini PC With Intel Twin Lake N150 - a product with that long of a name must be good, right?
This new one has the N150 CPU, a processor so new I cannot even find it listed on Intel’s website, which rings a few alarm bells. But hey, personally, I’ve been ignoring red flags all my life, why stop now?
Price: $130

I have plenty of hard drives that are still working, so I don’t need to order more storage (yet), however I’m out of DDR4 SODIMM sticks. Intel states the N100 has a 16 GB Max Memory Size, and I guess the N150 is the same. GMKtec says “Expand to 32GB” in its’ ad though.
Let’s gamble.

Since it’s single channel memory, I needed to find a 1x32GB stick, which I found quite quickly, and cheap as well (Crucial CT32G4SFD832A).
Price: $32

# A long wait

I placed the order for the NucBox the day before christmas, which wasn’t one of the wisest decisions I took in 2024 considering I’m really impatient. Since Swedish post (and other last mile carriers such as DHL) do not want to work on the many bank holidays in the christmas period, I waited for forever*.

Anyway, enter 03 January and a text message from the sender “DHL” (which for once wasn’t phishing) and the NucBox finally arrived.

The Box

* - “forever” means 11 days

# Hardware

After opening the NucBox to install my hard drive and the RAM, I immediately noticed there’s a huge plastic frame blocking the air vents (what a weird design) which also seems to hold the WiFi antennas. Since I’ll use this with the Ethernet card, I was quick to remove the plastic frame and the Cdtech CDW-C9825BE-VB M.2 card from the device (Spoiler alert: it’s a Realtek RTL8852BE). I can use this slot for another drive later if necessary.

Remove the antennas

And suddenly, after we have removed the (dangerous!, Chinese!) chip and its’ antennas, we have a way for the hot air to escape the NucBox!

Antennas Gone

I read that it runs a bit hot (after all - it’s a NUC, and a really cheap one, that is). I also read that the fans will start running really noisy.
Naturally, I replaced the thermal paste with some Arctic MX-4 before even powering it on for the 1st time. There was quite a big goop of thermal paste on the CPU from the factory.

Loads of paste here

The N150 CPU is really shiny!

The CPU’s really shiny!

Full lspci output for the curious 
00:00.0 Host bridge: Intel Corporation Device 461c
00:02.0 VGA compatible controller: Intel Corporation Alder Lake-N [Intel Graphics]
00:0a.0 Signal processing controller: Intel Corporation Platform Monitoring Technology (rev 01)
00:14.0 USB controller: Intel Corporation Alder Lake-N PCH USB 3.2 xHCI Host Controller
00:14.2 RAM memory: Intel Corporation Alder Lake-N PCH Shared SRAM
00:15.0 Serial bus controller: Intel Corporation Device 54e8
00:16.0 Communication controller: Intel Corporation Alder Lake-N PCH HECI Controller
00:17.0 SATA controller: Intel Corporation Alder Lake-N SATA AHCI Controller
00:1a.0 SD Host controller: Intel Corporation Device 54c4
00:1d.0 PCI bridge: Intel Corporation Alder Lake-N PCI Express Root Port
00:1d.2 PCI bridge: Intel Corporation Alder Lake-N PCI Express Root Port
00:1f.0 ISA bridge: Intel Corporation Alder Lake-N PCH eSPI Controller
00:1f.3 Audio device: Intel Corporation Alder Lake-N PCH High Definition Audio Controller
00:1f.4 SMBus: Intel Corporation Alder Lake-N SMBus
00:1f.5 Serial bus controller: Intel Corporation Alder Lake-N SPI (flash) Controller
01:00.0 Non-Volatile memory controller: Lenovo LENSE20512GMSP34MEAT2TA
02:00.0 Ethernet controller: Intel Corporation Ethernet Controller I226-V (rev 04)

All I really miss is an USB-C port since I have some USB-C NVMe enclosures and NVMe disks lying around.

# Installing Proxmox

Nothing interesting here, boot from USB, a standard install works out of the box.

Proxmox

# Temperature?

Since I changed the thermal paste and removed the obstructing wifi antenna I can’t say anything about stock temperatures, but the CPU is about 50°C and the NVMe drive is up to 70°C when running the VMs mentioned above (excluding the sandbox, of course).

Full sensors output for the curious 
coretemp-isa-0000
Adapter: ISA adapter
Package id 0:  +49.0°C  (high = +105.0°C, crit = +105.0°C)
Core 0:        +49.0°C  (high = +105.0°C, crit = +105.0°C)
Core 1:        +49.0°C  (high = +105.0°C, crit = +105.0°C)
Core 2:        +49.0°C  (high = +105.0°C, crit = +105.0°C)
Core 3:        +49.0°C  (high = +105.0°C, crit = +105.0°C)

acpitz-acpi-0
Adapter: ACPI interface
temp1:        +27.8°C  

nvme-pci-0100
Adapter: PCI adapter
Composite:    +55.9°C  (low  = +109.8°C, high = +109.8°C)
Sensor 1:     +70.8°C  (low  = +109.8°C, high = +109.8°C)
Sensor 2:     +55.9°C  (low  = +109.8°C, high = +109.8°C)
Sensor 3:     +50.9°C  (low  = +109.8°C, high = +109.8°C)

Since the NVMe runs hot, I’ve ordered a heatsink for $2.99 from AliExpress. Will update this post with results once it arrives. I guess one could also remove the lid of the NucBox to further lower the temperature, if necessary.
On Etsy (and probably eBay/Marketplace/AliExpress etc), People are already selling 3D printed custom tops with fan support for GMKtec boxes, however I have no idea if it’ll fit in my 1HE shelves though. Who knows? Maybe I’ll need one and will then have to write a blog post about how to modify my shelves.

# Storage?

As of now, the drives I have will work, however it’d be fun to build a NAS from a NucBox, I assume it might work with external USB drives since it’s USB 3.2.

# Connectivity?

To connect these devices, I of course needed a Chinese Switch as well - so I ordered nothing less than LIANGUO 2.5GbE Managed Switch 5 Port 2500M Network 10G SFP+Slot […]. Multiple reviews say this is just a re-branded (or well, not branded) TP-Link switch. They’re also sold under other names such as Horaco, BAISULI and SODOLA.

Scrolling down on the listing, I get even more confused as to what brand this particular switch is sold as:

Specification Value
Brand Name NoEnName_Null
Brand LIANGUO

# SWITCH

Logging on is easy, there’s a sticker on the bottom with the default credentials (You probably know them already and don’t need to take a look at the sticker, but in case you lost your sticker, it’s admin:admin). Once logged on, we are presented with a very early 2000s GUI. But hey, I’m used to the web interface of MikroTik’s RouterOS, this isn’t much worse.

The location where there should be a TP-link logo is instead occupied by the text “SWITCH” in uppercase.

## VLANs?

Anyway, I bought this managed SWITCH to segment some traffic via VLANs, and that’s what I’m here for. Let’s head over to Configuration > VLAN > “802.1Q VLAN”.

The VLAN configuration is, as expected, very simple. We enter the VLAN (ID), VLAN Name, and select which ports are Untagged, Tagged or Not Memeber.

Anyway, I think it’s time for a little heads up:

⚠️ Warning: Once added, there is no way (that I found, on my unit) to delete a VLAN. Once you click "Delete", SWITCH will just throw a cryptic error message in your face. This does, as you can probably guess, not result in the selected VLAN/s being deleted, but instead add frustration and headache.  

Anyway, after cursing for some time and heading towards the factory reset (Tools > Reset in SWITCH’s menu), I figured I’d just try the “Reboot” option instead, maybe SWITCH is just tired and will work better after it’s rebooted?

Turns out, if you don’t click “SAVE” before you reboot (or lose power!), all your custom configuration is wiped. Nice!(?)

## ftdft?

I noticed an interesting comment on one of the Aliexpress listings:

There is extra menu on /ftdft.cgi

Huh?
All the fields are writable. I don’t dare editing anything, though.

## Speed?

Does it deliver the promised 2.5Gbit?
Well, I’d actually say it does. Atleast during some quick testing with iPerf3.

iperf3 from a VM on one host to a VM on another host connected via SWITCH 
pve01-vm01:~# iperf3 -c 10.10.10.16
Connecting to host 10.10.10.16, port 5201
[  5] local 10.10.10.15 port 54866 connected to 10.10.10.16 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   283 MBytes  2.37 Gbits/sec    0   4.15 MBytes       
[  5]   1.00-2.00   sec   280 MBytes  2.35 Gbits/sec    0   4.15 MBytes       
[  5]   2.00-3.00   sec   281 MBytes  2.35 Gbits/sec    0   4.15 MBytes       
[  5]   3.00-4.00   sec   281 MBytes  2.36 Gbits/sec    0   4.15 MBytes       
[  5]   4.00-5.00   sec   281 MBytes  2.36 Gbits/sec    0   4.15 MBytes       
[  5]   5.00-6.00   sec   280 MBytes  2.35 Gbits/sec    0   4.15 MBytes       
[  5]   6.00-7.00   sec   281 MBytes  2.36 Gbits/sec    0   4.15 MBytes       
[  5]   7.00-8.00   sec   281 MBytes  2.36 Gbits/sec    0   4.15 MBytes       
[  5]   8.00-9.00   sec   280 MBytes  2.35 Gbits/sec    0   4.15 MBytes       
[  5]   9.00-10.00  sec   280 MBytes  2.35 Gbits/sec    0   4.15 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  2.74 GBytes  2.36 Gbits/sec    0             sender
[  5]   0.00-10.00  sec  2.74 GBytes  2.35 Gbits/sec                  receiver

# Going forward?

Since everything seems to work and patience isn’t my best friend, I’ve already ordered 2 more NUCs.

# Update 11 Jun 2025

This cluster has been running flawlessly for the last 143 days and I have nothing negative to say about these NUCs (nor do I have anything bad to say about SWITCH).
I was tidying up my rack so I lost my uptime, but hey, having a 3 node cluster with 96 GB RAM and 12 CPU cores that’s both and ultra-silent, impressive!

## Power?

I was thinking about getting some kind of battery backup, but that’s a future project.

For now, I enabled Wake-on-LAN in the BIOS as well as auto power-on once AC is (re)connected in case there’s a power loss.
I automate sending a WOL packet from my MikroTik router (System > Scripts), I have one script per NUC. These are then scheduled to run as often as one would want them to.

:local targetIP "IP.AD.RE.SS"
:local targetMAC "DE:AD:BE:EF:76:76"
:local nodename "pve01";
:local int "ether2";
:local replyCount [/ping $targetIP count=2 interval=1];

:if ($replyCount = 0) do={
    :log warning ("UH OH, " . $nodename . "IS DOWN! Sending WOL to " . $targetMAC);
    /tool wol interface=$int mac=$targetMAC;
} else={
    :log info ($nodename . " is UP, Yay!");
}