@johnpoz Answering your questions:
Most access switches carry a similar amount of traffic.
But I'm curious: are there any switches, even one, that handle the least amount of traffic?
The behavior is consistent across all of them: disconnecting any switch (regardless of which one) immediately stabilizes CPU usage and latency.
How many cameras are we talking about? Even 4K cameras don't typically produce much bandwidth. You should usually only see something like 10 Mbps per camera. That's what I see with my 4K cameras.
We have an average of 7,000 cameras.
So, does the pfSense interface handle all the interVLAN traffic, or do you have multiple uplinks from your core switch?
Two interfaces (link aggregated) from pfSense going to the core switch.
Do you have ports available on your pfSense and core switch that you could use multiple uplinks to put the heavy interVLAN traffic on different physical interfaces?
Pfsense still has available interfaces that we can use but it doesn't make sense to use other ports when it still uses the same resource
Fully understanding the amount of intervlan traffic and between which vlans would be helpful in figuring out best solution or identifying an issue
Inter-VLAN traffic is fairly high and fairly constant.
The main flows are:
PCs VLAN → Cameras VLAN (live view and playback)
General client traffic between user VLANs and shared services
There isn’t a single VLAN pair that spikes independently; rather, the combined inter-VLAN traffic across multiple VLANs seems to drive the load.
All VLAN gateways currently reside on pfSense, so all inter-VLAN traffic is routed through it.
How many clients are we talking total? What filtering are you doing between vlans - possible to maybe put the top talkers between each other on the same vlan.. For example cameras to nvr, that more than likely could be the same vlan - so none of that camera traffic flows across pfsense at all. Other then someone watching a stream off the nvr, etc.
We're talking about approximately 90 clients, those who view the 7,000 cameras on display.
All of these users are on a primary VLAN, VLAN210DATA.
I just had an intermittent issue; the ping to the gateway dropped and then went back up, and the firewall's CPU usage also increased.
[image: 1768731504026-a0cd2f5b-7195-4693-9f1d-4a7ef13d6a09-image.png]
[image: 1768731560621-1c90b69a-b976-4fce-b79d-b6f54119425f-image.png]
[image: 1768731583675-2b99d821-09ef-4ee1-ac73-3b09cbc13569-image.png]
Any help or suggestions would be greatly appreciated.
Thank you in advance.
