when is Layer3 necessary?
-
@netblues said in when is Layer3 necessary?:
@bluesun You need l3 in all those scenarios
Is the layer3 functionality of PFsense and the virtual networking not enough? I want to establish whether I need different hardware.
In rare cases where l2 wan (also known as metro ethernet) is available, it could be used, but then you shouldn't be asking, if that is the case, since it would be a carrier based managed solution.
No metro ether. Just lit fiber.
-
@bluesun pfsense is more than enough for the requested scenario. You need a L3 solution in any case.
-
@netblues said in when is Layer3 necessary?:
@bluesun pfsense is more than enough for the requested scenario. You need a L3 solution in any case.
thanx.
So PFsense will create the l3 routing as necessary, right?
If I were to install PFsense on a Dell R330 server with 8x 1Gb network ports 4core CPU and 8GB RAM, I would still be able to achieve the layer3 throughput I would need?
-
@bluesun You need just two network interfaces at hq.
And 200Mbit fiber is something easily managed by entry level modern hardware. -
@netblues said in when is Layer3 necessary?:
@bluesun You need just two network interfaces at hq.
And 200Mbit fiber is something easily managed by entry level modern hardware.Thank you.
-
Functionally, a layer 3 switch and a router are equivalent. They are both used to route between networks. A layer 2 switch only forwards within a network.
-
Anytime you have more that one subnet you need something operating at layer 3. But here that thing is pfSense.
You don't need a later 3 switch.
Steve
-
@stephenw10 said in when is Layer3 necessary?:
Anytime you have more that one subnet you need something operating at layer 3. But here that thing is pfSense.
You don't need a later 3 switch.
Steve
Thanx guys.
So essentially PFsense creates a Layer3 network.
What about higher up in the stack? Layer7 or Layer8? i.e. is it possible to monitor / firewall user level traffic? I have seen this on some commercial firewalls like Cyberoam
-
@bluesun PfSense is also a commercial firewall if you wish, and a very good at what it does too.
Apart from that, typical functionality is covered by most firewall products.
One needs to be far more specific to the problem at hand in order to select one vendor versus the other. -
The filter used by pfSense, pf(4), is a layer 3-4 only component. There are some higher layer functions available via Snort but there is currently no per user filtering beyond something like Captive portal or Squid.
Steve
