Recommend Appliance

Drolin

Looking for a recommendation and some clarification on an appropriate Netgate appliance.

I have business class fiber, currently 2Gbps (although I sometimes climb up to 2.4) symmetric, fixed IP. LAN is 10Gbps fiber. ISP Fiber can be upgraded to 5 Gbps.

Looking to understand which appliance to get:

I’ve used pfsense extensively in the past, but currently using Ubiquiti for single pane management. Router software is crap, so looking to move back to pfsense.

I do run VPN, usually OpenVPN and would like to have 1Gbps throughput minimum on that. I’m looking at the 6100 and 8200, but all the 2.5Gbps ports are labeled “LAN”, are they still assignable to WAN? I need a 2.5Gbps port to interface with the AT&T router (can’t take it out of line, but it’s in passthru).

I’m leaning toward the 8200, but is there an upgrade path for 5Gbps internet? The AT&T router will do copper up to 5Gbps, but no cage and no 10Gbps.

SteveITS

@drolin take a look at the specs in Netgate’s store. The 8200 shows for IPSec VPN:
“IMIX Traffic: 810 Mbps”
and the 6100 much less.

The rack mount models are faster. OpenVPN is also single core so take that into account.

Interface labels are irrelevant, you can assign ports however you wish.

Netgate also has TNSR which is far higher throughput on the same hardware.

Drolin

@steveits

Thanks, home user here so TSNR is not something I want to pay for on an annual basis. It's been a while since I used pfsense, so wanted to make sure port assignments were still wide open.

What about 5Gbps upgrade path? 10Gbps SFP+ is fixed to 1/10Gbps speeds, so don't really see an option with the 8200.

stephenw10

1Gbps OpenVPN is a tough requirement there. Yes, it's single threaded so per core CPU capability is what limits for most situations. Using QAT with OpenVPN-DCO can help a lot there though.

Neither 6100 or 8200 have NICs that will link at 5G so you would need something that provides it over a 10G link.

If you have a 5Gbps WAN you would probably want the 8200 to ensure you can use that bandwidth.

Steve

Drolin

@stephenw10 said in Recommend Appliance:

1Gbps OpenVPN is a tough requirement there. Yes, it's single threaded so per core CPU capability is what limits for most situations. Using QAT with OpenVPN-DCO can help a lot there though.

Neither 6100 or 8200 have NICs that will link at 5G so you would need something that provides it over a 10G link.

If you have a 5Gbps WAN you would probably want the 8200 to ensure you can use that bandwidth.

Steve

So I could get a switch with a 5Gbps copper port, and an SFP+ cage. That would end up taking one of my public IPs (not a big deal) as I don't know of any switches with that capability that aren't managed. My biggest concern would be having a managed switch exposed to the internet. I guess that means the best solution IF i want to migrate up to 5Gps ISP bandwidth would be build my own box with pfsense compatible hardware. I am capable of doing this just wanted to avoid the time/hassle/troubleshooting - I have other things to do.

rcoleman-netgate

@drolin said in Recommend Appliance:

So I could get a switch with a 5Gbps copper port, and an SFP+ cage. That would end up taking one of my public IPs (not a big deal) as I don't know of any switches with that capability that aren't managed.

Don't assign a public IP to your switch, VLAN that to your management VLAN and just pass the traffic.