1541 HA throughput and port configuration problem
-
Hello there,
I am studying the hardware upgrade for one of my clients who works in video surveillance and connects their network to their clients' networks via IPSEC to access camera video streams. They have 2 fibers capable of providing speeds higher than 1 Gbps, so I need to connect them to 10G ports. I also need to connect the internal switches at 10G, totaling 4 ports.
The current configuration is on the verge of saturation, and they are consuming about 400 Mbps in IPSEC VPN. I would like to propose a solution based on the 1541 HA model.
- On the 1541 model page, the advertised speeds in IPSEC VPN IMIX (1.77 Gbps) seem to be achieved with the CPIC-8955 accelerator card. What are the speeds obtained without the card (as I believe I won't be able to have 4 ports 10G and the card simultaneously)?
- Do you have a solution for connecting both 4 ports 10G and the accelerator card simultaneously?
Thanks in advance. -
Yes, there is only one available slot in the 1541 so you cannot use the CPIC card with an expansion NIC.
However the measured IMIX IPSec performance without it is not that much lower, ~1.5Gbps. The inclusion of IIMB in recent versions helps. You're more likely to be restricted by the link than the encryption rate
Steve
-
Thanks @stephenw10 for your reply.
I thought of another solution: what about using one 10G port for WAN and the other one for LAN? Behind the WAN port, I could plug in a 10G switch that handles the 2 fibers with VLANs.
I'll have to share the 10G port bandwidth between the 2 fibers, of course. But 1/ is it possible to configure pfSense for this solution? And 2/ my client has a pool of public IPv4 IPs, 6 for the first fiber (subnet mask of 29 bits) and 14 for the second one (subnet mask of 28 bits). There are 20 IPv4 IPs to configure inside pfSense; is it possible too?
-
Yes, you can do that. The WANs are 1G so having those as VLANs on a 10G port isn't really an issue.
-
@stephenw10 said in 1541 HA throughput and port configuration problem:
The WANs are 1G
What do you mean ? I'm not sure to understand...
-
@Rod21 said in 1541 HA throughput and port configuration problem:
They have 2 fibers capable of providing speeds higher than 1 Gbps,
My mistake, I misread that. How fast are the WANs? If it's less than, say, 3Gbps it should be fine.
-
@stephenw10 said in 1541 HA throughput and port configuration problem:
If it's less than, say, 3Gbps it should be fine
3Gbps for each fiber, so 6Gbps ? It provides a good margin from now I think. Currently, each fiber is at 800Mbps.
