PfSense is not a switch?
-
A user here on the forum has made this statement >pfSense is not a switch< and i am not knowledgeable enough to know why so here it goes. Why is pfSense not a switch? Does it have to do with the OSI Layer it uses? For example if I bridge 4 ethernet interfaces what is the layer it uses? I assume it is not fast or why is it bad? What is doing the packet handling in a bridge?
I have no network training so please bear with me.
-
I am familiar with custom ASIC's that big switches use. I understand pfSense would be trying to do the same thing in software. Is that the big issue. Custom network processors versus general purpose cpu's???
-
Even the most shitty dumb switch out there does the job more efficiently (read ~wire speed) with a fraction of horsepower and money used. Really a badly performing waste of HW and resources. If you really have no use for those ports, feel free. (Don't forget the proper tunables or it really won't be anything like switch and you'll end up pulling your hair with things misbehaving.)
-
If you bridged 4 ports together you would have a "HUB".. Since all packets seen on 1 port would go out all the other ports.. This is how a bridge works..
Unlike dok what I would suggest you do if you have ports on pfsense that your not using for network segments - then don't use them ;) Or lagg them if you want.. If you have need of ports for clients to be on a network segment. Get a switch they can be had for as little as $10 these days for 5 port 10/100 dumb one.. Or for under 20 you can get a gig switch..
Shoot here is 155 reviews 5 eggs over at newegg 5 port 10/100/1000 for $15 why would you want to use a nic on our "router"
http://www.newegg.com/Product/Product.aspx?Item=N82E16833704042
TP-LINK TL-SG1005D 10/100/1000Mbps Unmanaged 5-Port Gigabit Desktop Switch, Power-Saving -
If you bridged 4 ports together you would have a "HUB".. Since all packets seen on 1 port would go out all the other ports.. This is how a bridge works..
Not true with our bridges, they learn MACs the same as a switch and send traffic accordingly just like a switch.
The "use an actual switch" mentality is largely for performance reasons. People tend to show up wanting to use some Pentium III they pulled from a dumpster with a handful of crap Realtek NICs shoved in it then wonder why they can't push a gigabit of traffic between internal hosts. Firewalls aren't switches. In some limited circumstances, where you don't care about performance between internal hosts much, and require filtering between every internal host, it's a fine idea. People just tend to expect it to work the same way as the switch built into their consumer router, and it's not the same at all. Huge diff between multiple NICs in a firewall or router and a switch.