Switch Vs Multi port NIC?
-
I have a small Lab build I am going to test I wanted to know if cost wasn't an option if it would be better to put in a few Multi-port NIC's or use a single NIC and a switch. waiting for parts so I haven't started the PFsense install yet but it seems to me you have more control with Multi-Port NICS then with a single interface and a switch.
I assume I could as an example Set ports 1-8 to be Intranet Only and configure 9-12 for Internet?
-
I have a small Lab build I am going to test I wanted to know if cost wasn't an option if it would be better to put in a few Multi-port NIC's or use a single NIC and a switch.
I would prefer a few multi-port NICs over the single NIC variant.
waiting for parts so I haven't started the PFsense install yet but it seems to me you have more control with Multi-Port NICS then with a single interface and a switch.
A single NIC and much VLANs would be going to deliver less throughput if the traffic scales up.
I assume I could as an example Set ports 1-8 to be Intranet Only and configure 9-12 for Internet?
8 LAN ports and 4 WAN ports would be better then a single port with much VLANs on it.
It all depends on what you want to realize, but based on your input I think you would be fine with
load balancing and a fail over set up. There are thee main options to walk this road;- policy based routing
- session based routing
- service based routing
To assign the rest of the network you will be also able to realize it in some different ways.
Plain Routing:
On each LAN port you are able to connect a dump unmanaged switch, but each LAN port holds his own
network and subnet likes 192.168.1.0/24 (255.255.255.0) on re0 or vr0 and 192.168.2.0/24 on re1 or vr1.VLANs: (pfSense is routing)
You might be also connecting on one LAN port to a Layer2 LAN switch that is then splitting the network in
more single segments and each gets his own IP address range, but pfSense is routing between them.VLANs: (LAN switch is routing)
You might be also able to connect one Layer3 or more (stacked) Switch(es) to one LAN port of the pfSense
box and then the switch(es) is/are routing between the VLANs. Would be better on really huge installations. -
I have a small Lab build I am going to test I wanted to know if cost wasn't an option if it would be better to put in a few Multi-port NIC's or use a single NIC and a switch. waiting for parts so I haven't started the PFsense install yet but it seems to me you have more control with Multi-Port NICS then with a single interface and a switch.
You do get more control. But a multi-port firewall is not a switch. There is significant overhead in packet filtering, it's rarely desirable for performance reasons to use a multi-port firewall over a switch. Where more control is more important than high performance on the LAN, then a multi-port NIC can be a good option instead of a switch.
-
Simple:
If you have one set of end points which you don't want to speak to the outside world, have them on a switch together.If you have one set of end points which you do want speaking to the outside world have them on a switch together and route them through a pfsense box on the way out.
Don't overcomplicate this