SG-2440 vs SG-4860 for this home setup?
-
Man, I really just want the 4860 CPU with only 4-ports.
No in real you want likes us all, the fan less SG-8860 for only the price of the 2440! ;)
Single core usage on PPPoE will be not being for ever! They are working on it, this is one
thing they will ba able to make all customers and users be happy for sure!To route 1 GBit/s at the WAN interface it will be need a 2GHz CPU and server grade hardware.
This is written on the pfSense website and these are the minimum requirements.
pfSense hardware & system requirements -
@BlueKobold:
To route 1 GBit/s at the WAN interface it will be need a 2GHz CPU and server grade hardware.
This is written on the pfSense website and these are the minimum requirements.
pfSense hardware & system requirementsI've seen that, but it doesn't tell me whether I can route 1Gbits internally between VLANs with less CPU. My instinct is no, but maybe that number you quoted includes overhead for NAT?
-
For routing VLANs internally with wire speed you might be getting a Layer3 switch likes the and let them
do that job with more ease.- Cisco SG300 series
- D-Link DGS1510 series
-
@BlueKobold:
For routing VLANs internally with wire speed you might be getting a Layer3 switch likes the and let them
do that job with more ease.- Cisco SG300 series
- D-Link DGS1510 series
Oh, that works? I will have a VLAN capable switch in place. I'm a newbie to VLANs. I assumed each VLAN had to be on its own subnet, so for my desktop on VLAN2 to reach a box on VLAN3 each would have to talk to their default gateway (the pfsense router).
-
Oh, that works? I will have a VLAN capable switch in place. I'm a newbie to VLANs.
There are two different sorts of switches. The Layer2 ones are not routing between the VLANs itself
and the router or firewall must that job. And then there are Layer3 switches and they can route the
entire network traffic from each VLAN to the other ones by its self without needing the router or firewall.I assumed each VLAN had to be on its own subnet, so for my desktop on VLAN2 to reach a box on VLAN3 each would have to talk to their default gateway (the pfsense router).
Using a Layer3 switch likes the Cisco SG300-10 or SG300-08 each VLAN will have their own IP broadcast net
and the gateway will be inside of their own IP range. And the switch it self is then routing the traffic between
all of the VLANs. And usually this switches today are ready to route the entire traffic between the VLANs with
wire speed and the firewall will have then more power for other things to do. -
Thanks so much for the detailed explanation! I may need to return and order a different switch. Glad I understand this now.
-
Thanks so much for the detailed explanation! I may need to return and order a different switch. Glad I understand this now.
You might consider that by using a Layer 3 switch you'll be moving your inter-VLAN firewalling to the switch. This is fine, but adds an extra layer of complexity. Another solution that gets around having to route very high throughput workloads through the pfsense box is using multiple network interfaces. Let's say you have a NAS that is serving iSCSI to a machine in VLAN2 and CIFS to a machine in VLAN3. How to prevent this traffic from having to traverse the firewall is to have the NAS have interfaces in both VLANs. Then your traffic never has to traverse the firewall. I work in a medium size business that uses pfsense as both edge and core routers and this is how we get around bottlenecking our routers with workloads that require wirespeed. And best of all, it keeps all the rules in the same place. And rembember, you don't need physical network interfaces to do this. That's what VLANs are for. And NIC teaming (LAGG) helps tremendously in this scenario (EDIT: if you do it on the NAS).
-
You might consider that by using a Layer 3 switch you'll be moving your inter-VLAN firewalling to the switch. This is fine, but adds an extra layer of complexity.
I prefer to have the local network fully configured on a layer 3 switch with inter-VLAN routing, ACL and DHCP server. Makes it easy to change front-door router/firewall. Besides the router/firewall has more capacity doing WAN and firewall duties.
I currently use a Linksys LRT224 as router/firewall, but I´m considering to replace the LRT224 with a pfSense firewall.
 -
I prefer to have the local network fully configured on a layer 3 switch with inter-VLAN routing, ACL and DHCP server
Thats like I am using that Layer3 switch also! I love to have full LAN connectivity setting up new things
at the firewall.Makes it easy to change front-door router/firewall. Besides the router/firewall has more capacity doing WAN and firewall duties.
There are mostly two camps that are want it in another direction, one is performing the firewall rules at the entire
LAN and the VLANs and the other loves it to be more free from that firewall rules and works with ACLs.I currently use a Linksys LRT224 as router/firewall, but I´m considering to replace the LRT224 with a pfSense firewall.
Actual there are cool devices on the market from lower end till the higher top, to run pfSense on it.
For your wireless LAN you could get also a benefit through the Captive Portal for guests and the
radius server for your won devices to secure that better then now.- APU2C4
- Jetway N2930
- Supermicro C2x58 (Rangeley)
- SG-xxx units from Netgate or the pfSense store
-
Actual there are cool devices on the market from lower end till the higher top, to run pfSense on it.
For your wireless LAN you could get also a benefit through the Captive Portal for guests and the
radius server for your won devices to secure that better then now.- APU2C4
- Jetway N2930
- Supermicro C2x58 (Rangeley)
- SG-xxx units from Netgate or the pfSense store
- Supermicro Xeon D-15x8 (Broadwell-DE) ;D
Ole
-
- Supermicro Xeon D-15x8 (Broadwell-DE)
Yep its an really amazing platform, it would be a really pfSense bomb.