Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps
-
Not really sure why you are going for 3 x 10G as your connection out to the internet will never hit 10G.
Wouldn't you be better creating VLANS on the 3850 ( guessing thats where the 10G port connects ) and moving as much of the other stuff over to that switch and associated VLANS & firewall rules on the router.
The other advantage of this would be that you could have multiple SSIDS on the AP's if they support VLANS.
I'd buy another 3850 and stack them if you need more ports or interlink the 2960.
-
I don't have specific meaning with 3x10G, 10G LAN is only for data transfert from workstation to NAS server only... nothing related with Internet.
Create VLAN ID to reduce number of interface is not important, i prefer make 2x VLAN with tagged port without VLAN trunk.
The most important think is to have isolated LAN physicaly if possible ;)Any hardware suggestion/recommandation about this setup ?
Many thanks.
-
I'm not a hardware guy.
It will be way cheaper doing it how I suggested :)
How many devices are on each of the wired subnets?
-
@Elrick75 said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
The most important think is to have isolated LAN physicaly if possible ;)
You can do that with VLANS, don't create a SVI on the 3850.
-
@NogBadTheBad Around 6 to 10 devices on each LAN.
-
Seriously go VLANS and connect everything to the 3850 if you have enough ports, it won't cost you anything.
What speed is the NIC on the NAS?
If you don't create the SVI on the switch pfSense will do the isolation.
Have a look at how I do it, you'd just have a 10 uplink to pfSense.
https://forum.netgate.com/topic/132431/simple-vlan-for-pfsense-unifi-ap-ac-lr
-
All PC and NAS use 10G NIC interface.
i prefer use at least two switch, separate flows on each link is more secure i figure and optimize traffic issue between VLAN.
Other reason is that i plan in a near futur to replace curent C3850 to 12XS-S (full 10G fiber switch), and C2960XR to C3850. -
@Elrick75 said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
All PC and NAS use 10G NIC interface.
i prefer use at least two switch, separate flows on each link is more secure i figure and optimize traffic issue between VLAN.
Other reason is that i plan in a near futur to replace curent C3850 to 12XS-S (full 10G fiber switch), and C2960XR to C3850.Ah :)
-
uP !
-
Supermicro X11SDV-4C-TP8F motherboard.
But the switch will be able to hardware route at wire speed (10G) between VLAN SVIs. You can add ACLs to limit intra-VLAN traffic.
-
@LeeR said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
Supermicro X11SDV-4C-TP8F
Does all NIC interface has been supported by pfSense as well ?
What CPU do you suggest with it ?Many thanks for your feedback.
-
Did you even look? The CPU is embedded... If you need more cores look at the X11SDV-8C-TP8F model. The Supermicro spec sheet lists the NIC chipsets which you can verify are supported (they are).
-
I hate to burst your bubble, but you technically don't need 10Gbps links on your firewall, unless in the near future you will be able to get greater than 1Gbps internet connection speeds. Nothing on your 172.16.1/24 and 10.0.1/24 networks will be able to speak at 10Gbps speeds, so therefore you don't need to route thru pfsense anything connected at that speed.
Understand what I'm saying? If your only 10G capable devices are desktop PCs and your NAS box, which I'm assuming are all on the same subnet and switch in your illustration, you don't need ANY 10G connections on your firewall.
Jeff
-
@akuma1x said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
rst your bubble, but you technically don't need 10Gbps links on your firewall, unless in the near future you will be able to get greater than 1Gbps internet connection speeds. Nothing on your 172.16.1/24 and 10.0.1/24 networks will be able to speak at 10Gbps speeds, so therefore you don't need to route thru pfsense anything connected at that speed.
Understand what I'm saying? If your only 10G capable devices are desktop PCs and your NAS box, which I'm assuming are all on the same subnet and switch in your illustration, you don't need ANY 10G connections on your firewall.
JeffYes it's right, my ISP connection is at 1G, not 10G.
Even if my WAN connexion is 1G, what is the best Motherboard/CPU to handle easyly these connexion bandwidth ? -
@LeeR said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
X11SDV-8C-TP8F
What is the best Motherboard/CPU to take into account this bandwidth and wait to see coming ?
-
Elrick, ever used google? I recommend you copy that part number and paste it into a google search. Then reach the specification sheet.
-
@LeeR I didn't notice that this motherboard include CPU !!
D-2146NT has 80w TDP... do you think that it can be possible to have low energy consumming CPU to reach the goal ? -
You should look for an ATOM based processor then. Here's an example Supermicro kit: https://www.supermicro.com/products/system/Mini-ITX/SYS-E300-9A.cfm
-
@LeeR I'm not sure does it can handle 1Gb traffic.
I have a Dell R230 with Xeon E3-1260lv5, do you think that it can do the job ? It's 1U form. -
That would be plenty of CPU. Should not have an issue routing between LAN interfaces or pushing Gigabit through the NAT.
