Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps
-
I'm not a hardware guy.
It will be way cheaper doing it how I suggested :)
How many devices are on each of the wired subnets?
-
@Elrick75 said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
The most important think is to have isolated LAN physicaly if possible ;)
You can do that with VLANS, don't create a SVI on the 3850.
-
@NogBadTheBad Around 6 to 10 devices on each LAN.
-
Seriously go VLANS and connect everything to the 3850 if you have enough ports, it won't cost you anything.
What speed is the NIC on the NAS?
If you don't create the SVI on the switch pfSense will do the isolation.
Have a look at how I do it, you'd just have a 10 uplink to pfSense.
https://forum.netgate.com/topic/132431/simple-vlan-for-pfsense-unifi-ap-ac-lr
-
All PC and NAS use 10G NIC interface.
i prefer use at least two switch, separate flows on each link is more secure i figure and optimize traffic issue between VLAN.
Other reason is that i plan in a near futur to replace curent C3850 to 12XS-S (full 10G fiber switch), and C2960XR to C3850. -
@Elrick75 said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
All PC and NAS use 10G NIC interface.
i prefer use at least two switch, separate flows on each link is more secure i figure and optimize traffic issue between VLAN.
Other reason is that i plan in a near futur to replace curent C3850 to 12XS-S (full 10G fiber switch), and C2960XR to C3850.Ah :)
-
uP !
-
Supermicro X11SDV-4C-TP8F motherboard.
But the switch will be able to hardware route at wire speed (10G) between VLAN SVIs. You can add ACLs to limit intra-VLAN traffic.
-
@LeeR said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
Supermicro X11SDV-4C-TP8F
Does all NIC interface has been supported by pfSense as well ?
What CPU do you suggest with it ?Many thanks for your feedback.
-
Did you even look? The CPU is embedded... If you need more cores look at the X11SDV-8C-TP8F model. The Supermicro spec sheet lists the NIC chipsets which you can verify are supported (they are).
-
I hate to burst your bubble, but you technically don't need 10Gbps links on your firewall, unless in the near future you will be able to get greater than 1Gbps internet connection speeds. Nothing on your 172.16.1/24 and 10.0.1/24 networks will be able to speak at 10Gbps speeds, so therefore you don't need to route thru pfsense anything connected at that speed.
Understand what I'm saying? If your only 10G capable devices are desktop PCs and your NAS box, which I'm assuming are all on the same subnet and switch in your illustration, you don't need ANY 10G connections on your firewall.
Jeff
-
@akuma1x said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
rst your bubble, but you technically don't need 10Gbps links on your firewall, unless in the near future you will be able to get greater than 1Gbps internet connection speeds. Nothing on your 172.16.1/24 and 10.0.1/24 networks will be able to speak at 10Gbps speeds, so therefore you don't need to route thru pfsense anything connected at that speed.
Understand what I'm saying? If your only 10G capable devices are desktop PCs and your NAS box, which I'm assuming are all on the same subnet and switch in your illustration, you don't need ANY 10G connections on your firewall.
JeffYes it's right, my ISP connection is at 1G, not 10G.
Even if my WAN connexion is 1G, what is the best Motherboard/CPU to handle easyly these connexion bandwidth ? -
@LeeR said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
X11SDV-8C-TP8F
What is the best Motherboard/CPU to take into account this bandwidth and wait to see coming ?
-
Elrick, ever used google? I recommend you copy that part number and paste it into a google search. Then reach the specification sheet.
-
@LeeR I didn't notice that this motherboard include CPU !!
D-2146NT has 80w TDP... do you think that it can be possible to have low energy consumming CPU to reach the goal ? -
You should look for an ATOM based processor then. Here's an example Supermicro kit: https://www.supermicro.com/products/system/Mini-ITX/SYS-E300-9A.cfm
-
@LeeR I'm not sure does it can handle 1Gb traffic.
I have a Dell R230 with Xeon E3-1260lv5, do you think that it can do the job ? It's 1U form. -
That would be plenty of CPU. Should not have an issue routing between LAN interfaces or pushing Gigabit through the NAT.
-
@Elrick75 said in Hardware recommandation to create pfSense 3U rack chassis | Multiple WAN 1Gbps | 3x LANs 10Gbps:
@LeeR I'm not sure does it can handle 1Gb traffic.
I'm pretty sure any recent Atom C3XXX series CPU can route traffic at Gigabit speeds.
Some of the higher end/spec'd Atom C2XXX processors can as well. Like the ones in the older SG-4860, the SG-8860, and the XG-2758 1U models. Those processors are at least 3-4 years old already, so I would avoid them if you can.
Jeff
-
@LeeR and @ALL
I hope, due to 1U form i just purchase Chelsio T540-CR (quad 10G PCI card), it answer to my mean to have 3x10Gb SFP+ interface (T520 will provide only two, so i will sale it)
I have 2x1G broadcom NIC interface built-in in R230 but it's not enough, i think also that this brand is not the best choice with pfSense.
It rest me one PCI slot available (low profil bracket) and i would like to purchase 4x1GbE (copper) for the wan side.NIC card Intel i350-T4 seems the only compliant possibility ???
They exist v2 model, better choice i think but i see a lots of discussion related to counterfeit product.
Some person says that some counterfeit are better, some other none... so i'm lost.
Do you have some good/true information about it ?Other possibilities :
-
can be to keep 2x1Gb internal broadcom NIC (for ADSL and 4G connexion) and take a 2x1 Gb or 1x1 Gb NIC card for my fiber connexion.
In fact, i need to be sure that the card chosen will be perfect to handle 1Gbps bandwith at max !! -
can be to keep 2x1Gb internal broadcom NIC (for ADSL and 4G connexion) and use one port from T540-CR with 10GBase-T SFP+ Transceiver module (instead of SFP+), i dunno if this card accept this kind of module ?! So i just send a mail to Chelsio about this.
If someone have compatibility information, i would interested ;)
Many thanks for your help.
EDIT : I purchased a X550-T2, it will be 2x 10GBase-T and Chelsio T540-CR, my R230 will be ready to use with Xeon E31260L v5.
For intel NIC Card, i use the YottaMark* sticker, it is an authentication label. The code on the label allows you to verify the authenticity of your Intel Ethernet Adapter.
Code is entered here > http://verify.yottamark.com
More information here > https://www.intel.com/content/www/us/en/support/articles/000007074/network-and-i-o/ethernet-products.html
I hope that X550-T2 NIC will work properly with pfSense !? -