PFsense as L3 Router
-
Looking to replace our aging HP 5406 switch with something more updated. We currently use Unifi access points in some of our schools so started our search for a new core switch with Ubiquiti. Below is a picture of our concept idea on how to setup our core switch. We are aware that the Unifi line doesn't do L3 switching, so we will be passing that off to a PFsense box that will handle all VLAN routing. The school has about 1200 devices on any given day. Just wanted to get peoples advice on this config and if PFsense could handle all the VLAN routing. We would be building a PFsense box on an Intel Xeon server with 32gb RAM and raided SSDs
-
Doesn't matter how many devices are on the network (aside from addressing concerns).
What matters is what they are doing, throughput, packets per second, etc.
-
someone will answer your question but in the meantime you should know that
I will not be able to sleep peacefully tonight without knowing where IDF-C is
-
@Derelict all devices are chromebooks doing web browsing and some video streaming from youtube Netflix etc.
-
@kiokoman IDF C is actually the MDF.
-
@echellis That doesn't really give any indication. Any Xeon should be fine though. Use good (Intel) NICs.
-
Are you purely routing? No firewall, no NAT?
If you can disable pf and route only then you will close to 10Gb I would think, if that's what you're asking here.
Steve
-
@stephenw10 It would be doing routing, firewall, and nat
-
@echellis said in PFsense as L3 Router:
We currently use Unifi access points
Just curious... how many Unifi access points are you using? Are those 48 port POE switches with the blue lines in your diagram? If I do the math, that's almost 300 access points.
Also, what's the Aruba Controller doing?
Jeff
-
Then you would want something fast/very fast to get close to 10G throughput.
Steve
-
@echellis said in PFsense as L3 Router:
all devices are chromebooks doing web browsing and some video streaming from youtube Netflix etc.
Do you have 10G internet? If not then don't sweat it. The Xeon will be fine.
But, personally, if it were me and if you do not require any filtering between the devices I would get a Layer 3 switch (or a pair of layer 3 switches) and use them to go to the IDFs. Run a transit network up to the firewall HA pair and out to the internet from there.
-
@Derelict No we only have a 1gb internet connection
-
@akuma1x the PoE switches are serving Aruba WAPS as well as VoIP phones and cameras. The switches will not be maxed out maybe 20% utilized for each one.