pfSense - Trunking VLANs on LAGG vs. individual links
-
We are a small business. I am running pfSense on a decommissioned developer's PC. We have also a Cisco SG 300 L3 switch, capable of VLANs and LAGG (link aggregation).
I am going to do RoaS (router on a stick) with 3 - 4 VLANs and a firewall between them.
The PC that is being used as a router has 2 integrated NICs and 4 available PCIe slots. All links are 1Gb.
I want to avoid congestion so I am planning to buy 4 additional PCIe network cards and use either LAGG or put different VLANs directly to different NICs on the router.
Which one is better?
If I go the LAGG way, which mode is best - LACP or LOADBALLANCE?
Thanks.
-
@ptankov
If you're connecting to a Cisco switch, make a port channel group and use LACP on the pfSense side. I'd just make a trunk on the LAG, and pull off the vlans on pfSense. If you want to add another vlan later, you just configure it instead of having to connect another NIC. -
@ptankov said in pfSense - Trunking VLANs on LAGG vs. individual links:
The PC that is being used as a router has 2 integrated NICs and 4 available PCIe slots. All links are 1Gb.
You should buy intel netcards (chipsets) , or check the FreeBSD hw compatible guide.
Realtek is usually not recomended./Bingo
-
@ptankov said in pfSense - Trunking VLANs on LAGG vs. individual links:
Which one is better?
Depends - do you want control of what physical path traffic will take? When using lacp - you really have no control over if machine on vlan X talking to machine on vlan Y will actually take different physical path, or be a hairpin.
Ideally you would want to make sure your vlans that have the most traffic between each other, are always using different physical paths for their traffic - vs possible hairpin traffic over the same physical interface..
-
-
That is what I do as well, some interfaces run multiple vlans. Others have only single interface. My high volume vlans have their own uplink. Other vlans like my wireless ones share an interface. Wireless clients not going to be able to use a full gig interface anyway - not a single device for sure.. Maybe as you move to AX.. But until that time with wifi 5, not really possible for a wireless client to use full gig. So yeah they can share an interface, and rare that any wifi vlan would ever talk to another wifi vlan, etc.
This is what is nice about having multiple interfaces on your router. One of the reasons went with the 4860... Lots of discrete interfaces, gives you more options. I don't really have any use for switch ports in my router ;) That is why I have switches... heheh
Now what I would love to see, would be a netgate box that has multigig interfaces - support for 802.3bz.. Love to have interfaces that can do 10/100/1000/2.5/5/10ge
Multigig switch ports be great.. This could allow for say future connection of AX APs that support say 2.5ge uplink into the router, when you don't actually have a muligig switch, etc.
