Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense - Trunking VLANs on LAGG vs. individual links

    L2/Switching/VLANs
    vlans trunk lagg
    4
    6
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ptankov
      last edited by

      We are a small business. I am running pfSense on a decommissioned developer's PC. We have also a Cisco SG 300 L3 switch, capable of VLANs and LAGG (link aggregation).

      I am going to do RoaS (router on a stick) with 3 - 4 VLANs and a firewall between them.

      The PC that is being used as a router has 2 integrated NICs and 4 available PCIe slots. All links are 1Gb.

      I want to avoid congestion so I am planning to buy 4 additional PCIe network cards and use either LAGG or put different VLANs directly to different NICs on the router.

      Which one is better?

      If I go the LAGG way, which mode is best - LACP or LOADBALLANCE?

      Thanks.

      dotdashD bingo600B johnpozJ 3 Replies Last reply Reply Quote 0
      • dotdashD
        dotdash @ptankov
        last edited by

        @ptankov
        If you're connecting to a Cisco switch, make a port channel group and use LACP on the pfSense side. I'd just make a trunk on the LAG, and pull off the vlans on pfSense. If you want to add another vlan later, you just configure it instead of having to connect another NIC.

        1 Reply Last reply Reply Quote 1
        • bingo600B
          bingo600 @ptankov
          last edited by

          @ptankov said in pfSense - Trunking VLANs on LAGG vs. individual links:

          The PC that is being used as a router has 2 integrated NICs and 4 available PCIe slots. All links are 1Gb.

          You should buy intel netcards (chipsets) , or check the FreeBSD hw compatible guide.
          Realtek is usually not recomended.

          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 1
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @ptankov
            last edited by

            @ptankov said in pfSense - Trunking VLANs on LAGG vs. individual links:

            Which one is better?

            Depends - do you want control of what physical path traffic will take? When using lacp - you really have no control over if machine on vlan X talking to machine on vlan Y will actually take different physical path, or be a hairpin.

            Ideally you would want to make sure your vlans that have the most traffic between each other, are always using different physical paths for their traffic - vs possible hairpin traffic over the same physical interface..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 1
            • P
              ptankov
              last edited by

              Thanks @dotdash @bingo600 and @johnpoz for your responses! I finally settled on a hybrid approach:

              • one dedicated link for the office VLAN
              • the other link is shared (trunked) for the two other VLANs (backbone servers & test lab)

              So far no LAGG, but maybe in the future I will create one if needed.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @ptankov
                last edited by johnpoz

                That is what I do as well, some interfaces run multiple vlans. Others have only single interface. My high volume vlans have their own uplink. Other vlans like my wireless ones share an interface. Wireless clients not going to be able to use a full gig interface anyway - not a single device for sure.. Maybe as you move to AX.. But until that time with wifi 5, not really possible for a wireless client to use full gig. So yeah they can share an interface, and rare that any wifi vlan would ever talk to another wifi vlan, etc.

                This is what is nice about having multiple interfaces on your router. One of the reasons went with the 4860... Lots of discrete interfaces, gives you more options. I don't really have any use for switch ports in my router ;) That is why I have switches... heheh

                Now what I would love to see, would be a netgate box that has multigig interfaces - support for 802.3bz.. Love to have interfaces that can do 10/100/1000/2.5/5/10ge

                Multigig switch ports be great.. This could allow for say future connection of AX APs that support say 2.5ge uplink into the router, when you don't actually have a muligig switch, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post