My Project: 16xWAN as VLAN or 16x PCIe LAN NIC- What to use?

HAL_9000

Hey Friends, for the first Time, i talk to the international Community. Greets from the cold Berlin.

Since in Berlin, is almost no Fiber availability in the City i am using MultiWan connections in a Building.
Now i want to combine 15WANs to a Single in a redundant scenario.

Since i didn't  found any Hardware based Device that is so flexible enough to do this Kind of Magic. Its the best Job for PF Sense i think  8)

Principal Question: What is the better Way to get the WANs in the NAT?
Connecting the PF-Sense Server to a Managed Switch trough LWL by using VLANs or is the Throughput much better when using the direct Servers own NICs (4x  PCIe Intel Gigabit 4xNIC) =16x Gigabit NIC)

I also want to use Cashing and some other Toys like Asterisk.

I plan for a Throughput of 3,5-6Gbit/s.

Thanks a lot upfront to the Community… Awesome Job!!!!

stephenw10

Hi HAL,
To get that sort of throughput you will need some serious hardware. Fast Xeon.

I would definitely use VLANs rather than 16 NICs. Of course you will need a 10GbE NIC to connect to the switch to carry the trunk.

pfSense can load balance those connections or run failover groups between them but there are some restrictions. If they are provided via DHCP or static IPs they need to use a different gateway address on each WAN. If they are all from the same ISP that might be a problem.  PPP connections should be OK.
You should be aware also that it will not appear as a single large connection. You would need to have at least 15 connections open to use all the WANs. Not a problem if you have a large number of clients behind it.

Steve

tirsojrp

Since you are going to use that many wan connections you should avoid other toys.

As  stephenw10 said, there are some limitations.

Each WAN should be configured with a different gateway.

Ex:

WAN1 > use 10.0.1.1
WAN2 > use 10.0.2.1
WAN3 > use 10.0.3.1

HAL_9000

Thanks for the Info.
Here is the Plan:
Use an IBM 3650 with 2 Xeons and planty of RAM (16-32GB) for Caching.
Add 1x INTEL DUAL 10GbE NIC to Connect to the Switch
Add 4x INTEL QUAD GIGABIT LAN NIC to Connect to Multiple Cable Modems (Of Course as seperate Gateways)
Add 2x 256GB SSD as Redundant RAID to run SNMP Monitoring Tool on it.

USAGE:
It will be around 200 Main Clients (Laptops), 200 Secondary Clients (Phones).
IP Based LoadBalacing will be fine for most reasons. Maybe combining 3 Wans (Session Based Load Balancing) for an dedicaded vLAN will be needed in the future.
A Spam and AdBlocker would be nice.
Question:
I would like to use Hardware NICs because its just less Work for the Initial setup. I like to keep the Switches, as dumm as possible and stress them as low as possible.
BTW: Switches are Ubiquiti EdgeSwitch 48Port

Why better use the Switch as WAN extension insted of Hardware NICs?

tirsojrp

I would try with vlans, that switch should have no problems handling them.

HAL_9000

Thanks for the answer, i want to learn about PF-Sense and i need to know why to prefer VLAN over NICs?!

Derelict

That is a general networking question and not really pfSense-specific.

In your case I would probably consider a LACP LAGG of 2 x 10G ports and tagging all the WANs on VLANs over that to your switch with each WAN on an untagged VLAN for each.

HAL_9000

Thanks, i will read into it.  8)

Taiidan

For the record silicom makes 6 port network interfaces that you can pick up cheap on ebay - you would only need three pci-e slots and it would be cheaper and more secure than a switch (for starters by using a switch you risk exposing its management interface to the outside world)

http://www.silicom-usa.com/cats/server-adapters/networking-adapters/gigabit-ethernet-networking-server-adapters/

Guest

FTTH/FTTC/FTTB in Germany, Berlin

There are not many but some ISPs that are offering FTTH up to 1.000 MBit/s without Entertain TV
for sure because it is a commercial and not a private offer. So please have a look under the link
above and get better involved or informed in that offerings. Vodaphone is also offering FTTH(C)
Internet connections to private and commercial clients.

I would be at first say I would try out to get even a Internet connection that is offering a static
public IP address this will be more interesting and urgent then other things.

And then if that will be going right, you should be sure about the switch in front of your
pfSense firewall should be powerful enough to handle that connections with ease, so SMB
(KMU) switches will be not really nice to play with that number of connections and the entire
throughput.

Since in Berlin, is almost no Fiber availability in the City i am using MultiWan connections in a Building. Now i want to combine 15WANs to a Single in a redundant scenario.

So if you will get 15 x 200 MBit/s you will not get out of that construct 3 GBit/s as you
imagine it! You will get out of that construct 15 x 200 MBit/s. This should be clear first.
This will be only able if the IPS(s) are offering MLPPP (MPLS) services and then, but only
then you would be able to get the real 15 x 200 MBit/s = 3 GBit/s single pipe.

Since i didn't  found any Hardware based Device that is so flexible enough to do this Kind
of Magic. Its the best Job for PF Sense i think  8)

One or two Intel Xeon E5 CPUs @3,0GHz would be a really nice gain to handle and address
all that stuff, 32 GB RAM might be also a nice idea but it also depends mostly of your config.

Principal Question: What is the better Way to get the WANs in the NAT?
Connecting the PF-Sense Server to a Managed Switch trough LWL by using VLANs or is the Throughput much better when using the direct Servers own NICs (4x  PCIe Intel Gigabit 4xNIC)
=16x Gigabit NIC)

It often depends on your budget, and yes there are some interesting card alternatives out there
that could be used in that case such yours. HotLava systems

The Switch in front of that pfSense firewall should be a powerful one that is Layer2
based and fast. And it should be the 300 Euro - 600 Euro class that are more usual
in SMB (KMU) something more like the higher pricing class;

• Netgear M5300
• Netgear M7100
• Netgear M7300

I also want to use Cashing and some other Toys like Asterisk.

Asterisk can be running on his own Appliance in the DMZ. Moby Dick is selling his
own Hardware with pre-installed Asterisk und Digium are selling ISDN, Fax and VOIP
cards that are really nice.