Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My Project: 16xWAN as VLAN or 16x PCIe LAN NIC- What to use?

    Scheduled Pinned Locked Moved Hardware
    10 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HAL_9000
      last edited by

      Hey Friends, for the first Time, i talk to the international Community. Greets from the cold Berlin.

      Since in Berlin, is almost no Fiber availability in the City i am using MultiWan connections in a Building.
      Now i want to combine 15WANs to a Single in a redundant scenario.

      Since i didn't  found any Hardware based Device that is so flexible enough to do this Kind of Magic. Its the best Job for PF Sense i think  8)

      Principal Question: What is the better Way to get the WANs in the NAT?
      Connecting the PF-Sense Server to a Managed Switch trough LWL by using VLANs or is the Throughput much better when using the direct Servers own NICs (4x  PCIe Intel Gigabit 4xNIC) =16x Gigabit NIC)

      I also want to use Cashing and some other Toys like Asterisk.

      I plan for a Throughput of 3,5-6Gbit/s.

      Thanks a lot upfront to the Community… Awesome Job!!!!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hi HAL,
        To get that sort of throughput you will need some serious hardware. Fast Xeon.

        I would definitely use VLANs rather than 16 NICs. Of course you will need a 10GbE NIC to connect to the switch to carry the trunk.

        pfSense can load balance those connections or run failover groups between them but there are some restrictions. If they are provided via DHCP or static IPs they need to use a different gateway address on each WAN. If they are all from the same ISP that might be a problem.  PPP connections should be OK.
        You should be aware also that it will not appear as a single large connection. You would need to have at least 15 connections open to use all the WANs. Not a problem if you have a large number of clients behind it.

        Steve

        1 Reply Last reply Reply Quote 0
        • T
          tirsojrp
          last edited by

          Since you are going to use that many wan connections you should avoid other toys.

          As  stephenw10 said, there are some limitations.

          Each WAN should be configured with a different gateway.

          Ex:

          WAN1 > use 10.0.1.1
          WAN2 > use 10.0.2.1
          WAN3 > use 10.0.3.1

          1 Reply Last reply Reply Quote 0
          • H
            HAL_9000
            last edited by

            Thanks for the Info.
            Here is the Plan:
            Use an IBM 3650 with 2 Xeons and planty of RAM (16-32GB) for Caching.
            Add 1x INTEL DUAL 10GbE NIC to Connect to the Switch
            Add 4x INTEL QUAD GIGABIT LAN NIC to Connect to Multiple Cable Modems (Of Course as seperate Gateways)
            Add 2x 256GB SSD as Redundant RAID to run SNMP Monitoring Tool on it.

            USAGE:
            It will be around 200 Main Clients (Laptops), 200 Secondary Clients (Phones).
            IP Based LoadBalacing will be fine for most reasons. Maybe combining 3 Wans (Session Based Load Balancing) for an dedicaded vLAN will be needed in the future.
            A Spam and AdBlocker would be nice.
            Question:
            I would like to use Hardware NICs because its just less Work for the Initial setup. I like to keep the Switches, as dumm as possible and stress them as low as possible.
            BTW: Switches are Ubiquiti EdgeSwitch 48Port

            Why better use the Switch as WAN extension insted of Hardware NICs?

            1 Reply Last reply Reply Quote 0
            • T
              tirsojrp
              last edited by

              I would try with vlans, that switch should have no problems handling them.

              1 Reply Last reply Reply Quote 0
              • H
                HAL_9000
                last edited by

                Thanks for the answer, i want to learn about PF-Sense and i need to know why to prefer VLAN over NICs?!

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  That is a general networking question and not really pfSense-specific.

                  In your case I would probably consider a LACP LAGG of 2 x 10G ports and tagging all the WANs on VLANs over that to your switch with each WAN on an untagged VLAN for each.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • H
                    HAL_9000
                    last edited by

                    Thanks, i will read into it.  8)

                    1 Reply Last reply Reply Quote 0
                    • T
                      Taiidan
                      last edited by

                      For the record silicom makes 6 port network interfaces that you can pick up cheap on ebay - you would only need three pci-e slots and it would be cheaper and more secure than a switch (for starters by using a switch you risk exposing its management interface to the outside world)

                      http://www.silicom-usa.com/cats/server-adapters/networking-adapters/gigabit-ethernet-networking-server-adapters/

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        FTTH/FTTC/FTTB in Germany, Berlin

                        There are not many but some ISPs that are offering FTTH up to 1.000 MBit/s without Entertain TV
                        for sure because it is a commercial and not a private offer. So please have a look under the link
                        above and get better involved or informed in that offerings. Vodaphone is also offering FTTH(C)
                        Internet connections to private and commercial clients.

                        I would be at first say I would try out to get even a Internet connection that is offering a static
                        public IP address this will be more interesting and urgent then other things.

                        And then if that will be going right, you should be sure about the switch in front of your
                        pfSense firewall should be powerful enough to handle that connections with ease, so SMB
                        (KMU) switches will be not really nice to play with that number of connections and the entire
                        throughput.

                        Since in Berlin, is almost no Fiber availability in the City i am using MultiWan connections in a Building. Now i want to combine 15WANs to a Single in a redundant scenario.

                        So if you will get 15 x 200 MBit/s you will not get out of that construct 3 GBit/s as you
                        imagine it! You will get out of that construct 15 x 200 MBit/s. This should be clear first.
                        This will be only able if the IPS(s) are offering MLPPP (MPLS) services and then, but only
                        then you would be able to get the real 15 x 200 MBit/s = 3 GBit/s single pipe.

                        Since i didn't  found any Hardware based Device that is so flexible enough to do this Kind
                        of Magic. Its the best Job for PF Sense i think  8)

                        One or two Intel Xeon E5 CPUs @3,0GHz would be a really nice gain to handle and address
                        all that stuff, 32 GB RAM might be also a nice idea but it also depends mostly of your config.

                        Principal Question: What is the better Way to get the WANs in the NAT?
                        Connecting the PF-Sense Server to a Managed Switch trough LWL by using VLANs or is the Throughput much better when using the direct Servers own NICs (4x  PCIe Intel Gigabit 4xNIC)
                        =16x Gigabit NIC)

                        It often depends on your budget, and yes there are some interesting card alternatives out there
                        that could be used in that case such yours. HotLava systems

                        The Switch in front of that pfSense firewall should be a powerful one that is Layer2
                        based and fast. And it should be the 300 Euro - 600 Euro class that are more usual
                        in SMB (KMU) something more like the higher pricing class;

                        • Netgear M5300
                        • Netgear M7100
                        • Netgear M7300

                        I also want to use Cashing and some other Toys like Asterisk.

                        Asterisk can be running on his own Appliance in the DMZ. Moby Dick is selling his
                        own Hardware with pre-installed Asterisk und Digium are selling ISDN, Fax and VOIP
                        cards that are really nice.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.