New SG-3100



  • So I am looking to replace an old Soekris box that is just not handling the new 2.3.4.p1 code.

    https://store.netgate.com/SG-3100.aspx

    But I am confused by the wording of the guide a little -  https://www.netgate.com/docs/sg-3100/io-ports.html

    Today I have a WAN, LAN (172.16.20.0/24), and two other LAN Networks (DMZ) *172.20.100.0/24 & 172.20.200.0/24) configurations so four total ethernet ports –

    Can I do this with the SG-3100 or are the four Switched Ethernet ports ports just a bridged lan.

    WAN -- Comcast
    OPT1 -- DMZ-1 172/20.100.0/24
    Switch (Lan 1 -4 )  -- 172.16.20.1/24
    ??????  DMZ-2 172.20.200.0/24

    I see I might be able to dump a small netgear switch, but how do I get the second DMZ ?

    I also have two VPNs to other sites, but this box looks more than capable of handling this --

    TIA on the insight for this new hardware.

    My alternative is the SG-2440 but this 3100 is much better priced and may fit the bill.


  • LAYER 8 Global Moderator

    Great question..  I would hope you could vlan the ports off as their own interface(s) so all 4 in one network, or 4 different networks and then vlans on top of those as well just like you could with actual nic interface.

    But this is great question, since this is first pfsense device that I am aware of that has a "switch" included.  I did see that the uplink from this switch is 2.5gb to the soc.



  • This should be quite similar, even though it's about the smaller SG-1000
    https://www.netgate.com/blog/ive-got-99-problems-but-a-switch-aint-one.html


  • Rebel Alliance Developer Netgate

    It will be possible on there to have port-based VLANs where you segment those ports off into different networks (e.g. making a new VLAN and then setting it untagged on a specific port), just like you would do on a switch.



  • Just remember that the 4-port switch is linked at 2.5 Gbps to the pfSense LAN interface… so you won't be able to use more than two switch ports to full capacity if you're going to have inter-VLAN routing going on.


  • LAYER 8 Netgate

    Yes, but ports on the same VLAN will be handled in the switch without having to be handed off to the SoC. Silly things like bridging interfaces onto one "LAN" should be a thing of the past on the SG-3100.



  • @Derelict:

    Yes, but ports on the same VLAN will be handled in the switch without having to be handed off to the SoC. Silly things like bridging interfaces onto one "LAN" should be a thing of the past on the SG-3100.

    True, though my thought was more if you have one VLAN on one port, another VLAN on another port, then routing between them would be handed back to the SoC, etc. But yes, same VLANs stay within the switch.



  • Good Morning,

    Received an email that my order has been delayed due to the need for additional testing of a driver fix.  I have no issue with this and as long as it ships in 2017 I am fine.

    But for those in the know I am curious, since the note said driver issue, is this something in a FreeBSD module or a custom driver you all did for this device.  If it's a base FreeBSD driver, is there a link to the issue you are addressing available ?

    TIA….


  • Rebel Alliance Developer Netgate

    @Phonebuff:

    Received an email that my order has been delayed due to the need for additional testing of a driver fix.  I have no issue with this and as long as it ships in 2017 I am fine.

    But for those in the know I am curious, since the note said driver issue, is this something in a FreeBSD module or a custom driver you all did for this device.  If it's a base FreeBSD driver, is there a link to the issue you are addressing available ?

    It's due to the length of the network interface driver name, it's causing problems with the way we currently name VLANs. Rather than rename the driver and maintain more technical debt, we are changing how the VLAN interfaces are named so they are not so long they overrun the FreeBSD name limit. That was a bigger change than we felt comfortable making for 2.4-RELEASE, so we're taking a week or so to implement and test that and a few other small fixes to roll into 2.4.1.



  • :)  Sounds great.  Thank you very much for the information.

    I am replacing an older Soekris and small Switch.

    So there is no rush from my side.



  • @jimp:

    @Phonebuff:

    Received an email that my order has been delayed due to the need for additional testing of a driver fix.  I have no issue with this and as long as it ships in 2017 I am fine.

    But for those in the know I am curious, since the note said driver issue, is this something in a FreeBSD module or a custom driver you all did for this device.  If it's a base FreeBSD driver, is there a link to the issue you are addressing available ?

    It's due to the length of the network interface driver name, it's causing problems with the way we currently name VLANs. Rather than rename the driver and maintain more technical debt, we are changing how the VLAN interfaces are named so they are not so long they overrun the FreeBSD name limit. That was a bigger change than we felt comfortable making for 2.4-RELEASE, so we're taking a week or so to implement and test that and a few other small fixes to roll into 2.4.1.

    Do you think the SG-3100 will start shipping Friday as planned? I pre-ordered. My other question is, can I restore my current configuration to the SG-3100? I am currently running on an older small form factor desktop which has been great but looking to move to the new device. Since having this I have it just how I like it.


  • Rebel Alliance Developer Netgate

    @gsmornot:

    Do you think the SG-3100 will start shipping Friday as planned? I pre-ordered.

    Unless something else comes up in the meantime, it should still be Friday, or potentially Monday/early next week depending on how large the backorder queue is.

    @gsmornot:

    My other question is, can I restore my current configuration to the SG-3100? I am currently running on an older small form factor desktop which has been great but looking to move to the new device. Since having this I have it just how I like it.

    Yes, you'll need to point it at the new interface names but otherwise the configuration will carry over fine.



  • @jimp:

    @gsmornot:

    Do you think the SG-3100 will start shipping Friday as planned? I pre-ordered.

    Unless something else comes up in the meantime, it should still be Friday, or potentially Monday/early next week depending on how large the backorder queue is.

    @gsmornot:

    My other question is, can I restore my current configuration to the SG-3100? I am currently running on an older small form factor desktop which has been great but looking to move to the new device. Since having this I have it just how I like it.

    Yes, you'll need to point it at the new interface names but otherwise the configuration will carry over fine.

    Thank you, understand, and looking forward to it.



  • @jimp:

    @gsmornot:

    Do you think the SG-3100 will start shipping Friday as planned? I pre-ordered.

    Unless something else comes up in the meantime, it should still be Friday, or potentially Monday/early next week depending on how large the backorder queue is.

    @gsmornot:

    My other question is, can I restore my current configuration to the SG-3100? I am currently running on an older small form factor desktop which has been great but looking to move to the new device. Since having this I have it just how I like it.

    Yes, you'll need to point it at the new interface names but otherwise the configuration will carry over fine.

    Maybe this is a dumb question but will I be able to access the web interface after the restore if the interface names are wrong in order to correct them? If not, would it be best to modify the xml to correct the interface names prior to the restore? Hope that makes sense.


  • Rebel Alliance Developer Netgate

    @gsmornot:

    Maybe this is a dumb question but will I be able to access the web interface after the restore if the interface names are wrong in order to correct them? If not, would it be best to modify the xml to correct the interface names prior to the restore? Hope that makes sense.

    You can do it either way. After restore it will take you to a page to reassign the interfaces if you want to do it that way. You can edit into the config before restore if you like, too. I prefer to edit them in, but either way works.



  • @jimp:

    @gsmornot:

    Maybe this is a dumb question but will I be able to access the web interface after the restore if the interface names are wrong in order to correct them? If not, would it be best to modify the xml to correct the interface names prior to the restore? Hope that makes sense.

    You can do it either way. After restore it will take you to a page to reassign the interfaces if you want to do it that way. You can edit into the config before restore if you like, too. I prefer to edit them in, but either way works.

    Thanks again. mvneta1 for WAN and mvneta2 for LAN based on the user manual page. Easy enough.


  • Rebel Alliance Developer Netgate

    That may not have been updated right yet, WAN is mvneta2, LAN is mvneta1, OPT1 is mvneta0



  • @jimp:

    @Phonebuff:

    Received an email that my order has been delayed due to the need for additional testing of a driver fix.  I have no issue with this and as long as it ships in 2017 I am fine.

    But for those in the know I am curious, since the note said driver issue, is this something in a FreeBSD module or a custom driver you all did for this device.  If it's a base FreeBSD driver, is there a link to the issue you are addressing available ?

    It's due to the length of the network interface driver name, it's causing problems with the way we currently name VLANs. Rather than rename the driver and maintain more technical debt, we are changing how the VLAN interfaces are named so they are not so long they overrun the FreeBSD name limit. That was a bigger change than we felt comfortable making for 2.4-RELEASE, so we're taking a week or so to implement and test that and a few other small fixes to roll into 2.4.1.

    Will the SG-3100 ship with 2.4.1?


  • Rebel Alliance Developer Netgate

    @gsmornot:

    Will the SG-3100 ship with 2.4.1?

    Yes



  • Finally a device that can replace a Linksys!  I can retire my parent's DD-WRT device now.  802.11n is good enough.



  • @valnar:

    I can retire my parent's DD-WRT device now.  802.11n is good enough.

    a) those statements don't have much in common  and
    b) you're aware that SG-3100s do not have any kind of WLAN on board?

    And yes, n-standard is usually quite sufficient.


  • Banned

    What’s the LAN-to-WAN and the WAN-to-LAN throughout with NAT enabled?

    I saw that you guys tweeted the VPN throughputs with IPSec being around 280 Mbps, which is not bad for this price range. But can the SG-3100 do a full Gigabit throughput with NAT enabled?

    Also, what’s the maximum combined throughput for inter-VLAN Routing? Since the internal connection between the switch and the SOC is 2.5 Gbps, that’s the theoretical maximum, but can it actually inter-VLAN route at 2.5 Gbps or close to that?


  • Galactic Empire

    Device can deliver up to a gigabit with NAT enabled.

    There are 2x 1GbE, configured as dual WAN or one WAN one LAN. Both gigabit and there's a gigabit four-port 1 gbps Marvell 88E6141 switch. The switch is uplinked at 2.5 gbps to the third port on the SoC for LAN.


  • Banned

    Has this been benchmarked?

    Why not publish the official benchmark? At this price point, it’s important to know if Gigabit LAN-to-WAN and WAN-to-LAN can be achieved.

    Additionally, for smaller networks without an L3 switch, it’s important to know if inter-VLAN routing can be done by the SOC at higher than 1 Gbps so that in the SOHO Enviroment, inter-VLAN Routing by the Router on the Stick won’t start to immediately subtract from the throughput to the Internet.


  • Galactic Empire

    It has been benchmarked, that's how we know that the device is capable of gigabit NAT. We have also published VPN troughput numbers which you have seen.

    Additionally, for smaller networks without an L3 switch, it’s important to know if inter-VLAN routing can be done by the SOC at higher than 1 Gbps so that in the SOHO Enviroment, inter-VLAN Routing by the Router on the Stick won’t start to immediately subtract from the throughput to the Internet.

    2x 1GbE, configured as dual WAN or one WAN one LAN four-port 1 gbps Marvell 88E6141 switch, uplinked at 2.5 gbps to the third port on the SoC for LAN. That answers your question.



  • I received my SG-3100 on Friday, I'm still going through the pfsense handbook, but from other stuff I've read on this board and the subreddit board, it looks like I may have to wait until 2.4.2 is out in order to use it because it's going to replace a centurylink router with PPPOE and a vlan of 210.  However, at the PfSense portal, there are no ARM images or beta releases for ARM.  Also, I haven't got to this part yet, but when I get to the point where this is set up and connected to the WAN, will I be able to see all the packages available for the SG-3100 with "pkg search -g *", at least from the command line or somewhere in the GUI?


Log in to reply