Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Where does pfSense fit into the SD-WAN market?

    General pfSense Questions
    6
    8
    12744
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coreybrett last edited by

      I've seen a lot of marketing and products described as SD-WAN lately.

      How does pfSense fit into that market?

      I think of those products as units that can combine multiple Internet connections and use them to connect branch networks together with some type of magic sauce. Is there more to it than that? What's in the sauce? Can't I do that with pfSense already?

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66 last edited by

        SD-WAN sounds like a marketing term around pre-existing network services. The only useful info I can get out of the term is that it implies a proprietary blend of QoS, load balancing, and optimizer.

        I would hope that any company selling products of this kind have an easy to use UI to manage and coordinate all of these features. That could be useful, but it only lowers the barrier to entry and potentially make mistakes easier to spot and less likely to occur. From a functionality standpoint, none of the tech seems special. A "the whole is greater than the sum of its parts" situation, if done correctly.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by johnpoz

          SD-WAN is the hot buzz word of late sure.

          You can for sure connect all your sites with pfsense now over the public internet using vpns - if you want to call that software defined ;) then sure..

          But as you put it missing the "magic sauce" ;)

          Now if you could get your pfsense boxes to call into a central location and easy setup for this box to call that box and route their different networks over the connections via say a web gui (software) then guess you could call it sd-wan.

          But currently if you doing it all by hand by setting up then its just your typical old school wan ;) not software defined..

          The bigger benefit of such sd-wan deployments is not so much ease of deployment but the ability to jump on a "private" or very well managed network that is global and scope with very little jitter in latency from pop A to pop B that might be on the other side of the planet. And then thrown in with this sauce is say wan optimization techniques, etc. etc.

          Ping say London from NY over the public internet and your latency will be all over the board by multiple ms per ping most likely and this will drift over time depending on overall traffic on the internet, etc. If you jump on a pop few miles from your location ride this global "private" network where the latency is rock solid stable at X ms, and then jump off at a pop few miles from london.. So your only riding the "public" internet for a few miles vs 1000's and also throw in wan optimization techniques... Then yeah now you have that special sauce that makes it worth something..

          All that being said - this sd-wan company might pop a device that you connect to your edge that simplifies and throws in the magic sauce to get to your other locations, etc. But your still prob going to want/need that edge device to control what traffic goes over the "sd-wan" and what goes to just the plain internet. You may want to do filtering before traffic enters the "sd-wan" because most likely your going to pay for traffic that goes over the sd-wan, etc..

          So even when the company gives you the sd-wan box for free ;) Your still going to want/need a firewall/router at your edge or even internal to your network so pfsense can for sure still play heavy in that role of your network, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott last edited by

            Here's an article that gives a bit of a description of SD-WAN:

            Cisco Brings SD-WAN to 1 Million Edge Routers

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • H
              Harvy66 last edited by

              Sounds more and more like "SD-WAN" is about a network that can dynamically change routing to min/max certain characteristics possibly based on conditions. This would require coordination among many routing devices to make sure the rules are honored.

              1 Reply Last reply Reply Quote 0
              • C
                coreybrett last edited by

                Seems like adding TINC to the core and making it work with multi-wan would be a step forward in that market for pfSense .

                Would love to have someone from Netgate chime into this.

                1 Reply Last reply Reply Quote 2
                • F
                  fibrewire last edited by

                  Here we are a little over a year later since this conversation originally surfaced. Has any progress been made to use pfsense as a SD-WAN platform? If you think about it, how many active users are running pfsense for their corporations / enterprise / isp edge routers? I'd imagine there are already millions of pfSense boxes running right this second...

                  1 Reply Last reply Reply Quote 0
                  • occamsrazor
                    occamsrazor last edited by

                    ZeroTier is a great solution... I use it on a bunch of devices in 2 different countries and I can operate everything as if they were on the same LAN. But if we could get it integrated into pfSense and run it at the router level, the entire sites could do the same (not just specific devices running ZeroTier locally on each device).

                    https://forum.netgate.com/topic/91683/zerotier-one-as-a-package-100usd

                    pfSense on Qotom Q355G4 8GB RAM, 60GB SSD with pfBlockerNG-devel, Suricata, OpenVPN, etc
                    Ubiquiti Unifi NanoHD APs, Unifi switches, CK2+, G3 Flex cams, APC SUA1500i UPS
                    Mac OSX and IOS devices

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post