Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?
-
I plan on building a 2U router with 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapter
https://www.intel.com/content/www/us/en/products/network-io/ethernet/10-25-40-gigabit-adapters/x710-t4-10gbe.html
And wanted to find out if pfsense can support this many 10 gigabit ports
Reason for this build is because i DO NOT want to use a switch. I want one single place to control ALL of my networking.
I thought about getting a 1U router with 1U Netgear 28-Port 10Gig Gigabit Ethernet Smart Managed Pro Switch but i decided i will rather just get a 2U and perform all of my networking needs there.
Please provide advice and recommendations on what to and not to do.
Thanks!!! -
It is bad practice and hard on the router cpu to use router ports as a switch.
I have a 1U router and a 1U switch that take up 2U of rack space and cost a hell of a lot less than what you are proposing.
Did I mention it is bad practice to do what you ask.
Good luck!
-
Why is it bad practice?
If am able to get a very powerful and highly power efficient CPU(8 to 10 cores) and lots of RAM (32GB) why should that be bad practice?A little more details as to why its bad practice will be appreciated
Thanks
P.S
I currently use Juniper SRX240 H2 with 16 ports(router as a switch..again juniper brand name)Another big name brand even makes a router as a switch as well
http://www.avfirewalls.com/FortiGate-140D.aspAlso https://www.sophos.com/en-us/products/next-gen-firewall/tech-specs.aspx#2UModels
-
The biggest reason not to do that is you probably won't get 10Gbps between those ports even if they are bridged and in the same subnet. When you bridge the interfaces like that all of the heavy lifting to move packets from one NIC to the other is still done by the CPU.
Fortigate use asics to off-load much of the work so it would not surprise me to find they work well as a switch.
Those Sophos boxes would be exactly the same as pfSense on the equivalent Portwell box. The bridging code in Linux may be more efficient, I have never looked into it, but they are not meant to run as a switch.Do you have any of that hardware already? I'd be interested in any results but unless you don't actually need 10Gbps I would not do this.
Steve
-
@stephenw10 said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
The biggest reason not to do that is you probably won't get 10Gbps between those ports even if they are bridged and in the same subnet. When you bridge the interfaces like that all of the heavy lifting to move packets from one NIC to the other is still done by the CPU.
Fortigate use asics to off-load much of the work so it would not surprise me to find they work well as a switch.
Those Sophos boxes would be exactly the same as pfSense on the equivalent Portwell box. The bridging code in Linux may be more efficient, I have never looked into it, but they are not meant to run as a switch.Do you have any of that hardware already? I'd be interested in any results but unless you don't actually need 10Gbps I would not do this.
Steve
Ok i see what you saying.
So what you mean is that CPU are not efficient enough to perform switching and moving packets and that the work needed for switching is not done well by CPU?I can understand that point. Honestly i just felt like i just dont have to deal with another device, another thing to manage. If i can have all my networking needs all done from the pfsense then i dont have to worry about managing another networking device. That was just my thinking there.
Here is the setup i was looking at. I haven't done it yet but it is something i have almost finalized, but i can see your point there.
The motherboard comes with 2 x 10G
and the CPU is https://www.intel.com/content/www/us/en/products/processors/xeon/scalable/silver-processors/silver-4110.htmlmemory will be 32GB DDR4 and will use micron M2 256GB
The good thing about this setup is i can start with just 1 x Intel X710-T4 and then keep adding more as i need them.
I currently only need 4 x 10G for now for 4 rack servers -
@uberwebguru said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
So what you mean is that CPU are not efficient enough to perform switching and moving packets and that the work needed for switching is not done well by CPU?
Pretty much exactly that. Instead of an ASIC moving packets directly between the PHYs as required each packet must be read into memory across the PCIe bus, analysed, filtered etc then written back out over the bus to the correct NIC again. All expensive operations. At 100Mbps or 1Gbps you can still hit line rate with a reasonable CPU even if it's a very inefficient way to do it but at 10Gbps... maybe with something fast. I've never tried it personally.
Steve
-
I get your point
I am going to have to flip a coin if i should stick tot he 2U or go back to the 1U + 1U setup using Netgear 10G smart switchIf i get stubborn enough i might just stick with the 2U and battle it out from there and learn along. Honestly not many people "REALLY" need 10G..i kind of need it but not at its highest performance.
It is more of just incase mentality to be honest.
So that thinking may make me stick with the 2UAgain i value the simplicity of a single network device.Keeps setup very simple.
Also this is going to be used in a 1/4 rack to 1/2 rack setup. So this is not a huge deployment by any means.
-
@uberwebguru said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
So what you mean is that CPU are not efficient enough to perform switching and moving packets and that the work needed for switching is not done well by CPU?
I can understand that point. Honestly i just felt like i just dont have to deal with another device, another thing to manage.That's why devices like the SG-1100, SG-3100 and XG-7100 incorporate a Marvel switch. But they are not 10G yet.
-
Seen this series? Video 3 might be a project your interested in.. https://www.youtube.com/watch?v=MgNpI6VAAhI&list=PL7s5XcKqayvSoncnaMPhwmh7L4c4h2FaE
Im wondering it TNSR might be a good candidate for something like this. But his solution worked for us at first.
-
@jahonix said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
@uberwebguru said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
So what you mean is that CPU are not efficient enough to perform switching and moving packets and that the work needed for switching is not done well by CPU?
I can understand that point. Honestly i just felt like i just dont have to deal with another device, another thing to manage.That's why devices like the SG-1100, SG-3100 and XG-7100 incorporate a Marvel switch. But they are not 10G yet.
what marvel switch?
-
@chpalmer said in Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?:
Seen this series? Video 3 might be a project your interested in.. https://www.youtube.com/watch?v=MgNpI6VAAhI&list=PL7s5XcKqayvSoncnaMPhwmh7L4c4h2FaE
Im wondering it TNSR might be a good candidate for something like this. But his solution worked for us at first.
Yeah saw all the series..pretty good video
i knew about vyos when it first started actually and i did tried it out a bit but not extensively.I currently use Juniper SRX 240 like i mentioned so the issue is not having a good router..what i want is GUI that is useful
Juniper SRX has GUI which was why i went for it but it is pretty old and has nothing really useful like network stats and other nice stats
Also the ipsec VPN and dynamic VPN i dont really like especially when they sold the JunOS vpn software to pulsesecureAnyways reason i want pfsense is the "modern" GUI that will help provide all the modern features to expect from a new generation NGFW device
'
SO until vyos get a nice GUI, not going to consider it -
@uberwebguru The ones listed in the product description I linked?
and maybe have a look here (but those are not 10Gb switches, so limited use in your case)
- https://www.netgate.com/blog/ive-got-99-problems-but-a-switch-aint-one.html
- https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html
I don't know how far development has taken this "bcc-0"
https://www.silicom-usa.com/pr/edge-networking-solutions/network-boards/bcc-ve-network-board/
At least it can be seen in the last picture of the "99 problems" blog post in a powered state.
Anyone from Netgate HQ willing to comment?
-
Ok i have finally decided based on all the responses from you guys
I will be going with 1U router and 1U switchWill build 1U pfsense and use 1U Netgear 10G 28 ports switch
Learnt a lot from all of your replies so thank you!!!
-
Good decision!
