PFsense as L3 Router

echellis

Looking to replace our aging HP 5406 switch with something more updated. We currently use Unifi access points in some of our schools so started our search for a new core switch with Ubiquiti. Below is a picture of our concept idea on how to setup our core switch. We are aware that the Unifi line doesn't do L3 switching, so we will be passing that off to a PFsense box that will handle all VLAN routing. The school has about 1200 devices on any given day. Just wanted to get peoples advice on this config and if PFsense could handle all the VLAN routing. We would be building a PFsense box on an Intel Xeon server with 32gb RAM and raided SSDs

Derelict

Doesn't matter how many devices are on the network (aside from addressing concerns).

What matters is what they are doing, throughput, packets per second, etc.

kiokoman

someone will answer your question but in the meantime you should know that
I will not be able to sleep peacefully tonight without knowing where IDF-C is

echellis

@Derelict all devices are chromebooks doing web browsing and some video streaming from youtube Netflix etc.

echellis

@kiokoman IDF C is actually the MDF.

Derelict

@echellis That doesn't really give any indication. Any Xeon should be fine though. Use good (Intel) NICs.

stephenw10

Are you purely routing? No firewall, no NAT?

If you can disable pf and route only then you will close to 10Gb I would think, if that's what you're asking here.

Steve

echellis

@stephenw10 It would be doing routing, firewall, and nat

akuma1x

@echellis said in PFsense as L3 Router:

We currently use Unifi access points

Just curious... how many Unifi access points are you using? Are those 48 port POE switches with the blue lines in your diagram? If I do the math, that's almost 300 access points.

Also, what's the Aruba Controller doing?

Jeff

stephenw10

Then you would want something fast/very fast to get close to 10G throughput.

Steve

Derelict

@echellis said in PFsense as L3 Router:

all devices are chromebooks doing web browsing and some video streaming from youtube Netflix etc.

Do you have 10G internet? If not then don't sweat it. The Xeon will be fine.

But, personally, if it were me and if you do not require any filtering between the devices I would get a Layer 3 switch (or a pair of layer 3 switches) and use them to go to the IDFs. Run a transit network up to the firewall HA pair and out to the internet from there.

echellis

@Derelict No we only have a 1gb internet connection

echellis

@akuma1x the PoE switches are serving Aruba WAPS as well as VoIP phones and cameras. The switches will not be maxed out maybe 20% utilized for each one.