Consideration around optimal performance for new install



  • Hi everyone,

    I'm considering an alternative new install configuration where the classic configuration of handling the different interfaces of pfSense isn't done by means of separate physical interface but rather by means of several VLANs all being tagged via the same physical interface.

    The plan is to have a single 10Gig interface connected to the bare metal box which would run pfSense and then do all the configuration and firewall business based on several VLANs - internal, external, management etc all would be a virtual interface with its own VLAN on the business end of pfSense.

    Would someone share their own experience in doing this?

    Then the door to theoretical answers opens here - would you consider this as sub-optimal setup in terms of performance compared to the classic config where separate physical interfaces are used?

    Thank you


  • Netgate Administrator

    A lot of people run that sort of setup. pfSense treats a VLAN like any other interface so there's no real difference in the configuration.
    Commonly you might choose to use two 10G links in a LAGG to provide some redundancy for all VLANs using it.
    In terms of performance I would say that sort of setup should be at least as good as individual 1G interfaces. Potentially better since it's actually 10G.
    The only thing to consider there is the separation of the network segments is done entirely in the switch config. It's relatively easy to put a port on the wrong VLAN for example but not difficult to avoid with care.

    Steve



  • @stephenw10 Thanks Steve, yep the VLAN biz will all be handled at the switch, the pfSense facing port is a trunk and from there just as you cautioned, each port will need be placed in an access mode for the proper VLAN it needs to join, that's a manual task and care will be the key playbook!

    Thank you
    ~B


Log in to reply