Pfsense 1 LAN cable with VLANS internet speed?
I am planning to install pfSense to a laptop and i have a Netgear Managed switch. So just i know that it can using VLAN to have 1 LAN cable and then connect WAN cable to the switch as a separete VLANS, so you can use that on pfSense as Gateway. This ok but;
How about the internet speed performance of internet because the gateway and LAN going through 1 cable to the switch?
The total of everything passing through that cable will be limited to whatever the connection is capable of. Of course, there will be a small amount lost to the additional overhead of the 4 byte VLAN tags. So, the answer depends on what bandwidth you get from your ISP. If 1 Gb, then you will take a hit. If only 100 Mb, then you likely wouldn't notice much difference.
@JKnott 1GB should be fine :) but it isn't. Just this is also be ok for the LAN side speeds ?
Vlans share the bandwidth of the physical connection.. If your routing traffic from vlan x to vlan y on the same physical link - you do the math ;)
You have to look at your usage to determine the impact. You are sharing a cable & connection, instead of using multiple cables. An example would be offices where VoIP phones are connected via VLAN over the same cable as computer data. Compared to a Gb connection, the amount of data used by VoIP is trivial. Also, while you're on the phone, you might not be using the computer. Will you notice the hit? Probably not. On the other hand, where you're using a VLAN to carry ISP traffic from the modem and then send it out again, over the same cable, then yes, you might see a significant hit.
Here's another example. I have a 75 Mb package (actually over 90 Mb) from my ISP. My switch is capable of 1 Gb. If I did that, you you think I would see much of a difference, with all that spare bandwidth available?
erbalo last edited by erbalo
@johnpoz On my case
- I create a VLAN10 on the switch port1
- I create port 2 trunk on the switch for pfsense
- I create port 3 untagged vlan0 for LAN side.
- I create port 4 VLAN 20 for something guest laptop.
Just because WAN is connected to port1 (it is on VLAN10 right?..) gooing over untagged port 3 should be no problem.
But on the laptop i should have the problem right? because it is than vlan 10 to vlan 20?
@JKnott Yes really i should see that. That is normal. But if i download i packege 50mbps from internet thats my max from my ISP, then should be that ok right?
You're asking questions that we can't answer. The answer depends entirely on how you use your network, including traffic loads etc.. The only answer we can give is you're sharing a connection. If that causes a hit, it depends entirely on your traffic, which is something we have no idea about.
In the example of VoIP, there'd likely be no noticeable hit. If you had 2 or more heavily used servers, yeah, you would likely see a hit.
Bottom line, it all depends on how much traffic you have and how much spare capacity in that one cable.
What device are you doing this on, a 3100 with switch ports? Those are not sharing the same physical port..
Here is where you run into physical interface bandwidth constraints.
Say on pfsense igb1 you have vlan X and vlan Y.. And not your routing traffic from device on vlan X to device on vlan Y.. You are sharing the same physical interface and will be limited by its speed.. Be it 10, 100 or gig or even 10ge..
If you only have 1 physical interface from pfsense to the switch.. Than any vlans that route through pfense and then back to the switch will be limited by the speed of this physical interface..
From you description I am not exactly sure what your doing.. Since you make no mention of creating any vlans on pfsense - if your switch is doing the routing between vlans.. Then only time will traffic will go through this connection to pfsense if going say to the internet connected to pfsense.
If I get time today I will put boxes on vlans and show you an iperf test between the 2 of them... It will be a good reference post for when this comes up - which is quite a bit to be honest.
In the process of updating a sg2440 with 2.4.5p1 and setting up to ship to remote office - almost done.. My schedule looks pretty clear after that - so sure I will do a bit of examples ;)
Ok... Here is 2 tests.. 1 where the networks are on their own physical interfaces
iperf server 192.168.9.10
iperf client 192.168.200.10
$ iperf3.exe -c 192.168.9.10 -B 192.168.200.10 warning: Ignoring nonsense TCP MSS 466688 Connecting to host 192.168.9.10, port 5201 [ 5] local 192.168.200.10 port 50165 connected to 192.168.9.10 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 108 MBytes 903 Mbits/sec [ 5] 1.00-2.00 sec 113 MBytes 949 Mbits/sec [ 5] 2.00-3.00 sec 114 MBytes 954 Mbits/sec [ 5] 3.00-4.00 sec 113 MBytes 949 Mbits/sec [ 5] 4.00-5.00 sec 114 MBytes 957 Mbits/sec [ 5] 5.00-6.00 sec 113 MBytes 950 Mbits/sec [ 5] 6.00-7.00 sec 113 MBytes 949 Mbits/sec [ 5] 7.00-8.00 sec 113 MBytes 949 Mbits/sec [ 5] 8.00-9.00 sec 113 MBytes 948 Mbits/sec [ 5] 9.00-10.00 sec 113 MBytes 950 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 1.10 GBytes 946 Mbits/sec sender [ 5] 0.00-10.01 sec 1.10 GBytes 944 Mbits/sec receiver iperf Done.
So that is maxing out gig.. Couldn't ask for anything more on gig wire..
Now here pfsense is routing between the networks over the same wire.. Same client and server machines - Just changed the switch config to put the client interface on different vlan. And put this vlan on the same physical interface used for vlan 9 (lan on pfsense) igb0
$ iperf3.exe -c 192.168.9.10 -B 192.168.66.10 warning: Ignoring nonsense TCP MSS 466688 Connecting to host 192.168.9.10, port 5201 [ 5] local 192.168.66.10 port 50367 connected to 192.168.9.10 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 107 MBytes 895 Mbits/sec [ 5] 1.00-2.00 sec 111 MBytes 933 Mbits/sec [ 5] 2.00-3.00 sec 112 MBytes 940 Mbits/sec [ 5] 3.00-4.00 sec 112 MBytes 939 Mbits/sec [ 5] 4.00-5.00 sec 112 MBytes 941 Mbits/sec [ 5] 5.00-6.00 sec 111 MBytes 930 Mbits/sec [ 5] 6.00-7.00 sec 112 MBytes 940 Mbits/sec [ 5] 7.00-8.00 sec 110 MBytes 925 Mbits/sec [ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec [ 5] 9.00-10.00 sec 111 MBytes 931 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 1.08 GBytes 931 Mbits/sec sender [ 5] 0.00-10.00 sec 1.08 GBytes 930 Mbits/sec receiver
So not much difference because its duplex and no other traffic on the wire.. Bit of traffic maybe, the overhead of the vlan tags mentioned, etc..
But now sending traffic to the internet through pfsense through that same igb0 interface via speed test from client on that same vlan 9 network.. 500Mbps..
Now look at my iperf test..
$ iperf3.exe -c 192.168.9.10 -B 192.168.66.10 warning: Ignoring nonsense TCP MSS 466688 Connecting to host 192.168.9.10, port 5201 [ 5] local 192.168.66.10 port 50444 connected to 192.168.9.10 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 38.6 MBytes 324 Mbits/sec [ 5] 1.00-2.00 sec 37.1 MBytes 311 Mbits/sec [ 5] 2.00-3.00 sec 26.2 MBytes 220 Mbits/sec [ 5] 3.00-4.00 sec 49.0 MBytes 411 Mbits/sec [ 5] 4.00-5.00 sec 51.0 MBytes 428 Mbits/sec [ 5] 5.00-6.00 sec 52.0 MBytes 436 Mbits/sec [ 5] 6.00-7.00 sec 51.8 MBytes 434 Mbits/sec [ 5] 7.00-8.00 sec 52.4 MBytes 439 Mbits/sec [ 5] 8.00-9.00 sec 51.1 MBytes 429 Mbits/sec [ 5] 9.00-10.00 sec 51.1 MBytes 429 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 460 MBytes 386 Mbits/sec sender [ 5] 0.00-10.01 sec 460 MBytes 386 Mbits/sec receiver iperf Done.
So there will be a performance hit when you share bandwidth of physical connection with vlans - because your sharing the capabilities of the interface... But without understanding your traffic flows, and amount of traffic that will be routed intervlan or using that interface going somewhere else, it hard to say if you will notice it or not..
Here is what I would suggest.. If you have the physical ports available on your switch and your router.. Then leverage them for your different networks so that vlans do not share physical ports..
If you do not have enough ports... Then put the vlans that do not talk to each other or use lower amounts of bandwidth on the same physical interface.. Example I put my wireless vlans on the same physical interface of pfsense... Since they would never be able to use full gig anyway, and they don't talk to each other..