Same vlans on both ix0 and ix1
-
@ddvnu More than 10Gbps on WAN? I hope you've got a good box and network card you're running pfsense on... :)
-
@akuma1x the pfsense 7100 should be able to it.
-
@ddvnu True, but not "MORE THAN" 10Gbps on WAN. I don't even know if that machine would support a greater than 10Gbps NIC in the add-on card slot - like 40Gbps or 100Gbps, or faster...
-
@akuma1x it says in spec that the "Netgate 7100 achieves up to 18.55 Gbps routing performance" that's more than 10
-
@ddvnu said in Same vlans on both ix0 and ix1:
@akuma1x it says in spec that the "Netgate 7100 achieves up to 18.55 Gbps routing performance" that's more than 10
I think you are going to be rather dissapointed if you are expecting more than 10Gbe from the 7100.
With no packages to interact with the traffic (so only pf filtering), you are looking at some 2.5Gbit max throughtput/session because of the single core bottleneck with the Atom CPU.
4 cores = about 10Gbe in pf filtering.
If you disable filtering and only do routing, it can go somewhat higher.
But with lots and lots of uses and sessions you are not going to hit 10Gbe. -
@keyser this project is 48 apartments, should it not be sufficient? I expect a maximum of no more than 20 units (phones, computers, tablets etc.) pr. apartment.
-
@ddvnu Oh boy... you might be running into the mid-to-upper limits of the 7100 for a project like this. But, maybe not... 48 apartments with around 20 devices is almost 1000 hosts on your network. That's a lot, but not unreasonable. I wouldn't overload it with a lot of crazy add-on packages.
What I would be sure to do with a setup like this is to use a lot of VLANs, like 1 VLAN per apartment, at a minimum. That will keep all of the apartment network traffic separated from each other. It will be much faster if you do this on switching hardware vs. on pfsense itself, but I don't know what performance you're expecting here. I would assume it's kinda high, since you started this thread asking about a 10Gbps WAN connection. You can technically use the 7100 switch ports as separate interfaces with VLANs, but you're going to need to know how to program that, and you'll have to run multiple VLANs on each interface. Network traffic might get clogged up pretty quick. I would say you should add on the 4 port expansion card for more ports.
So, what I would recommend before you start - contact Netgate sales and ask them some questions about the 7100 and tell them about the scope of your project. They can make recommendations so you don't buy the wrong hardware.
-
@akuma1x thanks for your advice, but it is already bought
the 2 24 ports switchâs is connected to ix0 and ix1 and I have setup 48 vlan with rules. I hope it will be capable for the task. -
@ddvnu Just curious how you tackled this... You obviously did the VLANs on the 2x switches right, but how did you get those switches into pfsense? Multiple switch ports, single switch port, how?
-
@akuma1x I put each of them on a vlan, and bridged them with the vlan lan.
-
@ddvnu said in Same vlans on both ix0 and ix1:
@keyser this project is 48 apartments, should it not be sufficient? I expect a maximum of no more than 20 units (phones, computers, tablets etc.) pr. apartment.
Yes, it will a handle a thousand devices with ease - no problems. I was simply referring to you expecting more than 10Gbe Throuhgput. Thatâs where youâll meet the limit. But how do you get a âbigger than 10Gbeâ WAN link on that thing? A LAGG between two 10Gbe ports?
If your WAN link is a 10Gbe link, then I would expect you will be happy with the 7100. Youâll likely never see actual 10Gbe being used - nor will it handle it unless the circumstances er âjust perfectâ. But for everyday use with a 1000 devices you can have it hit 5 - 6Gbe throughput âeasilyâ if you do NOT add any packet inspection packages like Suricata, NtopNG and so on.
PfBlockerNG will be fine - itâs not a packet inspection tool. -
A afd1219 referenced this topic on
