Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware for Firewalling and routing 200 Vlan at 2x100Gbps ?

    Scheduled Pinned Locked Moved Hardware
    11 Posts 7 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dst31
      last edited by

      Hi,
      We want to test Pfsense to filter and route about 200 Vlans with 2 or more 100Gbps ethernet cards. (or backbone is 4x100Gbps)
      Does anyone have try these speed ? What about the hardware needed ?
      And more simply : is it possible ?
      We need Filtering so we can't use tnsr...
      Thank's.

      Cool_CoronaC H 2 Replies Last reply Reply Quote 0
      • Cool_CoronaC
        Cool_Corona @dst31
        last edited by

        @dst31 Sorry but at that speed you need consultants. Not a forum...

        1 Reply Last reply Reply Quote 0
        • H
          heper @dst31
          last edited by

          @dst31 https://docs.netgate.com/tnsr/en/latest/acl/index.html

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            No hardware will pass anywhere near 100G with pfSense.
            Also at 200 interfaces you will find some parts if the GUI become inconvenient to use. There's no technical limit on the number of interfaces but I usually recommend 250 as the number at which some things start to become unusable.

            Steve

            Cool_CoronaC D 2 Replies Last reply Reply Quote 0
            • Cool_CoronaC
              Cool_Corona @stephenw10
              last edited by

              @stephenw10 Among that the GUI traffic graphs.... since you cant split them into more columns.

              1 Reply Last reply Reply Quote 0
              • D
                dst31 @stephenw10
                last edited by

                @stephenw10
                what do you mean about anywhere near 100G? pfsense cannot use 100G interface or the system will never be enought responsive to manage 100G workflow ?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Like I would be surprised to see anything >20Gbps even on the fastest hardware.

                  1 Reply Last reply Reply Quote 0
                  • AndyRHA
                    AndyRH
                    last edited by

                    I think what they are trying to say is to run at 100Gb you will need to process ~67,000,000 packets per second. This is the domain of ASICs, not CPUs.
                    Then you want to filter the traffic, this results in the CPU needing to look at, and act on ~12GBs of data per second.

                    o||||o
                    7100-1u

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      akuma1x @AndyRH
                      last edited by

                      @andyrh said in Hardware for Firewalling and routing 200 Vlan at 2x100Gbps ?:

                      ~12GBs of data per second

                      Hey, that's my new Comcast internet connection speed package that I just got!

                      just kidding, LOL

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        TNSR can do it without ASICs. That's where it excels.

                        pfSense was never intended or expected to pass that sort of traffic with it's current architecture.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User
                          last edited by

                          @cool_corona said in Hardware for Firewalling and routing 200 Vlan at 2x100Gbps ?:

                          Sorry but at that speed you need consultants. Not a forum...

                          This was the best answer given here as I see it right.

                          Network part and devices

                          • Mellanox InfiniBand 100 and 200 GBit/s solution
                          • Mellanox Ethernet 100 and 200 GBit/s solution

                          DPI part and devices

                          • Corero SmartWall DPI solution
                            (up to 160 GBit/s) starting at ~$250.000,00

                          Firewall, routing and inspecting part

                          • PaloAlto 5450

                          So you may see, products are all available on the market
                          and for sure only for brainstorming it might be also good to ask here and there in a forum.

                          Dobby

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.