Configure pfsense as a 10GbE switch, can it be done?
-
So I've been using pfsense as a router / gateway for years, and love it.
Recently I've started to upgrade my home lab from ancient old 1 GbE to 10 GbE, but as you know 10 GbE switches are still very expensive.
That being said, Intel 540 T2/T4 and similar 10 GbE cards can be had for really affordable prices.
I've got plenty of old motherboards / RAMs / quad core intel CPUs I can throw together and built a nice "Switch" with pfsense as the OS, just wasn't sure if anyone has done this before.
I was thinking of going probably with 16 GB / 32 GB RAM, quad core, 4x intel 540 T2 (= 8 ports) or 4x intel 540 T4 (= 16 ports) the cost of the cards are way cheaper than buying any currently available 8 port / 16 port 10 GbE switches available in the market at the moment.
Any reference would be great.
-
@allgamer
Short answer, No.
But, it can be used as a bridge. Probably not gonna be what you want it to be though.
A bridge is not a switch. -
@jarhead ahh... i see.
so, doing it this way I'll lose the benefits of a real switch.
It might be an "OK" compromise, as long as I can connect additional 10 GbE devices to the existing 10 GbE network that is already managed by actual 10 GbE smart switches.I was just trying to save on costs, because each of those 10 GbE switches are very steep, and all I really needed was just more 10 GbE ports to connect more devices.
So using pfsense as a "Bridge / Repeater" might not be such a bad idea.Yes, I'm aware performance might not be so great as a real switch, but it's something worth considering. The cost saving is huge.
-
@allgamer said in Configure pfsense as a 10GbE switch, can it be done?:
so, doing it this way I'll lose the benefits of a real switch.
Like responsiveness, yes. Your firewall will likely slow to a crawl when dealing with WAN traffic and also switching traffic.
Switch ICs are perfect for switching, and exist in... switches :)
It might be an "OK" compromise, as long as I can connect additional 10 GbE devices to the existing 10 GbE network that is already managed by actual 10 GbE smart switches.
I 100% disagree. I would never ever ask pfSense to do the job of a switch except for short periods of time in extremely rare situations. Every bridge I've ever made failed in one way or another under load.
--
Ryan
Repeat (after me): MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
Actually the cost of such equipment is coming down.. Ive been running a Dlink DGS-1510 with 10G SPF+ GBICs for a couple of years and remember that it was not to costly at the time..
Can the interfaces of a TNSR machine be bridged? might be worth a look.. There is a series of videos on yootoob where the host used Vyos to do 10g switch duty.. several years old and Vyos is a bit costly now.
-
@chpalmer said in Configure pfsense as a 10GbE switch, can it be done?:
Actually the cost of such equipment is coming down.. Ive been running a Dlink DGS-1510 with 10G SPF+ GBICs for a couple of years and remember that it was not to costly at the time..
Not sure what part of my comment you're responding to... I am saying that using a pfSense to do the job of a switch is a horrible idea.
As for tnsr questions... I would direct that to https://forum.netgate.com/category/69/tnsr
--
Ryan
Repeat (after me): MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in Configure pfsense as a 10GbE switch, can it be done?:
I am saying that using a pfSense to do the job of a switch is a horrible idea.
Concur completely. While a bridge of interfaces can somewhat mimic some functions of a switch.. And for sure can be useful in some use cases.. Just because I bridge some interfaces I sure wouldn't call it a switch, nor should it be an actual solution of using an actual switch if a switch is what should be used.
In a pinch I can use a rock to hammer in a nail, doesn't make a rock the proper tool for the job ;)
-
@rcoleman-netgate Didn't mean to respond to you.. meant that post as a general reply to the thread..
I am saying that using a pfSense to do the job of a switch is a horrible idea.
Yep I agree. I offered another solution if the OP wants to continue to pursue the coarse he is on. Some people need to learn by doing.
https://youtu.be/p39mFz7ORco
-
@chpalmer roger-roger
