pfSense in ESXi Design
-
Hello hope all is well
Recently I colo a server in a dc installed esxi as hypervisor on it.
It has a 4 port nic, one of them is connected to dc network with a /28 public IP range
I want to create multiple vms and different subnet on my server
Im gonna give the physical port to the pfsense as WAN but Im facing a design choice here :- Create one vswitch on esxi with vlan 4095 as trunk and every other interface as vlan in pfsense and vlan-portgroup in esxi
- Create vswitch for every subnet in esxi and attach them to pfsense
Which one is better from design standpoint ? Which one give better performance ?
Thanks for your kind replies
Regards -
@giyahban It really depends on how many VLANs you're planning on using. For the VM version of pfSense, you can install a maximum of 10 NICS, however you can subdivide those with VLANs. On the ESXi side, there's really no limitation on the number of VLANs your able to create.
Personally, I start with 10 NICs on the VM, with each mapped to a port group in ESXi. If I need more, I'll add the VLAN to one of the VM's NICs, then change the port group configuration to a trunk in ESXi.
-
@pokrifchakd
Wow I didnt know there is a limit for maximum NICs
Is there any performance gain with more NICs instead of VLAN ?
Because it is way more easier with VLAN
and I read some posts about ESXi becomes crazy with more than 5NICs per VM -
@giyahban Not that I'm aware of, or that I've experienced. I use a VM as the gateway from my production environment to my lab environment. With the lab environment, it isn't uncommon for me to have all 10 NICs assigned to various ESXi port groups. If I'm testing something larger, I've had to add additional VLANs on the NICs, but didn't experience any problems with routing performance.
I've got a 10G backbone, and all the VMs connect at 10G, so if there was a hit in performance, I really couldn't tell.
-
@giyahban said in pfSense in ESXi Design:
Is there any performance gain with more NICs instead of VLAN ?
Just ease of configuration, especially if I'm integrating physical hardware into the lab environment. It's a 1:1 mapping from the port group to the NIC.
-
@pokrifchakd said in pfSense in ESXi Design:
For the VM version of pfSense, you can install a maximum of 10 NICS
What limit is that? Something in ESXi? There's no such limit in pfSense itself.
Steve
-
@stephenw10 It's a limitation in the ESXi VM. This provides a good breakdown of the various maximums for VMs and Hosts: https://www.virten.net/vmware/vmware-vsphere-esx-and-vcenter-configuration-maximums/
-
I go with 4095 and VLAN - primary reason is that you can add interfaces without shutting down pfSense, moreover the ESXi limit of 10 NICs.
-JB
-
You need to NICS....
One for WAN and one for LAN.
Add the VLAN's on the LAN parent interface.
That the way (best practice).
-
This post is deleted!
