Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How many VLANs?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni
      last edited by

      Hi Everyone,

      I wish to use pfSense as a VPN concentrator in our data center for all of our managed customers. We use Xen to provide to managed virtual machines which remote customer offices will have access to.

      I would like to put each customer in a VLAN of its own meaning I can prevent inter-customer communication. How many VLANs does pfSense 2.0 support? Does it scale well? Would the GUI "mess up"?

      If pfSense can't handle a large amount of VLANs, I could put all customer VMs on the same subnet, and use iptables on the Xen hosts to prevent inter-customer communication. While this would work, it means I couldn't use the nice pfSense GUI.

      Any help or advise is appreciated

      Cheers

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        1.2.3 doesn't scale all that well there (you wouldn't want to use > 50 or so interfaces), but lots of things were enhanced performance-wise in 2.0 to accommodate that. We've done production 2.0 deployments with hundreds, and a test setup proof of concept with 4000 VLANs.

        1 Reply Last reply Reply Quote 0
        • J
          jonnytabpni
          last edited by

          4000 VLANs?! That's more than enough for me :D

          Yes, this would be deployed under 2.0 anyway. Given the current good stability of 2.0, I think the extra features added (that we need) outweigh the risk. Nonetheless we have a box in testing set up yesterday. Hasn't skipped a beat yet!

          And provided that the ports on the switch (or bridge ports in my case as this is a Xen setup) that connect to the servers are not VLAN aware and have a PVID of the respective VLAN they are supposed to be on, does that provide a secure solution?

          I've read a lot of nasty things regarding VLANs, however they seem to be used everywhere. For exmaple, most colocation providers use VLANs for their customers.

          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.