Have I got this right?
-
If it's not streaming just routing packages in my opinion it will
-
I don't have anything capable of displaying a 1080p video so I have no experience! ::)
However, it depends how the video is encoded. The stream from a Blu-ray disc is approximately 30MBps. You would have no problem sending that out of every interface at the same time.
Do you have any idea what bandwidth you need?Steve
-
@Steve: For an MKV stream, I'm probably looking at around 15-20 MBps. If as you say 30MBps can be sent out of every interface simultaneously (and by interface, did you mean each individual port or per NIC?), what type of transfer did you have in mind earlier when you said "You don't want to be moving large amounts of data across the bridge if you can help it"?
Many thanks
-
Well that was before you said what your hardware spec was! ;)
The total throughput of that hardware is going to be in excess of 1000Mbps.
What I meant when I said "if you can help it" is that you should try to put any streaming servers or NAS devices on the same switch as the clients that use them to avoid sending data across the bridge.
This will minimise any problems you might have but with that hardware you probably won't ever notice!Steve
-
Hi All!
Just follow up, if I decide not to bridge the numerous interfaces on my pfSense box, will each interface be on its own subnet? For example,
Interface 1 will assign IPs beginning 192.168.1.1
Interface 2 will assign IPs beginning 192.168.2.1
Interface 3 will assign IPs beginning 192.168.3.1and so on…
If so, how would I allow traffic from different subnets to flow from one to another? And would this method reduce the workload on the pfSense box compared to bridging interfaces?
Many thanks
Phil
-
Yes they would each be on their own subnet.
You would simply need to add firewall rules to allow the traffic and pfSense will route between the subnets.
Doing this would be no different to bridging.As a follow up I recently did an experiment with bridging some interfaces and found that you can disable filtering on each of the member interfaces quite easily. In this case you would normally enable filtering on the bridge interface instead. This should reduce CPU load dramatically but I haven't tested it.
It's too late to edit it now but I should have written 30Mbps for a blu-ray stream, bits not bytes.
Steve
-
Hi Stephen
Thanks for the info.
I'm having a read of the bridging doc you linked to in post 13 of this thread, trying to figure out the firewall rules. I may be completely wrong, but how does this look for a rule which allows traffic across different subnets:
Protocol: *
Source: 192.168.1.1
Port: *
Destination: *
Port: *Many thanks
Phil
-
Which interface are you applying that to? It's probably wrong anyway! ;)
The source field will almost certainly be a subnet rather than an IP, e.g. LAN subnet.
192.168.1.1 is probably the address of one of your pfSense interfaces, the only time that would be a source is when you generating traffic on the pfSense box itself. Even then the firewall allows all traffic generated by pfSense anyway.Have a look through this post where I refresh my knowledge of how bridging works.
Though that may not help with firewall rules.
What are you now trying to accomplish?
Steve
-
Well rather than restrict the number of available IP addresses by bridging the interfaces, I thought it would be good to have each interface on its own subnet and allow traffic across different subnets, therefore increasing my IP address pool.
So I suppose the question is, if I have a number of different interfaces (across a few quad port NICs) what firewall rule(s) would I need to create to allow traffic across these different interfaces?
Many thanks
-
The size of the address pool is only limited by the subnet mask. You could have a /16 on one interface if you wanted giving you 65000 addresses!
I would choose to have separate subnets on each interface because it gives you far more control on who sees what. Assuming you have sufficient computing power for your needs that is.Look at the default LAN to any rule. That will allow traffic into the LAN interface as long as it is coming from an IP on the LAN subnet, pretty much all LAN traffic. It has no restriction on the destination. Traffic from the LAN subnet with destination of one of your other internal subnets will be allowed to pass. Once into the pfSense box there is no restriction on what interface it exits from so it will be routed to the correct interface for that subnet.
If you have similar rules on each interface then traffic will be routed between subnets in either direction.
This is a very permissive rule set though. ;)
Steve
