Multiple LAN or VLANS speed - please help.

  • Hello Everyone,

    I'm in need of help!

    I have about 20 servers at the colocation using pfsense 1.2b1 as the firewall.  I would like to setup multiple LANs or VLANS (not sure which one to use) to help alleviate slowness/lagging caused by broadcast packets:

    Internet <–-> Pfsense 1.2b1 <-------> Switch1 <---> Switch 2 ... N

    The server I'm using has 2 ethernet ports, (1 for WAN and the other for 4VLANS)

    I would like to use 4 VLANS dividing 20 servers into 4 groups.


    My questions are:

    1.  Can policies be created to allow server in one vlan to see servers in other vlan?

    2.  Since all servers, regardless of what VLAN, connected to the same switch, would this help alliviate broadcast messages to other servers?

    3.  The server hosting pfsense would still have the same impact?  that is many packets still broadcast to the firewall regardless from which vlan...?

    4.  Would this setup help improve speed of the network?

    5.  Is it faster to more physical network cards act as VLAN or OPT Interfaces then have separate switch connect to each port on the firewall?

    Internet --- pfsense --opt1-- Switch1  --- SERVERSN1..N1X
                      Switch2 --- SERVERSN2...N2X

    Thank you for your help,


  • First I suggest you investigate your problem. The amount of broadcast traffic created by 20 normally functioning servers is so minimal it won't have any effect whatsoever on performance. For that matter, the amount of broadcast traffic created by 200 normally functioning servers isn't enough to be a major performance problem in a switched network. Hence, I doubt if splitting up your broadcast domains is going to do anything.

  • There's not much pount in using multiple subnets if your switches / servers don't support VLANs.

    An unmanaged switch will pass broadcast traffic with no regard to subnets, cos it doesn't understand them.

    As cmb says, broadcast traffic is unlikely to be the problem.

    What sort of servers are they?  Widoze or Linux?  If Windoze then netbios traffic could be an issue from time to time.

    The real question is do you really want multiple subnets.  If you do want multiple subnets then VLANs enable you to keep the traffic segregated with multiple subnets supported from a single switch - as long as it is a managed switch.

    If you do want multiple subnets then your pfsense box either needs a NIC with drivers that support tagged traffic, or a NIC per subnet.

  • I run two VLANs in one of my installs for management sake. I separate the VoIP and data equipment with VLANs. The VLAN's are managed by a Layer 3 switch which handles routing between the VLANs. pfSense is connected to the Layer 3 switch and thus all networks can be seen through that single interface. If you do it this way make sure you set up static routes between pfSense and the Layer 3 switch and also choose the firewall bypass option for static routes in the Advanced page.