Confused - LAGG interface

  • I have setup pfSense with 5 x gigabit nix's. Right now I am using 1 for incoming 1 for office and 1 for home , leaving 2 spare cards.

    Yesterday I found that when I was doing large transfers within the office it would slow down others and was hoping I would be able to use the other 2 cards to maximize performance. I ideally would like to have 1 incoming , 1 for home and 3 for the office . When I setup a LAGG interface the machines got a DHCP but when I watched the packets sent and received it came to a halt immediately after getting network config from pfsense. I could not connect to the internet and even trying to ping devices on the network failed.

    I will presume I need to have either computers that recognize a LAGG interface or a switch that will. I had one card going directly to a super micro server , another one going directly to my main PC and 1 going to a gigabit d-link switch which supports 2 gigabit .

    Any information about this would help , I can't seem to find much helpful documentation regarding LAGG interfaces for pfsense ..maybe I am not looking in the right places

  • There are a couple of issues that you have. First you are correct in order to do a LAGG interface you will need to have a switch that understands LAGG otherwise you are going to cause a switching loop on your network which will bring it to a halt if your switch doesn't support some form of spanning-tree. Secondly if you are transferring data within a network then your packets will never touch your router (PfSense) so I'm not sure how much that LAGG group will help you. Now if you have different subnets or you are transferring data from your office Lan to the Internet then yes LAGG could make a difference but I would point to your WAN interface needing more bandwidth than your LAN not being fast enough. What a LAGG group does is allow you to have a redundant links to a device but instead of having them sitting there doing nothing until a main link goes down like what spanning-tree does it will actually load balance across those links and if one goes down you still have one remaining or how ever many you have in the group. But remember that when traffic is on the same broadcast domain then your device will use the MAC address to communicate with it so the switch will facilitate the communication.

    When looking for a switch, switch port speed is very important but probably even more important is the backbone of the switch. For example if you buy a 24 port Gigabit switch you want to make sure that it has a max throughput of 48 Gbps which means that every port can be communicating a full bandwidth. Sometime for instance with the example above you might see a throughput of 33 Gbps which would mean in a worst case senario your switch can't actually do 1 Gbps in/out on every port. Packets per Second is a good metric to look at too.

    Hope this helps.

  • Thanks Mr.Fly !

    Here is a diagram of my current internet situation. I am unsure how I will setup a LAGG interface with this setup .

    I have a fibre-op ISP who uses 3 VLANS , 1 is management (33) , 1 is IPTV (34) and internet comes over 35. They will not allow me to directly attach my own router without spoofing the mac address also , which is easily possible , but still I need IPTV which is connected via a coax cable.

    So my question here is , how can I optimize my setup given I have 2 spare network cards.

    Thanks again!

  • creating LAGG groups to your switches in both Office and home might give you better throughput when routing from Office to Home networks but other than that I'm not sure there is much more that you can do. Routing accross interfaces is probably CPU limited. What kind of computer are using for your PfSense firewall? Do you get a public or private IP from your PPPoE modem?

Log in to reply