Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Datacenter network structure recommendations

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Silfen
      last edited by

      Hi, everyone I'm new to Pfsense, but loving the flexibility.

      I’m looking for a top down network design help.

      I have a a colocation with
      WAN: 11 usable public IPs >
      Pfsense 1U with 8 NICs
      Plugging into a 48 port Foundry switch
      Backend is Infiniti band fiber for SANs, and  ESXi hosts,
      3 VMware hosts
      Net App SAN (primary starge)
      Open Filer for image virtual image backups

      I currently have 4 networks setup internally on for each clients. Each network is assigned its own interface in PFsense.
        192.168.1.0 (switch, company related servers)
        192.168.4.0 (clients servers)
        etc

      My current setup isn’t scable, I did it this way to get clients up and running quickly.

      I’m looking for a more efficient setup as far as traffic segmenting, and making changes later.

      I think VLANs are the best way to go forward. Does anyone have any tips they can share? Or examples of similar setups?
      Were primarly providing MS server hosting for RDP sessions, email,  and looking to get into VOIP
      Any recommendations are greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • C
        cistech
        last edited by

        Hi silfen,
        I don't know if you already solved this, but we have a similar configuration, but virtualized.
        And yes, we use VLANs to segment different traffics (operation LAN, WAN or different WANS, clients LANs). You must use a VLAN tagged dot1q cappable switch.

        Then you can use just one port as minimun to interconnect pfSense with the switch and configure that port on the switch as VLAN tagged port with all VLANs available 1-4096. On the pfSense you set that interface as VLAN, and then you can create many VLANs as you want and assign as virtual interfaces on pfSense. You can create then each VLAN for each customer + internal traffic, management, WAN, etc. VLANs for internal purpouse.
        In that way you isolate each customer from each other not just at layer 3 IP/routing network range, but layer 2 MAC address.
        You can even have the ESX Ethernet port configured as VLAN tagged and assign each VM to each VLAN number.
        We have a testing VM (windows or linux) too that we can switch to any VLAN number to test anything as we were connected at the same customer LAN.

        For the WAN public IPs, you can create Virtual IPs on the pfSense to NAT by ports or 1:1 to the interal IPs or even you can create a VLAN with the some Public IPs if the customer require a public IP at their VM.

        Regards
        JP

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.