4. Datacenter network structure recommendations

Datacenter network structure recommendations

  • S

    Hi, everyone I'm new to Pfsense, but loving the flexibility.

    I’m looking for a top down network design help.

    I have a a colocation with
    WAN: 11 usable public IPs >
    Pfsense 1U with 8 NICs
    Plugging into a 48 port Foundry switch
    Backend is Infiniti band fiber for SANs, and  ESXi hosts,
    3 VMware hosts
    Net App SAN (primary starge)
    Open Filer for image virtual image backups

    I currently have 4 networks setup internally on for each clients. Each network is assigned its own interface in PFsense.
      192.168.1.0 (switch, company related servers)
      192.168.4.0 (clients servers)
      etc

    My current setup isn’t scable, I did it this way to get clients up and running quickly.

    I’m looking for a more efficient setup as far as traffic segmenting, and making changes later.

    I think VLANs are the best way to go forward. Does anyone have any tips they can share? Or examples of similar setups?
    Were primarly providing MS server hosting for RDP sessions, email,  and looking to get into VOIP
    Any recommendations are greatly appreciated.

    0
  • C

    Hi silfen,
    I don't know if you already solved this, but we have a similar configuration, but virtualized.
    And yes, we use VLANs to segment different traffics (operation LAN, WAN or different WANS, clients LANs). You must use a VLAN tagged dot1q cappable switch.

    Then you can use just one port as minimun to interconnect pfSense with the switch and configure that port on the switch as VLAN tagged port with all VLANs available 1-4096. On the pfSense you set that interface as VLAN, and then you can create many VLANs as you want and assign as virtual interfaces on pfSense. You can create then each VLAN for each customer + internal traffic, management, WAN, etc. VLANs for internal purpouse.
    In that way you isolate each customer from each other not just at layer 3 IP/routing network range, but layer 2 MAC address.
    You can even have the ESX Ethernet port configured as VLAN tagged and assign each VM to each VLAN number.
    We have a testing VM (windows or linux) too that we can switch to any VLAN number to test anything as we were connected at the same customer LAN.

    For the WAN public IPs, you can create Virtual IPs on the pfSense to NAT by ports or 1:1 to the interal IPs or even you can create a VLAN with the some Public IPs if the customer require a public IP at their VM.

    Regards
    JP

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy