Hardware / Vendor Recommendations

  • Salutations, pfsensers!
    I'm familiar with BSD and have used pfsense in a professional sense with small alix boards our company has purchased from netgate for several years. Very pleased with it, in general.

    I'm trying to start the initial planning for a task that seems well suited for pfsense.

    I'd like to build a 12 to 16 port LAN, 1 port WAN device.

    I've read that the bottleneck here in a built PC with several Multi-WAN 1Gbps cards is the PCI bandwidth on the motherboard.

    Has anyone done anything like this who'd like to recommend hardware? I'm not opposed to purchasing an appliance from a vendor, I'm not opposed to building the unit from parts. I'd prefer to keep costs lower, if possible.

    I'm concerned about PCI bandwidth (mobo), NICs, CPU/RAM.. and things I haven't thought of that you may have. Ask away, and thanks in advance!

  • What kind of ISP/internal Bandwidth are you planning to handle, what packages do you need, how many users?

    As far as 12-16 port LAN "in the pfSense box", why would you want to that?

    Using an external switch is likely to be far cheaper and give you much better performance than an internal solution.

    Just my $0.02  ;)

  • Netgate Administrator

    Yep, do you actually need 16 interfaces or just 16 ports?

    Bus bandwidth is only really a restriction on PCI. Just use PCIe and you'll have to try hard to fill it.


  • I actually need 16 interfaces; I'm going to hang a switch off of each one.

    There aren't really users, per-se. This network is for a warehouse that stages several different types of networks for different products we sell; and those networks need to not talk to each other, but have access to the WAN for downloading various stuff from the net during staging. They need to be able to be easily reconfigured for the subnet that the next network on that bench will require.

    At any rate, excellent advice on the PCIe vs PCI.
    Any specific experience anybody has with boards or NICs? (Either direction - I'd be just as happy to avoid bad gear as I would be to be lead toward good gear).
    Thanks gents!

  • Netgate Administrator

    Ah, OK.
    What sort of WAN bandwidth do you have? How much do you need between internal interfaces?
    With a large number of interfaces it is much cheaper to use VLANs than individual NICs.


  • I'd still say this this is a perfect application for a good VLAN Switch and pfSense with 3 or 4 NIC's.

    I did a similar install for a business office with about 40 suites for rent including internet access.  Everything was pre-wired with data jacks in every office that all routed back to the comms room.  They originally had 40+ Dlink routers sharing off one ADSL connection to keep everyone "isolated".  I replaced the whole setup with a 48 port VLAN switch and a pfSense box running 40+ VLANS.  Every office has it's own VLAN subnet and can't see anybody else's subnet.  The worst part was figuring out a simple ruleset that could be applied to every VLAN (which turned out to be pretty simple once I wrapped my head around it).

    The other advantage of a central setup is the ability to split or merge networks in software without recabling everything and of course you get the full power of pfSense…..

  • They're asking if you actually need 12gb-16gb of bandwidth.

    If you only need say 2gb of bandwidth, you could get a L2 switch, bind two ports together, then use VLANs to multiplex many ports into your NIC.

    My L2 switch at home costs under $10/port, while my NIC is about $70/port.

    With nearly a magnitude difference in price, you could save a lot of money and PCIe slots by using few NIC ports and just using a switch. Not to mention a motherboard that can support that many NIC ports will be much bigger, power-hungry, and expensive.

  • Ah - that makes sense.
    And the answer is emphatically NO - I do not need 12-16GB of bandwidth.
    I'll investigate the L2 approach. Glad I asked!
    Thanks gentlemen!

  • Netgate Administrator

    Exactly. Realisticly to get 16 ports using NICs alone you're going to have use four quad port cards and they're not cheap!  ;)


Log in to reply