Guarenteed NICs that will work



  • I'm putting together a firewall to replace my jacked-up Cisco RW180 that refuses to route properly about 80% of the time.  So before I start slapping together hardware, I want to jump in these forums and make sure I'll not run into problems others are having, specifically with the NICs.

    I'm on a business-class DSL, with 5 static IP's.  One NIC will be for the client network, another will be for the web-facing servers.  I know I'll have to do some creative things to get the hyper-v VM's to route properly, since the actual hyper-V box should be inside the network BUT some of the VM's on it need to be web-facing.  I will be installing seperate NICs for each web-facing server eventually to make it easier (hopefully, one never knows with M$).

    I want to use some Intel 1000 PT dual / quad port NICs, since the PCI slots on the hardware is limited.  Something like Intel EXPI9404PTLBLK PRO/1000 PT Quad Port, but I've read about some compatibility issues.  So before I spend another $100+ on this, is that a good idea?  Will I run into issue with this?


  • Netgate Administrator

    That's a PCIe card so you'll definitely have compatibility issues if your board has PCI slots!  ;)
    Assuming you meant PCIe though I'm not aware of any issues with those. Do you have a link?

    Steve



  • I use this one in my pfsense 2.2 (Intel PRO/1000 VT Quad Port Server Adapter LP PCI-E EXPI9404VT) -> http://www.amazon.com/Intel-Server-Adapter-PCI-E-EXPI9404VT/dp/B002JLKNIW

    Works flawlessly with the igb driver.


  • Netgate Administrator

    The VT is about the only Intel card i've heard bad things about. It may be completely fixed in 2.2 but:
    https://forum.pfsense.org/index.php?topic=74942.msg415556#msg415556

    Steve



  • I have only this in loader.conf.local:
    kern.ipc.nmbclusters="32768"

    No problems on 2.1.4, 2.1.5 and 2.2



  • Intel NICs are the way to go.  If you're limited in slots, then explore a VLAN capable switch too.

    If you want to get really tricksy, then a multi-port LAGG from the pfsense box to a 24 port VLAN capable switch like a Cisco 2960G or a HP Procurve 2530-24G would give you heaps of flexibility.

    At a cost of course.

    Personally I have a single ethernet in my Shuttle PC which runs ~5 vlans, one of which is the WAN and the others are internal LANs.  Works stunningly well even on a junk realtek NIC.
    You simply have to understand the configs, cos there's no wires to follow.


  • Netgate Administrator

    Yes, I should have prefaced that with; I've never personally run a Pro/1000 VT so I'll defer to someone who has.  ;)

    Steve



  • Guaranteed?

    Buy something from the pfSense store.



  • Bump,

    and does something goes on here?
    Just my two cents on top of this,

    I'm on a business-class DSL, with 5 static IP's.

    Then you should be also going by business like hardware that
    is sufficient to run a long time for you.

    From the pfSense Shop:

    • VK-T40E if VPN is not really the point
    • SG2440 mid ranged pfSense firewall
    • SG4860 if more Ports and Power are needed
      For the VLANs;
    • Cisco SG200 Layer2
    • Cisco SG300 Layer3
    • DGS-1500-20 Layer2+ but 2 SFP+ Ports!


  • Forget all other recommendations given. Go on Ebay and search this card: Intel EXPI9400PTBLK. I bought three of them for $9.99 each used. These cards work flawlessly with no additional software. Plus they are server based so they manage themselves without used of the CPU



  • @jbhowlesr:

    Forget all other recommendations given. Go on Ebay and search this card: Intel EXPI9400PTBLK. I bought three of them for $9.99 each used. These cards work flawlessly with no additional software. Plus they are server based so they manage themselves without used of the CPU

    If you want to run the em(4) driver (https://www.freebsd.org/cgi/man.cgi?query=em(4)), sure.

    But igb(4) is a far better driver, and the chipsets supported by it are far better for network processing.  (More queues, etc.)


Log in to reply