Urgently needed - Examples of Enterprise Level pfSense use
-
Hi all,
We are down to the very last stage of a major bid for a Wireless UK and Public Broadband network in the UK and we are proposing the use of pfSense within our solution.
We have now been asked to provide some evidence of successful pfSense usage in an Enterprise environment but are struggling to find any online and have until Monday 2nd March 2015 to get our response in.
Can anyone in this community provide an example???
For your further information…
Essentially we are looking at deploying both a Corporate Wireless Network connecting up to 40 Offices (3 Main the rest reasonably small) and also a major Public Wifi Broadband Network covering c32000 homes. All in the North of England.
The Corporate and Public networks will be interconnected with Employees of the Company (a major Social Housing provider) using the public network to connect into the Corporate network when they are out in the field.
The corporate network will be used for General Data (i.e. Database, CRM etc.) and for VOIP.
The Client is used to the "Cisco" way of life but are keen and interested to go down an "Open Source" route if it is fit for purpose.
The main corporate links will be using Siae AlfoPlus80HD 80GHz "Milliwave" links running up to 2GB Full Duplex. The next level of links will be using Ubiquiti AirFiber 24GHz Links and then on down to 5GHz links and 2.4Ghz at the public hotspot level.
They have questioned the capability and scalability of pfSense and our proposed use of OpenVPN as opposed to the traditional VRF/MPLS route.
We could use a VRF type solution by putting an OpenContrail Box in front of pfSense but believe OpenVPN is entirely the right way to go.
Essentially, they want to believe and as such, need some real world examples/evidence of where this type of set up has been deployed and is successfully in use.
I have to say this project will be hugely publicised over here and as such, I believe it would be a huge feather in the cap of pfSense and Open Source in general if we can win it!
Any help you can give in providing the evidence we need would be very gratefully received.
-
whatcha gonna use openvpn for ? openvpn is really cpu intensive if you want to push >100mbit over it
-
To introduce myself: I am an economist. Which means I will whine about many things, but certainly, when ever seeing the opportunity to whine about economics, expect not to invite me in: I am already on board, I sneaked in right behind you when you weren't paying attention. Obviously, I simply got lost and ended up in this forum, while still looking for the correct forum where people like me should reside.
(Trying to be funny: you decide ;D ).
That being said:
covering c32000 homes.
a major Social Housing provider
Is the c a typo error and is this 32k social housing houses that get free WiFi?
Any help you can give in providing the evidence we need would be very gratefully received.
I'd advise you to contact the admins/owners of this fine place and ask for their consulting. I'm sure you'll need it if you win it, and I'm sure the company behind this project is more than willing to help you out with some consulting ;D
-
Its actually very easy to setup but difficult to maintain.
I run pfSense in an Enterorise environment running a cloud hosting provider seeing heavy bandwith usage.
I can provide you with a lof of scenarios for this solution, but not for free when we are discussing this magnitude of setup.
-
Its actually very easy to setup but difficult to maintain.
That tickled me, Mule: what is difficult to maintain?
-
This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.
If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…
-
example 1
I have a client using wireless links in the 3.x gig range (licensed) with multiple locations and primarily for (private) VOIP solutions throughout their region. They use bare metal units running pfSense and only use the routing capabilities "inside" the network with only one firewall enabled at the point where the network touches the rest of the world.The system is used in the broadcast industry and works very well for them.
example 2
I have a main data room at my main location that hosts company servers and my primary pfSense loaded box. This location hosts (as of right now) 6 OpenVPN connections to our other business locations including a couple of "customers" systems we installed so we can maintain their networks. Simple example but the OpenVPN connections are very rock solid.and this if you haven't seen it…
https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives
-
This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.
If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…
Thanks Mule ;D
Ah, now I see: it's configuration management-related (yes, even economists can learn words out of their own field :-X ).
Question comes up: how do the Google's of this world manage this, with their a quadrillion servers?
A simple rsync of changes doesn't cut it, I understand, as box 1 needs a different config than box 7.
-
https://forum.pfsense.org/index.php?topic=89479.0
Cross post. :o
-
Do you know how Google routes their traffic and how its distributed??
We are talking 32.000 end users…. Streaming, downloading and who needs to be secure and in a controlled environment.
Peak hours is maybe averaging 5+mbit pr. user and that amounts to 20 GB/s average bandwith....and the peaks can be much higher.
Since you cant adjust kern.ipc.maxsockbuf to much more then 4262144 then you will run into bandwith issues using pfsense with less than 10 boxes as the endpoint and that is only average use....
Use L3 switching instead and give every user a SOHO FW as a gift...
-
I guess we really should have mentioned that this is a not a network that will route ALL traffic via a single pfSense, that would be insane :-)
pfSense would be deployed within local segments of the network where Internet connectivity would also be deployed. OpenVPN would be used to
connect key locations together over the network.