Netgear GS108Tv2 + Intel NUC + VLAN
-
Hi,
I am looking to apply pfsense on my home network. I have basic networking knowledge so please bear with me.
I am planning the following home setup although pulling the trigger on the "Intel NUC (pfsense)" node depends on the result of this thread.
According to research the below image is possible through VLAN tagging and, from my understanding, the switch will act as if it's a part of the pfsense NUC which means I can think of it as a machine with 7 available NICs. Is that correct?
The two WAN connections are 5mbps and 10mbps respectively, uploads negligible. Horrible internet speed I know. I live in South-east Asia that's why.
The majority of the network load is large file transfers (think blue-ray movie sizes) from bottom nodes (rmn-alienware, ramondev) to the NAS and back and I want to keep those transfers at gigabit speeds if possible.Say I successfully set up the above topology, here are a few of my questions:
1.) From my understanding, all of the 7 ports on the switch will have to go through port 1 before going to their destination? For example, any of the devices which require internet will have to go through port 1 to gain access provided in ports 2 and 3. Is that correct?
2.) If the above is correct, port 1 on the switch will be very busy. Some say it wont affect WAN speeds but will the level of port saturation and/or NUC CPU usage from constant internet routing and traffic shaping be enough to affect gigabit transfer speeds in the LAN? Say If i copy a file from the NAS will the transfer have to go through port 1, rendering the link-aggregation useless in the process, or will port 1 just send instruction to the "copier" to get the file directly from the correct ports and maintaining optimal gigabit speeds?
Bonus question:
3.) The existing ramondev Intel NUC is a Celeron bay trail model (DN2820FYKH) which is housing test apache/php/mysql servers I use to preview websites locally. It is a bit under-worked at the moment and I was wondering if I can possibly virtualize pfsense inside that machine and making that the router as well as my test development server as well as maintaining its gigabit transfer speeds to the NAS.Thanks in advance,
voldomazta -
General answer in principle - assuming you do not need/want some security restrictions between local devices, you would put all your local devices port 4 to 8 into the same VLAN. Each of port 4 to 8 is an untagged port in that VLAN. Then put each WAN uplink device (port 2 and 3) into a separate VLAN each, again they are an untagged port in their respective VLAN.
Port 1 is a tagged port for 3 VLANs and will just be handling traffic that needs to route between VLANs - i.e. the internet traffic. -
Does that mean when I copy files through LAN, port 1 never even gets disturbed?
-
Be warned that unfortunately NUCs are not known to be very reliable pieces of hardware on long term.
-
This is how I would do it:
GS108T:
1 - NUC Pfsense (Tagged VLANs: 1,2,3)
2 - WAN1 - VLAN2
3 - WAN2 - VLAN34 to 8 - VLAN1:
4 - Asus Router
5 - Alienware
6 - Dev NUC
7+8 (Synology)Using the 4 ports on the NAS is an overkill since only 2 clients are accessing to it and they limited to a 1gb bottleneck (Asus - GS108T). With the above scheme both clients can have access to the NAS at gigabit speed.
Only internet traffic will go trough port 1, local traffic won't be affected.
Using a virtual machine is not a good idea for such low performance device.
-
Very informative. Thank you for your responses every one!
-
I'm with tirsojrp. Except I'd use the physical/native for LAN rather than making it a VLAN.
VLAN 91 for WAN 1, VLAN 92 for WAN 2, and physical net for LAN. This is how my home setup is built.Also if you don't already have the Netgear switch, I'd go with the Cisco SG200-08. I've had both and prefer the Cisco SG200-08. It's user interface is nicer and more responsive.
Wouldn't VM the pfSense on that box. Though you could do so and it may make sense to get everything working before spending the money on the bare metal machine.
And yes as has been pointed out, only internet traffic with traverse ports 1, 2, and 3. The switch will handle all the LAN traffic as though the machines were directly connected to each other (only the ports involved with be exposed to the traffic).
-
Be warned that unfortunately NUCs are not known to be very reliable pieces of hardware on long term.
Please do elaborate and provide source.
I have one of the very first batch of NUCs, DC3217IYE, running Windows 8 Pro, 24/7 for 2 and a half years an counting with no failures.
-
https://forum.pfsense.org/index.php?topic=82842.msg487455#msg487455
-
I have 15 NUCS (DC3217IYE) that have endured some heavy use while travelling all over the world, and they are still working fine, so I guess YMMV, although I wonder if some corners got cut with the second generation that you had.
That being said, I completely agree that a NUC is the wrong tool for this job, get something from the pfSense store and profit.
-
I originally planned to make a mini-itx computer + a multi-nic card just for pfsense. But upon stumbling upon VLAN tagging and realizing I already had this switch, it interested me because buying a new NUC instead of a mini-itx setup will be alot cheaper, not to mention I already have a spare 64gb 2.5" SSD and laptop rams.
I already have an existing NUC running headless 24/7 and I have used it for 6 months now without any hitches. I guess it helps that I don't power cycle it that much, or I just didn't buy from a bad batch or something. Here's hoping the next one I buy will be as good as the one I have.
I have 15 NUCS (DC3217IYE) that have endured some heavy use while travelling all over the world, and they are still working fine, so I guess YMMV, although I wonder if some corners got cut with the second generation that you had.
That being said, I completely agree that a NUC is the wrong tool for this job, get something from the pfSense store and profit.
I'm curious about your NUC usage. Travelling around the world with 15 of them. What job entails that?
-
Little old me stays at my desk, the NUC's do all the globe trotting, We use them as remote network probes and traffic generators.
