Recommendations for a large network
We are looking for some recommendations for our setup. We are a local ISP supporting around 10,000 apartments and 20,000 devices. We will be purchasing a couple servers for the NAT array and are looking at running pfSense on them. We have 3 connections to the internet, 2 - 1 Gb and 1 - 10Gb. We have several VLANs, usually 2 or 3 per property with around 200 total. Each of these VLANs we manually assign which internet connection for then to use. Currently we use the NAT rules and route-maps in our Cisco 6500 and FWSM. We whis to upgrade this to pfSense and be easier to maintain. We will be supporting both IPv4 and IPv6 in a dual stack scenario. Currently we have to use a large amount of NAT (cisco PAT) due to the exhaustion of IPv4. This is why we are implementing IPv6 for our customers.
We are looking at purchasing a server with a couple 10G nics and several 1G nics. Most traffic will come in through a single 10G nic on several VLANs and will go out either the 10G internet connection of 1 of 2 1G internet connections. Depending on what is setup on that particular VLAN. We run a few servers (DHCP, DNS, webhosting) that will be connected through a couple 1G connections (DMZ type scenario).
good luck finding hardware that will do 12Gbit of NAT & 10Gbit of general routing ….
You could use several PFSense boxes. As for NAT, I read somewhere that you can setup several instances of NAT on PFSense, this way you can make better use of more cores.