NICs - LAN vs WAN



  • The last of my new hardware should be arriving today for my first install of pFsense (2.2.5)  ;D

    I have 100/10 fibre broadband, with the possibility of a 200/20 upgrade in the future.
    The onboard Ethernet is a Realtek 8111G (gigabit), and I have a dual-NIC HP NC360T (Intel chips, gigabit, which will be running at PCI-E 2.0 x1).
    I want 2 LAN connections on different subnets, that will both be able to share files with my NAS.

    My question is - as the Realtek NIC is the 'inferior' of the 3 ports, am I better off using that for the WAN interface, as it will (hopefully) not bottleneck the relatively slower internet connection, and save the 2 intel ports for my 2 LAN subnets, allowing for faster file transfer within the LAN?

    Everything going LAN1-WAN and LAN2-WAN will be over OpenVPN (just FYI, in case this will affect NIC performance?)

    Thanks,
    Tom.



  • I would suggest to use the both intel GB LAN Ports as WAN and LAN and let the RealTek Port unused.
    You could get a switch for the both LAN subnets to handle them proper and pending on the switch
    given capacity with nearly wire speed.



  • Hi Frank,
    Thanks for the reply, but my hardware arrived right after I first posted, and I was too impatient to wait. I went with the Realtek WAN in the end, and so far it's working well. Finger's crossed!!



  • I am currently in the same situation. Will a realtek NIC suffice for the WAN segment or is it best to pretend it doesn't exist? XD (my WAN is going to be 100/100 or 150/150)
    I suppose our answer would just come down to trying both setups and benchmarking. One drawback I am foreseeing is, according to the statement below, increased interrupt handling would result in high CPU utilization and thus higher power usage.

    I found this on the pfsense hardware requirements section:

    "Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s)."



  • A realtek NIC isn't cursed, and isn't going to bottleneck a 200Mbps connection. Following the advice above and running both LAN segments to a single NIC (presumably with VLAN trunk) will bottleneck transfers between the VLANs as they'll effectively have a 1Gbps half duplex connection rather than 2Gbps full duplex. I'd actually test a couple of combinations with this setup, because you may actually get better performance running 1 LAN on the RTL and one on the dual port, because that dual port NIC would be maxing out its theoretical limit with a gigabit each way on 1xPCIe 2.0.



  • @crimsonskyzs:

    Will a realtek NIC suffice for the WAN segment or is it best to pretend it doesn't exist? XD (my WAN is going to be 100/100 or 150/150)
    I suppose our answer would just come down to trying both setups and benchmarking. One drawback I am foreseeing is, according to the statement below, increased interrupt handling would result in high CPU utilization and thus higher power usage.

    For just 150Mbps the Realtek will be fine.