Intel quad NIC performance when two ports are in bridge port



  • Hi all,

    I am new to the community. I have a PC dedicated to pfSense 24/7 (No VM)

    My Intel quad NIC has WAN, LAN already configured. I have two unassigned extra ports that I want to use to connect my FreeNAS and my gaming PC. I have a Netgear Wireless AC on AP mode connected to the LAN that works great. I know I can use the ports of the AP but I don't want to. I want my Netgear to use it's resources strictly for wireless traffic.

    So now the real question is: 1. Will my Intel quad NIC on my pfSense suffer performance if I set the extra two NIC to bridge with LAN? 2. Will I still be able to set devices that are connected to the two extra ports with static IP's?

    FYI I am using pfsense for personal use and for learning network security. After discovering what pfSense can do for my home network there is no way I'm going back to a regular home router.

    Cheers!



    1. yes. network cards are not switches & will never be switches. bridging is not something you want todo unless there is absolutely no other option.
    2. yes


  • @heper:

    1. yes. network cards are not switches & will never be switches. bridging is not something you want todo unless there is absolutely no other option.
    2. yes

    Hello Heper and thank your for response. I understand that quad NIC cards were not designed to replace a switch. I have locked my self out of my pfSense several times after many fail attempts to assign a dedicated IP to the two extra ports.

    I still haven't figure out how to get LAN connection on those two extra ports while giving each their own static IP.

    Can you please point me to the right direction? Can you please recommend me a better use for the two extra NIC ports on my quad card?


  • Netgate

    Save them for when you need more router ports.

    Plug a switch into LAN and plug your LAN devices into the switch.



  • @Derelict:

    Save them for when you need more router ports.

    Plug a switch into LAN and plug your LAN devices into the switch.

    Understood. So say I go the way you suggested… Currently my LAN is connected to my wireless Netgear router which is now on access point mode. I can use the ports on that but I rather not because is located in an inconvenient location.

    Can I create a secondary LAN on one of my available NIC to go to the switch without setting the port to bridge with the LAN that goes to my AP?


  • Netgate

    You can do anything you want. The real question is what do you need? In a small network, having multiple routed networks (different broadcast domains) makes things more complicated. Zeroconf/bonjour needs help to work, etc.

    You could get another switch, plug it into LAN and plug the cable going to the netgear and any other wired devices in that location into that.

    I would just get away from the notion that those extra router ports are somehow "wasted." They're not. They're just not in use right now.



  • @Derelict:

    You can do anything you want. The real question is what do you need? In a small network, having multiple routed networks (different broadcast domains) makes things more complicated. Zeroconf/bonjour needs help to work, etc.

    You could get another switch, plug it into LAN and plug the cable going to the netgear and any other wired devices in that location into that.

    I would just get away from the notion that those extra router ports are somehow "wasted." They're not. They're just not in use right now.

    I want to connect both my AP directly to my pfSense box and also directly connect a small 5 port gigabit dumb Cisco switch SG100D-05.

    I was discourage by another user to not use bridge mode on my quad card due to performance degradation.

    I figured that by assigning a LAN port for my AP and another to switch my quad NIC card would work more efficiently. That would also free up a port on the switch by not utilizing it to connect the AP.

    Can I setup a nic for my switch and another to go to my AP without using bridge mode between the LAN?


  • Netgate

    But another router port still just complicate things, it sounds like unnecessarily.

    If you need two layer 3 subnets then use a router port. If you don't and you need more switch ports, they're cheap - just get more.

    Router ports are more valuable than switch ports.



  • @Derelict:

    But another router port still just complicate things, it sounds like unnecessarily.

    If you need two layer 3 subnets then use a router port. If you don't and you need more switch ports, they're cheap - just get more.

    Router ports are more valuable than switch ports.

    Then I guess my Intel quad NIC card is an overkill for my pfSense box. I got the PCIe Intel GB quad card under $50 because I though I would need it in order to do other fun stuff while I learn networking.

    Thanks again.



  • Then I guess my Intel quad NIC card is an overkill for my pfSense box. I got the PCIe Intel GB quad card under $50 because I though I would need it in order to do other fun stuff while I learn networking.

    WAN Port DHCP
    LAN Port 1 - 192.168.2.0/24 - SG100D-05 - WLAN (APs and WLAN devices)
    LAN Port 2 - 192.168.3.0/24 - SG100D-05 - LAN (laptops, PCs, printers)
    LAN Port 3 - 192.168.4.0/24 - SG100D-05 - multimedia devices (TV, play console)

    or

    WAN Port - DHCP - modem
    LAN Port 1 - 192.168.2.0/24 - 16 or 24 Port switch
    (dump or managed Layer2 as it is and smart or managed Layer3 for VLANs)



  • Unless you have a need to keep the networks on each of those ports separate from eachother, you'd be better off buying a cheap switch (netgear GS105 for $24 maybe?) connecting the switch to a single LAN port and connecting everything else to that switch and leaving your two empty ports empty, than you are trying to mess with multiple LAN ports on your pfSense box.

    Performance wise even a very low end switch like the Netgear one linked above will perform leaps and bounds better than trying to bridge LAN ports.  This is not a pfSense thing.  This is a "the way networks work" kind of thing.

    Even if power consumption is your main concern, using an actual switch for switching is a better idea.  Bridging or routing to multiple lan ports is going to cause extra CPU load on the pfSense box, probably costing you more in power than using a switch would.

    Faster, less power, less complicated setup.  There really is no reason to mess with multiple LAN ports - unless of course - you absolutely need separate LAN's, which outside of complicated enterprise setups, most people never do.

    @TheRiceKing:

    Then I guess my Intel quad NIC card is an overkill for my pfSense box. I got the PCIe Intel GB quad card under $50 because I though I would need it in order to do other fun stuff while I learn networking.

    Thanks again.

    Unfortunately, yeah.  if I had caught you before you bought hardware, I would have recommended sticking with a cheaper dual port NIC.

    That's not to say that quad ports don't have their uses.  I use one in a very busy virtualized server using link aggregation as a cheaper (and very limited) alternative to 10gig ethernet.  The quad ports are fairly sought after though.  You might be able to sell it, replace it with a cheaper dual port, and buy yourself a nice switch with the leftover money :p



  • @mattlach:

    Unless you have a need to keep the networks on each of those ports separate from eachother, you'd be better off buying a cheap switch (netgear GS105 for $24 maybe?) connecting the switch to a single LAN port and connecting everything else to that switch and leaving your two empty ports empty, than you are trying to mess with multiple LAN ports on your pfSense box.

    Performance wise even a very low end switch like the Netgear one linked above will perform leaps and bounds better than trying to bridge LAN ports.  This is not a pfSense thing.  This is a "the way networks work" kind of thing.

    Even if power consumption is your main concern, using an actual switch for switching is a better idea.  Bridging or routing to multiple lan ports is going to cause extra CPU load on the pfSense box, probably costing you more in power than using a switch would.

    Faster, less power, less complicated setup.  There really is no reason to mess with multiple LAN ports - unless of course - you absolutely need separate LAN's, which outside of complicated enterprise setups, most people never do.

    @TheRiceKing:

    Then I guess my Intel quad NIC card is an overkill for my pfSense box. I got the PCIe Intel GB quad card under $50 because I though I would need it in order to do other fun stuff while I learn networking.

    Thanks again.

    Unfortunately, yeah.  if I had caught you before you bought hardware, I would have recommended sticking with a cheaper dual port NIC.

    That's not to say that quad ports don't have their uses.  I use one in a very busy virtualized server using link aggregation as a cheaper (and very limited) alternative to 10gig ethernet.  The quad ports are fairly sought after though.  You might be able to sell it, replace it with a cheaper dual port, and buy yourself a nice switch with the leftover money :p

    You made a lot of great points. I appreciate you taking the time to explain all the very valid points. I agree on putting performance, simplicity, and efficiency at the top of the list.

    Thanks again.