10Gbps switch/router query

I think (and I could be wrong) but I'm sure I read when first researching this, that pfsense applies all firewall rules/packet sensing/etc to the internal LAN traffic across the virtual switch, just the same as it would to anything coming through the WAN. This is one of the big drawbacks for using it as a virtual switch, which of course is not how pfsense was really designed to be used!

I'm not up on all the various network/traffic level differences, but spec wise, Netgate offer little Intel atom powered pfsense routers, they advertise them as 10gig capable routers for offices environments. Presumably they must have the power to route/firewall a 10gig line or that would be some pretty crappy advertising on their part!?

Maybe if you have some old hardware kicking about, you could download the pfsense ISO and give it a go! It is free of charge afterall.
 
BigT said:
I’m right at the limit of my knowledge but that PC with pfSense on it is just moving 10G traffic at L2 I think. Horsepower required for L3/4 routing and firewalling as the OP would need must be a lot more than your use case requires.
Click to expand...

I think you’re right. PCs are actually awful at routing because real dedicated routers use dedicated SoC to give optimum performance (hardware offloading).
 
You're right, they are very inefficient compared to a dedicated bit of silicon.

The OP may need more horsepower than my setup, I'm certainly not suggesting an i3-6300 will 100% be right for him, but I think you might be surprised with just how capable pfsense is with older hardware.

If your'e interested, in a cheap/homebrew solution I suggest they check out the pfsense forum, there are lots of people there like myself that actually use pfsense and can tell you from experience what it is capable of.
 
SumpNut said:
You're right, they are very inefficient compared to a dedicated bit of silicon.

The OP may need more horsepower than my setup, I'm certainly not suggesting an i3-6300 will 100% be right for him, but I think you might be surprised with just how capable pfsense is with older hardware.

If your'e interested, in a cheap/homebrew solution I suggest they check out the pfsense forum, there are lots of people there like myself that actually use pfsense and can tell you from experience what it is capable of.
Click to expand...

I’m OK with pfSense (and OPNsense) - I’ve installed a few Negate appliances now and it’s good. I personally recommend Untangle these days because even if you end up paying the £35/year licence fee for a home user it’s incredible software. And again, it needs good hardware to run it.
 
SumpNut said:
If your'e interested, in a cheap/homebrew solution I suggest they check out the pfsense forum, there are lots of people there like myself that actually use pfsense and can tell you from experience what it is capable of.
Click to expand...

There are several people here who use pfsense (including myself) so it isn't a case of not knowing what it's capable of.
I've got a pfsense box at work with 2x quad xeons, with 2x 10gb Lan connections as well as 2x 1gb connections.
Whilst I've never significantly stress tested the 10gb, I've seen figures greater than gigabit speeds when routing between, but fairly sure it won't get near to actual 10gb throughput.
"Greater than gigabit", whilst being cheap/free however us fine for our use case however, but if we needed guaranteed throughput then I'm fairly sure there's no other option than to pay out for it.
 
Armageus said:
but if we needed guaranteed throughput then I'm fairly sure there's no other option than to pay out for it.
Click to expand...

I think this is true. UBNT always said the (80Gbps aggregate throughput) USG-XG-8 was dirt cheap for the performance at £2000+VAT.
 
You must log in or register to reply here.
Back
Top Bottom