Quick question,
I'm part of a network design project for a Wireless Internet Service Provider and the topic has come up about how they're going to handle multiple customers. A suggestion was floated about purchasing the OPNsense Quad Core Gen4 10GB 4 port SSD device (DEC4640) and creating VLANs. However, another question was raised by the Network Engineer, who's coming from a Cisco environment, about how OPNSense implements VLANs.
Does it do the "Router on a Stick" approach - whereby the virtual interfaces are dependent on the availability of the physical NIC they are attached to? or
Does it do what Cisco does in their IOS and create real virtual interfaces that are detached from the underlying NIC?
Hope someone from the OPNSense team or Decisio can provide some feedback on this, thanks.
Hi kagbasi-wgsdac,
I use VLANs with OPNSense. Virtual interfaces are linked to physical ones.
Cheers...
Quote from: muchacha_grande on June 23, 2020, 01:41:21 AM
Hi kagbasi-wgsdac,
I use VLANs with OPNSense. Virtual interfaces are linked to physical ones.
Cheers...
Darn, I was hoping you wouldn't have said that. Unfortunately, this means that if the physical interface goes down, so does any VLAN attached to that interface. Hmm, that poses a risk to us and I'll have to rethink and look for an alternative then. I really wanted to push to use OPNSense for our core router on this project, but will be tough sell if VLANs are attached the physical NIC.
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.
Bart...
Quote from: bartjsmit on June 23, 2020, 09:52:49 AM
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.
Bart...
I just moved to vlans also and what I did was create a 4 port LAG from the firewall to my core switching, and trunked all the vlans across the LAG. What I would be interested in knowing is if I can set priorities for each member of the LAG, so certain vlans use certain LAG interfaces, thus effectively spreading the traffic across all LAG members?
Quote from: bartjsmit on June 23, 2020, 09:52:49 AM
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.
Bart...
Aah, I never considered a LAGG. Will look into it and see if I can leverage that. Thanks for the suggestion.
Quote from: spetrillo on June 23, 2020, 06:38:52 PM
What I would be interested in knowing is if I can set priorities for each member of the LAG, so certain vlans use certain LAG interfaces, thus effectively spreading the traffic across all LAG members?
If you use the Round-Robin LAGG Protocol, you can accomplish the same goal albeit without each vlan on a specific physical interface. LACP would work too, but you may see more traffic on a specific interface in that case.