How Does OPNSense Implement VLANs

Started by kagbasi-wgsdac, June 22, 2020, 10:50:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 22, 2020, 10:50:23 PM
Quick question,

I'm part of a network design project for a Wireless Internet Service Provider and the topic has come up about how they're going to handle multiple customers.  A suggestion was floated about purchasing the OPNsense Quad Core Gen4 10GB 4 port SSD device (DEC4640) and creating VLANs.  However, another question was raised by the Network Engineer, who's coming from a Cisco environment, about how OPNSense implements VLANs.

Does it do the "Router on a Stick" approach - whereby the virtual interfaces are dependent on the availability of the physical NIC they are attached to? or

Does it do what Cisco does in their IOS and create real virtual interfaces that are detached from the underlying NIC?

Hope someone from the OPNSense team or Decisio can provide some feedback on this, thanks.
June 23, 2020, 01:41:21 AM #1
Hi kagbasi-wgsdac,
I use VLANs with OPNSense. Virtual interfaces are linked to physical ones.
Cheers...
June 23, 2020, 04:43:12 AM #2
Quote from: muchacha_grande on June 23, 2020, 01:41:21 AM
Hi kagbasi-wgsdac,
I use VLANs with OPNSense. Virtual interfaces are linked to physical ones.
Cheers...

Darn, I was hoping you wouldn't have said that.  Unfortunately, this means that if the physical interface goes down, so does any VLAN attached to that interface.  Hmm, that poses a risk to us and I'll have to rethink and look for an alternative then.  I really wanted to push to use OPNSense for our core router on this project, but will be tough sell if VLANs are attached the physical NIC.
June 23, 2020, 09:52:49 AM #3
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.

Bart...
June 23, 2020, 06:38:52 PM #4
Quote from: bartjsmit on June 23, 2020, 09:52:49 AM
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.

Bart...

I just moved to vlans also and what I did was create a 4 port LAG from the firewall to my core switching, and trunked all the vlans across the LAG. What I would be interested in knowing is if I can set priorities for each member of the LAG, so certain vlans use certain LAG interfaces, thus effectively spreading the traffic across all LAG members?
June 24, 2020, 09:24:43 AM #5
Quote from: bartjsmit on June 23, 2020, 09:52:49 AM
The way to mitigate this is to trunk VLAN's through more than one physical link into a LAG for resilience.

Bart...

Aah, I never considered a LAGG.  Will look into it and see if I can leverage that.  Thanks for the suggestion.
June 28, 2020, 05:41:03 PM #6
Quote from: spetrillo on June 23, 2020, 06:38:52 PM
What I would be interested in knowing is if I can set priorities for each member of the LAG, so certain vlans use certain LAG interfaces, thus effectively spreading the traffic across all LAG members?

If you use the Round-Robin LAGG Protocol, you can accomplish the same goal albeit without each vlan on a specific physical interface. LACP would work too, but you may see more traffic on a specific interface in that case. 
Print
Go Up Pages1
User actions