Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Are software LAN bridges a bad thing to do with OPNsense vs external switch
« previous
next »
Print
Pages: [
1
]
Author
Topic: Are software LAN bridges a bad thing to do with OPNsense vs external switch (Read 589 times)
logi
Jr. Member
Posts: 67
Karma: 2
Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
on:
September 08, 2024, 09:15:42 pm »
I ask, because with Intel x86 devices, each ethernet port is independent, as opposed to ARM devices where all the ethernet ports internally are connected as a switch, so for an x86 appliance (Protectli VP2420), OPNsense will have to build a software bridge with all the Ethernet ports, that will have a CPU cost, vs using an external hardware switch (Netgear GS108Ev3), they are cheap and efficient, thoughts? Thanks
Logged
Patrick M. Hausen
Hero Member
Posts: 6841
Karma: 574
Re: Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
Reply #1 on:
September 08, 2024, 09:22:40 pm »
They will work fine unless you want to get all fancy with VLANs etc. If you simply want to replace a consumer router with OPNsense and have e.g. 1 WAN and 3 LAN ports without an extra switch, the FreeBSD bridge just works.
Its performance was improved by a factor of 5 or greater and with gigabit interfaces the bridge will not be your limiting factor.
https://freebsdfoundation.org/blog/500-if_bridge-performance-improvement/
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
mattlach
Newbie
Posts: 32
Karma: 0
Re: Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
Reply #2 on:
September 08, 2024, 11:56:41 pm »
Bridges work.
They may not perform quite as well as a switch, which has a lot of hardware acceleration specifically for the switching task, but from a functional perspective they are not a problem.
You may just see:
1.) Slightly higher latency than you would with a hardware switch
2.) Slightly lower throughput than you would with a hardware switch
3.) Slightly higher CPU use on the machine running OPNSense
If you can live with the above downsides, there really is not a problem.
Also worth noting, some of this is historical (particularly #2) as with modern hardware a bridge can probably saturate gigabit just fine, though admittedly I haven't tested in a long time.
To be fair, it is still not best practice, and you will still find a lot of people online telling you not to, but a lot of the concerns stem from back in the day with weaker hardware. If you have a modern system running OPNSense chances are you won't even notice, but YMMV.
I'd test it with your hardware, see what performance you get, see how much CPU load you get, compare your latencies (ping) across the bridge and then decide if this is something you can live with, or if it warrants spending the extra money on a switch.
That said, as long as you don't need a managed switch with VLANs and other managed capabilities, you can get
a very basic switch dirt cheap switch
, and they don't use a notable amount of power either.
I still prefer actual switches for everything myself, but that is mostly from a historical perspective and a possibly misguided sense of it being "right".
The only place I use bridges is on my KVM/LXC host as I need the individual guests to have their own IP's.
(My NIC's technically support SR-IOV which could allow me to achieve the same goals but with hardware acceleration rather than bridges and gain a little performance and reduce a little CPU overhead, but I haven't gotten around to setting it up. I've been thinking about doing it for going on a decade now, but I never quite seem to get around to it...
)
«
Last Edit: September 10, 2024, 05:33:41 pm by mattlach
»
Logged
OPNSense running as a VM in KVM under Proxmox:
- Rocket Lake Xeon E2314 in a Supermicro X12STL-F.
- IOMMU forwarded i210 Ethernet for WAN and x520 for LAN.
- Pi-hole running as separate LXC Container on same server.
- Lots of VLAN's and tricky firewall rules.
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
Reply #3 on:
September 09, 2024, 09:36:54 am »
Yes. A significant amount of support questions in this forum are from people trying to use the bridge.
I think it's not a good idea. Switches are cheap.
Logged
logi
Jr. Member
Posts: 67
Karma: 2
Re: Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
Reply #4 on:
September 09, 2024, 07:01:54 pm »
Thank you for the feedback
Logged
Greg_E
Sr. Member
Posts: 342
Karma: 19
Re: Are software LAN bridges a bad thing to do with OPNsense vs external switch
«
Reply #5 on:
September 09, 2024, 07:23:37 pm »
If possible, I would go with a cheap switch. If not possible, then Bridge is your only choice.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Are software LAN bridges a bad thing to do with OPNsense vs external switch