English Forums > Hardware and Performance

Will it 10Gb/s OPNsense?

(1/2) > >>

PhiloEpisteme:
Hi folks, I'm new to the forums, OPNsense, and networking in general. Please forgive any terminology mistakes or misunderstandings on my part.

I am looking to add an OPNsense box to my SOHO network to use its firewall capabilities and to split my home network into at least 4 VLANS (5 if you count the guest network) and hopefully be able to achieve 10Gbs LAN speeds within and between VLANS.

VLAN1: Work computer(s)
VLAN2: FreeNAS servers
VLAN3: Personal computers and phones
VLAN4: IoT devices such as television, speakers, lights, etc.

Key Network Uses
If possible, I'd like a reliable 10Gb/s connection between VLAN1 and VLAN2.

I'd like to use a personal computer in VLAN3 to be able to access devices in other VLANs such as my FreeNAS server or one of my IoT devices.

I'd like to split my wireless devices across multiple VLANs, for example laptops and cellphone belong together but IoT devices belong in another VLAN.

I imagine my use case is not that extraordinary. If so, what kind of hardware am I looking at? The piece I am specifically worried about it getting a near 11Gb/s speed between say my work computer in VLAN1 to my FreeNAS machine in VLAN2. Many of the other devices either don't need bandwidth that high or are wireless anyway so I am less concerned about the performance there.

As an added bonus, my current situation is such that my FreeNAS machines are directly connected to one another via 10Gb/s fibre to make backups between them significantly faster. Is there any way to expose my FreeNAS machines to the rest of my network via 10Gb/s links using OPNsense or would I have to use a 10Gb/s L2 switch between the FreeNAS machines and OPNsense and put all 10Gb/s devices on that switch in the same VLAN?

I did some research on hardware and performance and it seems that if I am genuinely interested in 10Gb/s performance I'll likely need to build something myself rather than rely on the all-in-one mini-pc solutions lots of folks use.

https://calomel.org/network_performance.html
https://calomel.org/freebsd_network_tuning.html

I have some hardware around the house I am happy to use but am also happy to build another machine or purchase an off-the-shelf solution if it is appropriate.

What I own

* ASUS ROG Strix H370-IASUS ROG Strix H370-I

* Intel® I219V, 1 x Gigabit LAN Controller Dual interconnect between the Integrated Media Access Controller (MAC) and Physical Layer (PHY)
* Realtek® RTL8111H, 1 x Gigabit LAN
* 1x PCIe3.0x16
* Intel Core i5-8400 6-core 2.8GHz 8 GT/s bus speed
* G.SKILL Ripjaws V 16GB (2 x 8GB) DDR4 SDRAM DDR4 2666
With the above hardware I'm a bit limited. If I pick up a 10Gbs NIC I'll only have 2 1Gbs NICs left, and one of those is that Realtek NIC. Perhaps I'm just looking for confirmation here but with as many devices as I'd like to connect it'll likely be that I need a board with more onboard NICs (so long as they don't offload too much work the cpu) and/or 2+ 8x PCIe 3.0 slots.

Thanks for your time. I've done some searching already and have found a few useful links but clearly I still have questions. If I am just bad at searching feel free to throw a link at me. Any advice or accessible reading would be greatly appreciated.

mimugmail:
If you dont do Nat on 10g links throuput is not a problem :)

PhiloEpisteme:

--- Quote from: mimugmail on September 14, 2019, 06:53:28 am ---If you dont do Nat on 10g links throuput is not a problem :)

--- End quote ---
What is the consequence of disabling NAT? So long as all machines on the VLANs can access the web I'm happy.

When you say 10Gb/s throughput is no problem I imagine this assumes appropriate hardware. There are precious few mini PCs with multiple 10G links. Is it foolish to go the Supermicro mini-ITX build route?

mimugmail:
I'm not a hardware specialist, usually I choose from Thomas Krenn as they have tested devices, also with super Micro boards. When you Nat on WAN you are limited to the cpu. Vlan to Vlan without Nat is nearly wirespeed.

PhiloEpisteme:

--- Quote from: mimugmail on September 14, 2019, 07:27:10 pm --- When you Nat on WAN you are limited to the cpu. Vlan to Vlan without Nat is nearly wirespeed.

--- End quote ---
Thanks for the advice. As I'm a bit new would you mind expanding a little bit? Am I correct that I have to use NAT on WAN in order to give all of my machines access to the internet, yes?

As far as disabling NAT for VLAN to VLAN, what feature am I losing by doing that? What is the benefit to enabling NAT between VLANs in a setup like mine?

Navigation

[0] Message Index

[#] Next page