VLAN performance

Started by verasense, March 18, 2021, 02:46:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 18, 2021, 02:46:32 AM
I have an opnsense with a WAN and a LAN connection. The LAN has 3 VLANs and is connected to a switch.

I am a bit concerned about performance, so taking advantage I recently got a second switch I am thinking on an improvement. Since the 3 VLANs share the same network cable, it seems reasonable to me that this could cause performance issues, if the three VLANs move a lot of data at the same time. So I am considering two scenarios:

A) Spliting the VLANs, placing VLAN 1 (the most important) on its own cable and VLAN2 and 3 on another. The second switch will also have some VLAN 2 devices that will be routed through the main switch.

B) Just connecting the new switch to the main one. Opnsense will manage the 3 VLANs on a single cable as before.

So, out of these two options (A and B, as shown in the image). What is more "correct"?
(Note: maybe there is another option that I am not contemplating)
March 18, 2021, 06:17:27 AM #1
It heavily depends on your traffic. I'd go for 1, as I so this always for customers with 10G.
March 19, 2021, 02:25:17 PM #2
The performance lag might be unappreciated but I have implemented 1 (A) as you suggested. I think it is better to isolate VLAN 1 from the main switch
March 19, 2021, 06:14:26 PM #3 Last Edit: March 19, 2021, 06:23:20 PM by tryllz
Sorry not hijacking the topic, just simple questions.

My VLAN's can't ping their own gateway and beyond.

1 - For VLANs to be able to ping their own gateway, do I have to enable the Parent VLAN and assign an IP to it ?

2 - Do I have to enable DHCP for devices in the VLAN, I know sounds foolish but just checking as all videos I found regarding this on OPNSense show as DHCP enabled which I'm not using.

All rules are allowed on all interfaces, and I'm not using any physical switch, this is a VMware Workstation setup, I have a Windows VM and OPNsense VM.

Thanks..
March 21, 2021, 01:19:46 PM #4
1- ping will submit an ICMP echo request, so the destination must have an IP address. You just need to assign an IP to the VLAN interface of opnsense. If you mean "parent" as the original interface (e.g. LAN em1) no, you don't need that

2- This depends on what you want. If you want to assign IPs manually, you don't need DHCP. If you want devices to request an IP from opnsense, yes you do need DHCP.
Print
Go Up Pages1
User actions