I guess this is a good problem to have, but our area is now offering fiber-to-the-home up to 2gb. Which is great until you realize that your router and PfSense firewall only have 1gb ports.
Now that it’s getting more common to see WAN speeds of 1gb or higher, what hardware can one get to handle these speeds? Did some looking and found a few routers that have a 2.5gb WAN port, but it looks like it will be much harder to find a PfSense-capable appliance with more than a 1gb WAN.
From what I can tell, the ISP will lay out fiber to the home, ending in an ONT that sounds like just a fiber-optic to ethernet converter, and the speed is in both directions, so 2gb down and 2gb up. So I’m not sure I can (probably not using correct terms) aggregate two 1gb ports from a single 2gb line; that is, split the incoming 2gb into two 1gb, and get something with 2 1gb WAN ports, and make full use of the speed that way. Or, could I come off a router (that can handle 2gn WAN), and put two PfSense machines on two ports, and load share… somehow?
I think for now I’m going to avoid the problem and just go for the 1gb instead of 2gb, and see if what I have can handle that first. But I do see a future coming where WAN speeds greater than 1gb are more common. I have an acquaintance that just recently jumped on 5gb internet, and had no answer to my question of how he was going to handle that sort of incoming/outgoing speed.
The answer really is getting a faster system to run pfsense with the fast port options.
I was trying to look through Netgate’s offerings, like a 6100, to see if that could handle >1gb. I did some digging, and discovered our ISP provides two pieces of equipment: the ONT (fiber to ethernet), and a “Home Gateway” modem/router with wifi, and we can connect our existing equipment up to that. I wouldn’t use their wifi (my wifi is fine and behind my firewall!). Their modem has 4-1gb ports on it, which makes me wonder if their site hasn’t been updated (1gb ports?), or the way I would achieve 2gb is to have a PfSense box with two 1gb WAN ports, and (not using right terminology) split the traffic across two 1gb ports.
So, is there a PfSense “appliance” that will accept this, or should I build my own with some 2.5gb Intel NICs?
For now, I’ve signed up for the 1gb service, while I research what I need for 2gb. I think my existing equipment will handle the 1gb, and if not, it needs upgrading anyway!
Personally, I have a refurbished HP GL360 G7 server (Dual 12 core Xeons and 64 GB registered ECC RAM) running pfSense that controls my network. Mine is vast overkill, but it was also free. Since it’s overkill, I also never have to worry about VPN performance or any performance issues due to packages installed using the resources. I can do anything I want and not worry. It’s also very easy to put in a 2.5 or 10 gig card and use that for the WAN port. I only have 1GB internet, so didn’t need to do that, but you can easily use an old PC or a refurbed server for this.
OP, if your ISP router in your home can do 2Gbps towards the Internet, then you can reach that speed with 2 x 1GE ports inside your network. That is how I am setup right now: I have 2 x 1GE that goes from my router to the ISP’s router and I load balance the traffic and can reach 2Gbps of total bandwidth.
Of course, a single session can only reach 1Gbps because of the hardware limit, but at least the total bandwidth is available.
Another thing you can do is with the Netgate 6100 is use one SPF+ port and use a SPF+_to_Ethernet adapter with CAT6A cables or a Twinax cable and connect it directly to your ISP’s router and you’ll be able to get max speed.
Both good approaches! I’ve got an old system around here that already has dual 1gb ports on the motherboard, and I’ve pondered repurposing it, but it’s a full ATX tower that feels outrageously large next to my little PfSense “appliance”. I’d almost rather upgrade to a 6100 just to keep the “tiny powerful boxes” aesthetic…
By what I can tell, the ISP’s “Home Gateway” modem/router only lists 1gb ports on it, so I’d have to do the load balance thing across two ports to get full bandwidth out of it. I think they push the wifi on their modem as the “real way” to get full speed; “who still uses wired ethernet?!”. I’ve no interest in their wifi, and will ask for it to be disabled. I plan on discussing the whole matter with them whenever installation starts. Like, can they just put their modem/router in passthrough/bridge mode?
I think I’ve got an idea of how to proceed now, and at least two paths on how to do it, and we’ll see what works with the equipment they put in.
“old system with onboard NICs” - beware of Realtek NICs. only pain lies ahead.
Definitely! Been bit by that in the past, and try to only use “approved intel NICs” in heavy-traffic network machines. Hmmm, if I end up going the DIY route I need to look at that old motherboard; pretty sure it did have one approved intel chip on board…
I’ve been using Realtek chipset NICs for over 2 decades and love them. The 8139 and then the 8169 have always been the chipsets I’ve looked for when buying a card. I have several of them in use in pfSense boxes right now. I’m now (and always have) getting great performance out of them and they’ve been solid as a rock for me. What pain do you refer to?
Well I can certainly understand how that would be annoying as can be. I find it odd that I’ve not encountered that, especially since I always choose Realtek cards. With as easy as it is to update the driver for them, I can’t say I’ll be changing anything. I’ve found them to be ultra reliable and I can’t remember the last time I had one fail on me.
Thanks for posting the link to that, though. I enjoy hearing about issues so that when I encounter them in the field I have a route to the fix ready.
current day its not supposed to be quite so bad.
one could obtain Realtek drivers from the upstream FreeBSD distributions.
It is possible that progress was made in the v2.6.0 release.
I only have Intel i340-T4 and i350-T4 cards so this isn’t something that I’ve followed closely.
as far as with 10 GigE Intel 520s, there is no such issue.
It’s been quite a while, but I did run into issues in a high-traffic server with realtek chips. Now, it was a good number of years ago, and the issue may have been aggravated by some other component. I read that TrueNas and PfSense have a list of “we know these chips work”, and I swapped out the Realtek for chips on the list, and the problems went away. That got me in the habit of, when I have a system that’s going to be handling a lot of network traffic, like a server, I just go with recommended (Intel) network cards. Outside of that, I have no problem with Realtek in a desktop or “non-critical” device. The camera server I built recently has a Realtek network port on the motherboard, and I added an Intel NIC. The intel NIC handles the dedicated camera network traffic, and the Realtek handles the Home-network side.
this is the one i like since it looks like you can easily add extra network cards to it for other speeds