I think I already know the answer to this question, but I’m going to ask it anyway.
I have pfsense running on a minipc with 2.5ghz nics, so I bought a dual nic 2.5ghz card for my NAS that I run OMV on that’s plugged directly into my pfsense box on it’s own port. I would like to take advantage of LAGG so my question is can I set my dual NIC card in my NAS to bond LACP and LAGG two of the ports on my pfsense box and connect them directly without a switch. Every search I’ve done mentions a switch for it to work properly. TIA
This can be accomplished without a switch as long as the LAGG is on a different network.
So your truenas is on 192.168.1.0/24 and your LAN is on 192.168.2.0/24.
But you will need 4 ports total, WAN, LAN, and 2 ports for your LAGG.
my device has 4 2.5ghz ports
My current setup is:
port 0: WAN
Port 1: LAN network 1
vlan(IOT) network 2
vlan(Security) network 3
Port 2: OMVNAS network 4
Port 3: unused
So you’re saying my thinking is correct and I can reconfigure to
port 0: WAN
port 1: LAN
vlan(IOT)
vlan(Security)
I would have to delete current port 2: OMVNAS
then create LAGG with
Port 2: LAGG(NEW OMVNAS LACP PORT)
Port 3: LAGG (NEW OMVNAS LACP PORT)
Then I would create a LACP bond between the two 2.5ghz nics on the card in my NAS box and I could plug them both directly into port 2 and 3 on my pfsense device.
If you need to expose your NAS to any other devices on your network, you may end up disappointed in the performance. Using the extra ports on a pfSense is generally not the best solution, because you are essentially forcing the pfSense box to be a switch, and pfSense doesn’t do a spectacular job of that.
The other thing to bear in mind is that LAGG/LACP is like an interstate highway. The speed limit never changes. You can add more lanes but that doesn’t mean you can go twice as fast. Any single connection will not benefit from LACP, you will still only have 2.5gbe speeds. LACP will only help if you have multiple devices sending traffice to OMV
But its a great learning experiment, so go for it.
Yes I understand that I’m not going to get 5ghz by combining to 2.5 ports, it’s about volume not speed. It is about learning and experimenting, I can’t help but tinker with my setup, I’m always trying new stuff. However, I’m not entirely with you on the “using the pfsense box as a switch”. Isn’t that essentially what I’m doing with my current setup, so your saying I shouldn’t have my OMV server plugged into my router “pfsense device” I should have it plugged into a switch for better performance? That doesn’t really make sense to me since a switch is just extra ports for the router to “route” traffic to more devices, or am I missing something and over simplifying it?
Switches are purpose built to do just that. Switch. When you add more NICs to pfsense you are adding more overheard because now it has to handle the switching. It’s always better to have a switch for the best performance.
1 Like
Yeah, not to pile on, but with pfSense you can make it work but that doesn’t mean it is the best solution. Traffic through a switch is many more times faster than traffic through pfSense (or any router really). That’s why it is a best practice when you are designing VLANs and network topology to move as little traffic through a router. I have an all 10 gig network, half copper and half fiber. I can run iperf tests from two different hosts on the same VLAN and get ~9.3gbps throughput, but as soon as I test on two hosts on different VLANs, my throughput will drop to ~6gbps
In your case if you are moving data to/from your NAS to some other device other than your pfSense box, then yes it will be faster with a switch, if the devices are on the same VLAN (the switch knows where to send the traffic and it doesn’t have to go through the pfSense box). If they’re on different VLANs it won’t make a difference. The traffic still has to go through the pfSense box.
Yes that’s my use case, my vlans are for isolation of my IOT devices and Security from my home network, and my NAS/Sever is on a different network than my home LAN because I thought that would be best practice since I run quite a few services in docker for personal/family use(Nextcloud, Immich, Vaultwarden and Jellyfin). The reason I started down this path in the first place was I was previously running a plex server for photos, music, and home videos, but I shut that down about a year ago because I was the only one really using it and Plex is resource heavy. I recently spun up Jellyfin and it’s been getting some decent use so I thought the LAGG between the server and pfsense device would be better.
My switch doesn’t support LAGG which is why I came here and asked in the first place.
I actually set up the LAGG in pfsense this morning and setup the Bond in OMV and put it online, just need to run some benchmarks now and see if it actually helped.
Personally I would move your IoT and security devices to their own VLANand leave the NAS on your home VLAN. Better isolation and security that way. There are wireless access points that are VLAN aware, meaning you can tie an SSID to one and only one VLAN for isolation. In my set up I have one of these: Amazon.com: TP-Link TL-WA3001 WiFi 6 AX3000 Wireless Gigabit Access Point | Desktop Wi-Fi Bridge | HE160 & Beamforming | Supports Multi SSID/Client/Range Extender Mode | 4 Fixed Antennas | Passive PoE Powered : Electronics
It will do up to 8 different SSIDs I believe. I have one SSID for my IOT devices, One for my streaming devices, one for my kids and guests, and one for my wife and me. That’s where my NAS sits.Obviously you could change it around as you see fit. You will need a managed switch if you want to do VLANs. But there are plenty around for under $100. This one is under $50
I actually have a router running dd-wrt setup as an access point, it is capable of separate vlan vaps and my network is already setup as you suggested IOT and Security are on their own vlans that can’t talk across to my home LAN or my NAS network.
Thanks for the responses, this is a great forum.