On 14-01-05 12:49 PM, Benjamin Swatek wrote:
Thanks for your help Adam, I got to admit that I definitely do NOT
fully understand OSI ;-)
Unfortunately, most people working with firewalls do not. It's like an
auto mechanic working on your transmission without understanding how
gears work, IMHO...
The reason for the VLANs was to get the 3 LANs onto one NIC in the
first place, hoping that it would be easier to “get them together” for
shaping then having them come in on the pfSense box on 3 physical NICs.
Looking at your answer this might be the wrong approach.
If you have any suggestions as on how I can take the traffic from 3
LANs and pipe it through a traffic shaper where I can prioritise
traffic from a certain LAN over another and prioritise certain traffic
over other within each LANs traffic, I’d be very great full to hear…
1. Recall that priority/QoS is irrelevant until/unless the link is
congested. So unless you plan to push ~ 1.0 Gbps of traffic, stop now
and don't waste your time. Unless this is just a learning experience
anyway, in which case go right ahead.
2. Although FreeBSD's if_bridge (we are using this, not ng_bridge(4),
right, guys??) supports bridging tagged packets, I don't see anywhere in
the docs a way to set and strip VLAN tags the way a real switch would.
Perhaps you'll be better off just buying a cheap managed switch off eBay
to do this job, for example http://r.ebay.com/CkaSX0 isn't what I'd
choose for enterprise use but will be more than adequate for home use.
If you don't like used equipment, look at the NetGear GS(105|108|116)*
line which are small, cheap and *fanless*, and will do almost everything
you want to do. Minus the QoS, I think... although they have slightly
more expensive (but still small and fanless, I think) models that can do
QoS. Most vendors have a small, quiet, VLAN-capable switch like this,
but I think Netgear's are the cheapest (and have lifetime warranty).
3. You could probably get some low-profile Cat5e cable and run multiple
runs in the wiring space you currently have a single cable run. This
requires skill and tools, however.
4. Do all of this with routing instead of bridging. IIRC, you mentioned
that due to physical limitations, the pfSense device acting as a switch
was relatively underpowered; this will affect layer 2 (bridging)
performance as well, so whether you route or bridge, you still won't be
able to push a gigabit of traffic, and QoS will likely make the
situation worse, not better.
Between the problems with #1, #2 and #4, I think you might be off on a
wild goose chase right now.
--
-Adam Thompson
[email protected]
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
