pfSense setup and colocation

H

h0mez

Limp Gawd
Joined
Nov 6, 2006
Messages
444
Sorry if this is too basic for this sub. I have the opportunity to colocate my Dell C6100(4 nodes with dual nics and a pcie slot in a 2U rack) at a good price through a friend and I'm unsure the best way to setup the networking.

Currently this quad node box is in my basement and I am running pfsense on an older machine and then obv through a switch and running lines into each node. Once I colocate the C6100 I'll only have 2U to work with so I don't have the space to run another machine for pfsense and switch.

I think I am stuck at this point to virtualizing pfsense on one node but I am unsure how to get that connection to the other 3 nodes in the C6100. I am also at risk if something happens to the node pfsense is on, or the VM itself since the whole network for my server is down. The admin is willing to give me a 4 port vlan which I think I could somehow utilize for redundancy with the external IP I get.

Anyone have a good idea on the best way for me to set this up?
 
You'd almost need 2 vlans from the admin or a separate physical switch. 1 public and then your private. It is possible to setup pfsense to use 2 vlans on the same NIC.

My first question is what you'll be running on the nodes themselves? Are they going to be ESXi or Hyper-V? If so then that can make splitting out the vlans out a bit easier.
 
Guy at servethehome has write ups on his hosting with similar system but he had a switch.
 
Nate7311 said:
You'd almost need 2 vlans from the admin or a separate physical switch. 1 public and then your private. It is possible to setup pfsense to use 2 vlans on the same NIC.

My first question is what you'll be running on the nodes themselves? Are they going to be ESXi or Hyper-V? If so then that can make splitting out the vlans out a bit easier.
Click to expand...

I might be able to zip tie a small switch back there. Wouldn't be anything special though obviously considering it would need to be smaller.

It will be ESXi


sc0tty8 said:
Guy at servethehome has write ups on his hosting with similar system but he had a switch.
Click to expand...

I'll have to find this, thanks.
 
Last edited:
Does your buddy work at the CoLo as a tech or sales person? If he's a tech, then most CoLo's will give you like 4 hours of tech time per month. Configure 2x Internet/External vSwitchs; use one for your pfSense, use the other for an admin VM running the ESXi tools. Connect your pfSense to the internet/CoLo network, leave your admin VM unplugged. Your buddy or you can then plug into the assigned port with a static IP and RDP into the admin VM should issues arise.

Setup a third vSwitch as Internal only. Then all your servers and the pfSense LAN connect to the private vSwitch. Maybe even add a second NIC to your admin VM so it's online normally and has a backup for troubleshooting. With this setup you only use 2 NICs. If the admin will do LAG with you, you could configured the pfSense with LAG on the WAN interface to use an extra port.
 
firedrow said:
Does your buddy work at the CoLo as a tech or sales person? If he's a tech, then most CoLo's will give you like 4 hours of tech time per month. Configure 2x Internet/External vSwitchs; use one for your pfSense, use the other for an admin VM running the ESXi tools. Connect your pfSense to the internet/CoLo network, leave your admin VM unplugged. Your buddy or you can then plug into the assigned port with a static IP and RDP into the admin VM should issues arise.

Setup a third vSwitch as Internal only. Then all your servers and the pfSense LAN connect to the private vSwitch. Maybe even add a second NIC to your admin VM so it's online normally and has a backup for troubleshooting. With this setup you only use 2 NICs. If the admin will do LAG with you, you could configured the pfSense with LAG on the WAN interface to use an extra port.
Click to expand...

He rents the rack, im just getting some space from him. What you were saying is what I thinking of doing, problem is with that it only gets the node running pfsense internet. What do I do about the other 3 nodes?
 
Oh, I didn't realize the nodes are physical blades, I was picturing the nodes as separate VMs. If you're going to get a 4 port switch, then ask to use 2 VLANs. VLAN100 is your internet access, VLAN101 is your internal network (VLAN number will obviously be assigned by the admin). Connect the VLANs to your pfSense node, it should support VLAN interfaces for WAN/LAN.

If you can't get 2 VLANs, then do a small 8-port switch or something. You're limited with only 2U. Does your buddy have a switch for his equipment that he can give you a couple ports for VLANs?
 
firedrow said:
Oh, I didn't realize the nodes are physical blades, I was picturing the nodes as separate VMs. If you're going to get a 4 port switch, then ask to use 2 VLANs. VLAN100 is your internet access, VLAN101 is your internal network (VLAN number will obviously be assigned by the admin). Connect the VLANs to your pfSense node, it should support VLAN interfaces for WAN/LAN.

If you can't get 2 VLANs, then do a small 8-port switch or something. You're limited with only 2U. Does your buddy have a switch for his equipment that he can give you a couple ports for VLANs?
Click to expand...

Ok, I'm missing something. I get 1 external IP, he can give 4 ports on his switch, I'm sure I can have him split that into 2 vlans no problem. But that does that do exactly?

Right now I have 1 physical node with 2 ports, IPMI(not sure if I should try to utilize this, never used IPMI) and I installed a dual port nic so I can have 4 physical switches on the physical node. I have one port with my wan, and 1 port with my lan for my pfsense VM. I was think with pfsense I can have 3 physical LANs one running a cable to each other node to give them internet, then having like a LAN on the physical node itself for the VMs on it. That doesn't utilize his 4 ports on his switch, and doesn't give me any redundancy in case the physical node goes down(which is something I would like).

Not sure if I can utilize vcenter and HA to run two pfsense vms on different nodes or something?
 
If you want 4 nodes online, you'll need at least 1 physical switch port for each one just to get network access. You have 4 nodes and 4 assigned switch ports. As we've mentioned before, if you can have 2 vlans assigned to you, one with the public IP and a route to the internet and one as a private vlan that's isolated only for your internal VM communication use, your plan can be somewhat accommodated. Otherwise, you'd need at least 3 unused ports on 1 node to connect to the other 3, but that would be a mess to configure and kill any potential for HA.

HA is a different story and if memory serves will need another switch port per node.
 
You must log in or register to reply here.
Back
Top