I recently got a ICX6610 and now my brain has lost control over my body and wants to skip 10G and upgrade to a 40G core. The only part where I am stuck at is my router and firewall situation. I am currently running a R210 with x3430 and 8G of ram with pfsense. Pfsense can’t handle 40G from reading what people have to say about it. My next choice is Vyos but I cannot use crowdsec with it. So I am stuck.
I need recommendations on what router and firewall I should use (Free or one time cost, I am fine with cli only, and I am also open to separate firewall and routers ) which is compatible with crowdsec. Also suggestions on if I would need to upgrade my R210.
I know I cannot possibly saturate 40G its more of wth lets fucking do it.
Thanks in advance
I would also like to mention I have 0 experience with stuff like bare linux distro with iptables or something in those lines but I am open to learning and trying them out
Give yourself some room for when you upgrade 40Gb (4 x 10Gb) to 100Gb (4 x 25Gb).
Also worth noting that layer-3 switches can normally route at line speed, but you lose stateful firewalling - the trade off can be worth it. Put all your fast gateways on the l3 switch, and all your slow/secure gateways on your pfsense firewall. Then use OSPF between pfsense and the l3 switch so they know how to route to each other.
The only reason to think about 40G was that the brocade has 4 ports of 40G and I originally intended it to be 10G only. My lab doesn’t exist in r/homedatacenter I really don’t think I can afford a 100G switch anytime soon let alone the optics to run it and the gear to actually use it.
The reason you would need to upgrade your box is because you dont have a PCI-E 3.0 x8 slot on it, and the CPU core IPC + MHz is a bit low and might not be able to route at 40gb rates. You would probably want something around a Kaby Lake i5 or better to make sure you can do that high speed routing.
FreeBSD actually supports Mellanox very well and can do 90gb/s+ of routing at stock configuration with 100gb Mellanox cards and a good enough CPU. However, PFsense intentionally rips out Mellanox support and so you cannot use those readily available cheap cards with a pfsense box. THis was one of the main reasons I stopped using pfsense. When I found out they actually strip out hardware support that Netgate doesnt want people to have, and when I asked about it on their forums I was told to go away and dont talk about that sort of thing for my own good. lol. I am guessing it is some sort of confidential arrangement Netgate has for one reason or another.
I know im late to the game, but why are you looking at going 40G? Its a dead end for networking and has no clean interop or upgrade path.
With the way prices have come down I would strongly suggest 25g/100g or just go with 10g.
Depending on your application there may not be much need for such a fast connection. Also since 40g is on its way out software support and driver support for legacy equipment may complicate your setup.
