Using freenas server as switch to access internet

[tibblist]

So basically I have several family members computers I would like to be able to pull media from the freenas at 1gb/s if possible and was wondering if with a quad port nic I could run one line to my modem/router and 3 lines to separate computers from the freenas and bridge them together and they would have access to the freenas server and just route to the modem per usual for internet requests, or if it is really hacky to accomplish and would likely have bad results I'll look at getting a 10gb/s switch.

Diagram of home network posted here: https://www.reddit.com/r/homelab/comments/g5t56v/help_setting_up_home_network_with_freenas_server/

 

[sretalla]

Unless you want to go into this territory (https://www.ixsystems.com/community/threads/multiple-network-interfaces-on-a-single-subnet.20204/), you'll need each of those PCs to be on a different subnet, which means bridging is no good, you will need to do routing (which can be done, but isn't easy to get right) and there isn't a lot of documentation on it.

 

[Patrick M. Hausen]

It is absolutely trivial to bridge all your physical interfaces and use the FreeNAS server as a free extra switch. Been doing it for years.

Configure all physical interfaces with "up" in the options field and no IP address. Mark the checkbox for "Disable Hardware Offloading". Configure bridge0 with the physical interfaces as members and the IP configuration as necessary.

HTH,
Patrick

 

[sretalla]

If you don't assign IP addresses to the interfaces on the FreeNAS side and do the bridge, @Patrick M. Hausen is right.

 

[Patrick M. Hausen]

Additionally: it can speed up reachability of your FreeNAS after a reboot if you add these two tunables:

1. Variable: if_bridge_load, Value: YES, Type: loader
2. Variable: net.link.bridge.inherit_mac, Value: 1, Type: sysctl

This gives the bridge interface a constant reliable MAC address.

Kind regards,
Patrick

 

[tibblist]

Thank you so much, this is by far the cheapest and easiest solution someone has presented. Also it just seemed logical that if a $100 switch can manage network traffic a $200 mobo+cpu could do the same with the right software and I thought I was crazy having to look at all these complicated solutions.

 

[jgreco]

It's really hacky, but if you look in the 10 Gig Networking Primer, I'm pretty sure it's discussed at some point because 10G switches were insanely expensive for home hobbyists not that many years ago.

 

[Patrick M. Hausen]

When did CPE devices cease to come with 8 network ports and settle for 4 instead?

 

[tibblist]

Yes, I did see that part and read that it would be hacky but it didn't link to anywhere that described how to accomplish the bridging with freenas. Including the above info in the guide (assuming it isn't so hacky it is not recommended to do) might be helpful. Also if I got 2 smart switches and did lacp from the nas to the middle floor and then middle to top floor with 2 lines for about 4-6 clients at a time between the middle floor and upstairs, do you think this will be worth it and they will get put on separate lines often enough to affect performance or not? Noticed managed switches are super cheap on amazon right now https://www.amazon.com/dp/B076H9RQTW/ref=cm_sw_r_other_apa_i_kadOEbN3VQMMM

 

[jgreco]

When did CPE devices cease to come with 8 network ports and settle for 4 instead?

In general, more than four has *always* been unusual, like, forever.

But really it doesn't seem like it's worth messing around. You can get cheap 10G switches, like the four-port Mikrotik for $150. This saves you from having to bodge together a nonstandard networking configuration that might break during upgrades and goes away anytime you need to power down or reboot the server.

 

[Yorick]

When did CPE devices cease to come with 8 network ports and settle for 4 instead?

When the "costs next to nothing" versions got fast enough to actually be useful, for example https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-40f-series.pdf

I still have my 60E, with more ports, and, I can definitely see the point of a 40f. Probably saner to stick a 12 or 24 port switch behind that, anyway, rather than rely on the CPE for all networking.

Switching in this house is a little nuts, but it all serves a purpose, I swear. Fortinet switch in the basement, Zyxel switch (managed) upstairs - it was cheap, what can I say - and Engenius switch in the den, which handles the downstairs and upstairs APs. I hope I won't regret that Engenius thing, it might be a little dodgy.

 

[tibblist]

Could I use a normal smart switch and setup VLANs with each vlan getting 1 port into freenas server and 1 port out to a desktop then use the vlan address to access the freenas? or would freenas still just decide to use random ports to send the information out back to the client and not respect the vlan bounds?

 

[Patrick M. Hausen]

I am not quite sure I understand what you are trying to achieve but FreeNAS supports VLANs and bridges just fine and you can orthogonally combine the two to get any sane or insane architecture you desire. Just be sure you know your networking basics. And a bit of FreeBSD experience won't hurt

 

[tibblist]

Basically if the server is capable of reading at 600MB/s a 1Gb/s line won't pull at that rate, but if 4x1Gb/s lines pull at the same time from different computers it could get close, assuming it will read with multiple clients at the same speed then it should be able to saturate each line at 1Gb/s. So I need to be able to tell the traffic to go over a specific line, 1 for each desktop that is either wired into the nas, or into a smart switch and then use a specified dedicated line from that switch into the NAS (with return traffic also using that line). so ports 1,2,3 are connected into freenas with 1gig lines. ports 4,5,6 are each connected to a separate computers. I want to pair them up like 1,4 2,5 3,6. That way each can fully saturate the line reading or writing and they also should have access to port 8 which connects to the router and internet at large. Looking and reading about VLANs they talk alot about the security it provides but I can't exactly find how it controls traffic.

 

[Patrick M. Hausen]

VLANs virtualize a switch. Ports 1,5,6 may be in VLAN 1; ports 2 and 3 in VLAN 2; and ports 4, 7, 8 in VLAN 3. So you get 3 switches for the price of one ;) Each VLAN is a separate broadcast domain, i.e. a separate IPv4 network/prefixlength and/or a separate IPv6 /64.
To pass traffic from one VLAN to another one you need a router. In our example either one with three network interfaces, one plugging into a port of each VLAN (think "virtual switch") or one with what is called a trunk interface. Trunk interfaces are carrying multiple VLANs with a tag added to the frames so both sides know which VLAN the frame belongs to. The router OS typically presents this as three seperate virtual interfaces so you can assign IP addresses from all three different broadcast domains ("networks") and route from/to all of them. The bandwidth is of course limited to that single trunk interface, but it makes sense if e.g. the trunk is 10G and all other interfaces are 1G. This is commonly called "router-on-a-stick".
And last you can put the routing engine into the switch that also carries the VLANs which is typically called a "layer-3-switch".

VLANs are about layer 3.

Always keep in mind:

A router is a device that makes forwarding decisions based on layer 3 addresses.
A bridge is a device that makes forwarding decisions based on layer 2 addresses.
A switch is a marketing term meaning any or both of the two and implying "cheaper and faster than our competitors".

I stole that from Radia Perlman. "Interconnections" - one of the few networking textbooks that is just as relevant today as it was decades ago when first published.

HTH,
Patrick

 

[tibblist]

Can multiple VLAN's be set to be able to interface with the underlying regular LAN(and WAN) though? Like if 1 port is connected to the router and you try to connect from VLAN 1 which is say 192.168.20.0/24 and the LAN is 192.168.0.0/24, and you are connected to a port on VLAN 1 and try to connect to 192.168.0.0 or maybe an actual internet address, will the switch be able to allow that traffic to pass through. I understand that each VLAN wouldn't be able to see any other device on a different VLAN but what about a port that isn't connected to any VLAN on the switch and just on regular LAN. Do any of them have access to that port and/or if a trunk is needed is it something any router supports or do I need to check compatibility?

 

[tibblist]

Ok, I think I have an affordable somewhat non-complicated solution now. 2 8-port managed switches to create 4 VLANs with 3 ports on each. 1 port on each vlan goes into freenas server, 1 port goes to a desktop client, 1 port goes to a 5 port unmanaged switch that is connected to the router on a single port. This should result in each client using the port on their vlan to access the 5 port switch to access the internet on 1 gig line, then each client having its own dedicated 1gig line into the freenas that it can use over its VLAN?

 

[Patrick M. Hausen]

Any decent router will support trunk ports. As will FreeNAS.

One point of VLANs is that many of them can be piggybacking on the same physical LAN link. This is precisely this trunk thingy. The LAN can additionally carry untagged (non-vlan) traffic, but I don't like that for symmetry and ease of management reasons. Think of this as just another VLAN, number 0 or so ...

But you don't need that. All the devices that are not VLAN capable or not configured as such just plug into a particular port on your switch. The switch is configured to place that port into VLAN x. It will treat all ports in that VLAN as belonging to the same network or "virtual switch". To pass any traffic across VLANs you need a router. Which can be integrated into your switch depending on manufacturer and model.

Patrick

 

[tibblist]

If the smart switch doesn't support trunking because it has no routing capabilities but you plug one port from that switch into a router that does, the router can then manage what VLAN it will send the traffic to and the switch doesn't need to have router capabilites? Or would the switch also need it to read in the frame telling it which VLAN the traffic is destined too?

 

[Patrick M. Hausen]

Ok, I think I have an affordable somewhat non-complicated solution now. 2 8-port managed switches to create 4 VLANs with 3 ports on each. 1 port on each vlan goes into freenas server, 1 port goes to a desktop client, 1 port goes to a 5 port unmanaged switch that is connected to the router on a single port. This should result in each client using the port on their vlan to access the 5 port switch to access the internet on 1 gig line, then each client having its own dedicated 1gig line into the freenas that it can use over its VLAN?

Or buy 4 separate el-cheapo unmanaged switches and don't worry about VLANs.

But why all the trouble. If you really insist that each client has got a dedicated 1G connection to the FreeNAS then buy one more network interface for the FreeNAS that goes into your router. Plug each client directly into the FreeNAS. Bridge all 5 interfaces in the FreeNAS software. Done.

I do not understand why in any scenario 4 clients sharing a single gigabit network could be a bottleneck,

Patrick