Advice on multihomed FreeNAS server

[Razorblade]

Hello,

I have a FreeNAS 9.2.1.9 server with one LAGG device, a gateway and multiple VLANs.
I want that server to be multihomed in two of the VLANs because I don't want the file transfer traffic to go through the firewall.
Now what is better (and why)?
- Multiple NICs with each NIC connected to different (VLAN) access ports on the switch
Pro: Configuration is done on the switch and the NICs do not have to be configured separately.
Con: More NICs and cabling needed
- One NIC with two VLANs configured in FreeNAS and connected to a trunk port on the switch?
Pro: Only one physical interface needed
Con: extra configuration in FreeNAS needed

Thank you

 

[jgreco]

I don't think any of our filers have less than several network connections.

The multiple ethernet adapter route gives you better performance on each subnet.

The single ethernet adapter with VLAN route gives you a different type of simplicity but adds configuration complexity.

I don't see the configuration complexity as an issue. As one of the early testers of vlan functionality in FreeNAS, I think the main bugs have been long since hammered out and it isn't that difficult to do.

 

[Razorblade]

Thank you.
So it is a matter of personal taste as both methods will work.
I think I'll go with the multiple ethernet adapters.

 

[Dave Genton]

Not so much personal taste as your intended purpose !!! Is it simply to have FreeNAS sit across two networks and serve them both up directly ?? I assume this is more because of the router blocking the advertisement broadcasts which makes FreeNAS show up in your computer GUI so you dont have to manually type in a name or IP address looking for it, rather than strictly performance. If its performance then 2 NIC cards of course, one for each subnet, whether its tagged for VLAN or not is a preference and again performance as well. QoS if required exists within the 802.1q vlan tag portion of the Ethernet frame, without tagging you cannot do layer 2 QoS quality of service. So both NICs provides best performance, broadcasts on both networks, best of all worlds, and if tagged QoS maybe implemented at layer 2 which most home and soho switches recognize and act upon. Single NIC tagging is going to hamper performance abit, but only if you are pushing that much traffic on each subent at the same time anyways, besides since its tagged you can also using QoS prioritize the FreeNAS traffic, and individual traffic types allowing the better use of a single NIC card. Myself I have a single NIC installed for management connectivity and basic sharing on home vlan for wife and kids. I then have a NIC dedicated upon storage network isolated between FreeNAS box #1, FreeNAS box #2, VMware ESXi server, as well as two other servers I have, one Mac OS X server and a Windows 2012 R2 server. Each has a storage NIC and "mgmt" vlan 1 NIC which holds the default gateway router for the Internet as well. If you have the hardware, cables, then its the highest performing route to take of course, but many dont use a single gigabit NIC much less two concurrently. When doing iSCSI I have a NIC for iSCSI-A, NIC for iSCSI-B so I have MPIO for VMware etc., mgmt NIC(s) as well as dedicated "user" data NIC's. I design and build Datacenter networks for a living so I have more in my home lab than "most" normal folks I will admit, but best practice dictates seperate NIC cards for seperate traffic types. For many reasons I often use a single NIC or single pair for redundancy and stack many vlans over that single or dual trunk, particularly "user data" vlans. If you do iSCSI, NFS, etc then I would suggest a NIC for that, and 2nd NIC for other management and user data tasks, even in the home environment I see such a performance boost with the 2nd physical network installed. Then with iSCSI classify it in the switch/router via layer 3 DSCP settings to keep latency low as expected.

 

[SwampRabbit]

Thank you both for sharing that info, have been mauling over some of the same setup questions for my new home lab.
It is nice to see some similar questions with good inputs.

@Dave Genton - Not to question a CCIE, but you said:
""mgmt" vlan 1 NIC which holds the default gateway router for the Internet as well."

This doesn't go against best practices?

 

[Dave Genton]

Thank you both for sharing that info, have been mauling over some of the same setup questions for my new home lab.
It is nice to see some similar questions with good inputs.

@Dave Genton - Not to question a CCIE, but you said:
""mgmt" vlan 1 NIC which holds the default gateway router for the Internet as well."

This doesn't go against best practices?

The best practice being emphasized here is the physical separations of traffic types based upon best practices for design and implementation in regards to performance and quality of service. Furthermore best practices are design principles followed as a consultant when building Enterprise Class Datacenter networks and are hardly followed in a home network for obvious reasons, more so when using not much more than ISP provided equipment where your router, switch, firewall, Wireless Access Point which amounts to your ENTIRE home network all reside within a single box. My point I was trying to make was that I have a physical NIC for each traffic type much like best practice methods followed at work. So while you apparently understood fully what the other segments do in their own isolated realms I simply made use of the LOM NIC ports on my servers to feed a specific vlan within my home network with service offerings for my wife and kids. Having many NIC's in each server type where PCI-Express dedicated NIC's feed backend storage and iSCSI etc I made use of some LOM NIC ports by making a vlan for the family. The family all have their own laptops, pc's and wireless devices so in their own little segmented world they have Internet access provided to their wireless and wired networks where they also find iTunes, NAS Storage, etc. I made no mention of the firewall their segment sits on nor anything else for that matter but I think you're over looking the point as if believing that for some reason I took all my management interfaces and ran them directly to an Internet router for all of you have fun with. When I design networks typically they include out-of-band physical networks specific to management, and no typically they certainly do not have Internet access. So while I am not building "best practice" or enterprise class networks at home, I'm also not losing sight of the big picture, but appreciate your concern all the same.

 

[SwampRabbit]

No need to get slightly defensive, I was just asking a question about having the management network run over the default vlan1, while also being used as an internet gateway.

I did not take what you said in the first post in any sort of way, I read it, and understood it word for word. Which the way it was worded, many other less informed people may have taken this to be an ok form of multi-homed use and implement.

The points you were making were great, but that part blatantly stood out as possibly being taken the wrong way. Experts should inform, but lets not try and misinform at the same time. :)

So from one person with lots big long fancy letter combinations at the end of their name to another....

I was hoping the reply would be short and sweet and would just say "Yes, I wasn't suggesting someone run their management vlan on the default vlan1 while also using it as a internet gateway, because this is a security vulnerability."

 

[Dave Genton]

sorry after spending another all nighter with no sleep doing data center network migrations and conversions for a new customer I'm way more complicated than that :)