Hello!
I'm looking for ideas on how to be able to provide dedicated servers from a network point of view. We use the Quanta LB4M switches and pfsense for firewall/routing.
The goals would be,
1)
Each dedicated machine on its own VLAN. This does not scale with what we have today. I think i would need some Layer3 switches and let them do the routing and pfsense would only do the firewalling.
The layer3 switches should give me the possibility to to many VLANs easily and inter vlan routing to solve who can talk with who. Would need two of these layer3 switches to get redundancy.
The easy solution today would be to simply put all dedicated on one VLAN with static IPs. One could use ACL on the ports but probably not worth the amount of work required to manage it. DHCP filtering can be activated on the ports to avoid DHCP servers on the dedicated machines. This is 'simple' but does not really fulfill the goal.
2)
We could use Pfsense Limiters. But today these break CARP HA which we use so thats a no-go. Instead i think i could write some SNMP queries (i.e. via Zabbix) to monitor each port total bandwidth and reset the counters each month. That should at least give me a view of how much bandwidth each dedicated is using and if they go outside the agreement. Then manually telling the owners of the dedicated they are outside of agreed bandwidth.
The LB4M can enforce port speed but not monthly bandwidth limits from what i can find.
How do people normally solve this? Can more advanced switches enforce monthly bandwidth limits?
I'm looking for ideas on how to be able to provide dedicated servers from a network point of view. We use the Quanta LB4M switches and pfsense for firewall/routing.
The goals would be,
- Each dedicated machine should be isolated from each other on the network
- Some traffic limiting to count or know how much bandwidth the dedicated machine uses per month
1)
Each dedicated machine on its own VLAN. This does not scale with what we have today. I think i would need some Layer3 switches and let them do the routing and pfsense would only do the firewalling.
The layer3 switches should give me the possibility to to many VLANs easily and inter vlan routing to solve who can talk with who. Would need two of these layer3 switches to get redundancy.
The easy solution today would be to simply put all dedicated on one VLAN with static IPs. One could use ACL on the ports but probably not worth the amount of work required to manage it. DHCP filtering can be activated on the ports to avoid DHCP servers on the dedicated machines. This is 'simple' but does not really fulfill the goal.
2)
We could use Pfsense Limiters. But today these break CARP HA which we use so thats a no-go. Instead i think i could write some SNMP queries (i.e. via Zabbix) to monitor each port total bandwidth and reset the counters each month. That should at least give me a view of how much bandwidth each dedicated is using and if they go outside the agreement. Then manually telling the owners of the dedicated they are outside of agreed bandwidth.
The LB4M can enforce port speed but not monthly bandwidth limits from what i can find.
How do people normally solve this? Can more advanced switches enforce monthly bandwidth limits?
