Looking for 2x1GE LACP router advisory

Yarik Dot

Active Member
Apr 13, 2015
172
87
28
44
Hi,

in our backup location I am looking for new pair of routers.

We get from our provider:
- 2x 1GE LACP
- Several IPv4 ranges routed via connection route
- /48 IPv6 range
- We split both IPv4 and IPv6 to our internal VLANs

The goal is to migrate the infrastructure from old cisco 3650 to new setup:
- 2x router
- 1x L2 switch
- we have unlimited space there (47U rack and only 10U is populated), but saving space might be good
- servers, which need redundancy will be directly connected to the router (only 1 server at the moment)

What I however need is to be able to be able to saturate whole 2Gbps LACP - night backups run in several connections so limit 1Gbps per connection is fine.

I was looking at some pfsense routers, but I am not sure about the performace and configuration.

Does anyone here has experience with this?

Thanks in advance
 

Yarik Dot

Active Member
Apr 13, 2015
172
87
28
44
... I don't need anything that can do NAT as well as connection tracking - just simple router with several VLANs. As simple as possible.
 

vangoose

Active Member
May 21, 2019
223
52
28
Canada
... I don't need anything that can do NAT as well as connection tracking - just simple router with several VLANs. As simple as possible.
pfSense can do the work and is very easy to manage.

I have SRX 300 and use 2*1Gb in LACP to my switch. The configuration is a lot more complicated but if you understand how fw/routing works, nothing different.

SRX 320 is 1U rack mountable.
 
  • Like
Reactions: Yarik Dot

Yarik Dot

Active Member
Apr 13, 2015
172
87
28
44
this sounds like a job for a proper L3 switch that will do everything at line rate in an ASIC, not a software firewall like pfsense
All I want is to route 2Gbps max. It can easily handle E3 CPU. No firewall, no NAT, no filtering, just simple L3 routing.

However, I am also open to L3 switches if you know about any good (with low power consumption).
 

fohdeesha

Kaini Industries
Nov 20, 2016
1,857
1,660
113
29
fohdeesha.com
All I want is to route 2Gbps max. It can easily handle E3 CPU. No firewall, no NAT, no filtering, just simple L3 routing.

However, I am also open to L3 switches if you know about any good (with low power consumption).
there's just no reason to add the complexity and extra failure modes of server hardware, an OS layer, an application layer etc, when hardware l3 switches were made for exactly this. So if you don't need nat or connection tracking, that is what I suggest.

For these applications in colo environments I typically use an ICX6610, there's more info here: https://forums.servethehome.com/ind...s-cheap-powerful-10gbe-40gbe-switching.21107/

However I don't think you need 10gbE or 40gbE routing, so you could even just buy a $40 FCX: Brocade FastIron FCX648S 48 Port Switch 10/100/1000 Mbps 4 SFP 729198041304 | eBay

Those will route an aggregate of 128gbps, and even have a slot for an optional 2 port 10gbE module (about $40 on ebay) if you ever upgrade your uplink. They only draw around 28 watts. In your case, and what I do in smaller colo, I would get rid of the second l2 switch, and "stack" two FCXs using the stacking ports on the back. This creates one virtual switch with seamless failover, so you can connect your incoming uplink LACP to each switch, and connect important hosts to both switches via LACP as well. This way you can lose an entire switch and not notice (and also don't need the power draw of a separate l2 switch).

The same can be done with juniper etc (ex4200 for example is the closest price wise, but draws about 3 times the power and I prefer FastIron's CLI for simple stuff like this when BGP is not involved). If you ever need ospf, bgp, VRFs, GRE tunnels etc, the FCX supports those as well
 

Blinky 42

Active Member
Aug 6, 2015
561
200
43
44
PA, USA
If all you need is LACP I would keep it simple and just use a L3 switch. Juniper's and Brocade's like @fohdeesha mentioned are an easy way to get there with not a lot of cost and complexity. Well supported, well documented, easy to find people who can work with them, and "just work". Saturating multiple 1G or 10G links is nothing for the mid range L3 switches. You can jump up to full BGP etc down the road too. We are mostly a Juniper shop with the 10G+ connections but have Brocades and HPE/Aruba at our other sites as well which work great for what you would need.
 
  • Like
Reactions: fohdeesha