Will there be a firewalla with 10gbe ports?
-
Got my Ziply Fiber upgraded to 5 gig yesterday, and installed my Firewalla Gold Plus. Fiber upgrade consisted only of switching out a the ONT and provisioning it, nice and quick. That being said, I'm having two issues, but only one definitely related to the Firewalla.
First issue: I have port bonding setup using 2 cables coming from a QSW-M2108R-2C which is connected only to the Firewalla and the ONT, and 2 cables going to another QSW-M2108R-2C which then feeds the rest of my network.
The second Qnap is doing fine, port bonding seems to evenly be distributing traffic, but on the side connected to the ONT, only one of the two channels is being used and hence is buying me no additional bandwidth over using only a single 2.5 gbe port. I am guessing that this is because the traffic is all seen as going from one device (the Firewalla) to another (the ONT) so it's all be routed over the same cable in the Link Aggregation pair.
Is there any way to work around this or does Link Aggregation on the external network only work in bridge mode? This seems like a major drawback in using the Firewalla in router mode, and really limits it to 2.5 GB to a single provider instead of 5.
The second issue (not necessarily a Firewalla problem) is I can't seem to actually connect to the Web consoles on either Qnap. Inside the network, Qfinder Pro finds it (I'm guessing using bonjour or something similar) but can't talk to it as it as an IP address it has in the 10.x range, while the rest of the network is on a 192.168 group. The Qnap should be picking up a dhcp address, but doesn't actually seem to be, not sure how to debug. As for the one on the WAN side of the box, is there anyway I can configure the Firewalla to let me see that one from inside the network?
And as for the QSW-M2108R-2C, I figure I'll be able to reuse them if/when we get a Firewalla with 10 gbe elsewhere in my network, so the investment there isn't only to get 5 Gig off of my Fiber to the Firewalla.
-
Figured out the the QNAP issue inside the Firewall, a reset of the switch fixed that. I’ve tried multiple things trying to get 5 gbs through to the ONT, but no matter what I do, only one link gets used. I’m going to remove the managed switch, insert the unmanaged one, and try to see if I can get the load balanced dual wan to work. Supposedly the ONT will serve up 2 DHCP addresses, so if I can get one on each 2.5 gbe link, then load balancing should get me past my current (well under 2.5 gb) performance max. The only other way I see this working is taking the device out of router mode, which I don’t want to do. Seems way harder to 5 GB through the device on the WAN side than it should.
-
OK, everything is running. I needed to move one of the switches inside the network to configure it (and update its firmware), setup the LAG, create a VLAN, and then put the wires back where I wanted them. Everything is working and it appears that bandwidth is being sent across both links. Out of curiosity, I did the load balance thing as well, both seem to work. I'm sticking with the LAG for now.
Question: Now that things are working is there any way to test actual throughput. With the LAG any device I'm testing from is obviously limited to one network interface. I've successfully managed to run two tests at the same time over the same wire on the LAG, but all that's telling me is the 2.5 link is actually limited to 2.5. Is there any way to get the Firewalla to run a network test using both LAG links simultaneously.
Learning: One QNAP QSW-M2108R-2C would have been enough for my need. I could have created 2 VLANs, and put a 10 GB interface and a LAG into each VLAN and let it rip. I may still do this and move the other Managed Switch into my network closet which currently uses an Unmanaged Switch, then move that 10g/2.5 gig unmanaged switch to my office. In reality I don't need any of the functionality on the second managed switch, but my wife already threw the boxes and all the packing material away (see, there is a reason I keep this stuff). Anyway, I feel like I'm getting close to 5 gigabit through the Firewalla Gold Plus, but I have no way of actually verifying it (or the fact my Fiber is giving me all of my bandwidth).
-
I don’t even want to think about the hardware costs to make that even somewhat usable in a single family residence. Let alone pulling all that fiber. My guess is with Bezos leaving the Seattle area they had an open 50 gigabit port so they started advertising for whomever buys his place. I also can’t imagine over $10k a year for personal connectivity.
-
I would pay the $1k+ price point for a Firewalla with 10 Gb capabilities. I have 5 Gb Google Fiber running through my Gold right now (a LAN LAG and WAN LAG on the FW plus a managed switch taking in the 10 Gb link from Google’s hardware and handling both LAGs) and it works reasonably well. I would pay for the upgraded hardware to be able to use the full speed of the service and simplify the interconnect. I’m probably in the minority on that right now, but that’s changing fast as multiple providers go past 2 Gb on their services.
My preference on the handoff port type would be SFP+. But Google (and I think most providers) keep it simple and just handoff 10 Gb copper now that that tech is reliable and is becoming ubiquitous. So just doing 4x 10 Gb copper ports with the same exact layout as the current Gold is probably the simplest path forward.
Happy to discuss further if that’s useful.
edit: Also, I’d make sure that the ports you use can train to 2.5 Gb to make sure it can support those slower intermediate links below the full 10 Gb. People buying this high-end one probably won’t have that as their primary connection, but good for backup connection purposes and just to make sure users don’t end up in frustrating situation of having the most-capable device that can’t do the slightly lower-end thing when you really need it to for testing or whatever.
-
Same here, missed the poll. Would love 2 x 10gbe RJ45 or SFP+. More and more ISPs here in north of Europe provide 10gb and the ones I have seen provide the fiber, SFP+ module and a converter/adapter to RJ45 so no issue if SFP+ or RJ45. But I guess many out there are not as use to SFP+ modules and given that everything else is so user friendly with Firewalla, RJ45 might be the way to go.
Also ok with that price target. Think we are a few here that would sign up as early adopters!
-
My service (Google Fiber) is just plain DHCP, no PPPoE. It’s 5 Gbps, not 10, but all of the GF services are the same in that regard and I don’t imagine that would change with faster tiers.
All I’m looking for is a firewall that can handle the 10 Gb handoff and firewall throughput. The ability to keep up with OpenVPN and/or WireGuard up to a few Gbps. I don’t need or care about PPPoE.
I don’t think it’s to the provider’s advantage to use PPPoE at that high of a rate over a modern fiber network, but maybe they’re out there. Even AT&T Fiber, which is more restrictive about letting you directly connect third-party routers to their ONT, doesn’t use PPPoE in my market. They have a certificate-based auth mechanism that prevents you from taking their router out of the loop in a supported way, but it’s still not PPPoE.
Please sign in to leave a comment.
Comments
88 comments