how does data actually flow in a network

[intertan]

Take an example

Router has 4 ethernet ports. Not counting the wan one. I also have 4 5 port switches connected to the router. as seen in my cruel attached image.

If I want to transfer data from switch 1 port 1 to switch 4 port 4 I understand it will have to go through the router

if I transfer data from switch 2 port 1 to switch 2 port 2 does this also go though the router? I am thinking yes

 

I only ask cause I would like to buld a pfsense machine. I am thinking 4 10/100/1000 ports as an in and 2 10gb sfp+ ports out with possibly 2 more as there will be a lot of data running internally in the network.

 

[Electronics Wizardy]

12 minutes ago, intertan said:

if I transfer data from switch 2 port 1 to switch 2 port 2 does this also go though the router? I am thinking yes

Normally no, depends on the switch and the network

 

NO reason to have 10gbe on a router, just have 10gbe on your switch and yoru good.

[Windows7ge]

6 minutes ago, intertan said:

if I transfer data from switch 2 port 1 to switch 2 port 2 does this also go though the router? I am thinking yes

This is dependent on application & protocol. If the application or protocol doesn't rely on Layer 3 or require a default gateway then the request will go up to the switch. The switch will look at the destination MAC address and if it matches one in the switches MAC table it'll skip sending the request to the router and forward it strait to the other client.

 

Some protocols or applications rely on Layer 3 in which the request WOULD go to the router first via default gateway address. The router would then forward it back to the switch which would in tern forward it to the destination device.

[intertan]

5 minutes ago, Electronics Wizardy said:

Normally no, depends on the switch and the network

 

NO reason to have 10gbe on a router, just have 10gbe on your switch and yoru good.

now that I think about it this is almost like the current setup I have, using cheap dlink switches from my ISP

 

I am planning on a complete rework of my home network. I ran 4 cat6 lines to every room and some with multiple runs. All coming to 1 central location that was going to be a rack of some sort.

 

With fiber coming to my house next year I hope and my plex needs have increased. I was hopping soon to have 1 machine be just a nas. Another for plex server and last but might getg incorporated into the nas is a download box.

 

The multiple imputs on the pfsense is that there is deals from isp's that are fairly good and allow me a backup connection.

[Alex Atkin UK]

Routers typically have a Switch built-in with one or two physical ethernet ports from the SoC (CPU) wired directly into the Switch chip.  This allows the router to use VLAN tagging to specify which physical Switch port is for WAN traffic and then operate the rest as the LAN.  The difference being that if the SoC only has a single port internally, then traffic on both the WAN and LAN going in/out of the router share the same bandwidth of that single ethernet port, but as its a REAL Switch, LAN to LAN traffic never goes over this.

 

With pfSense you don't have that, all Switching is done in the CPU so you need a much more powerful CPU if this is handling LAN speed traffic than if its simply routing your broadband.  So generally it would be bad idea to use the pfSense box as a central Switch, better to just have a proper Switch coming off the LAN port with all the others connected to that.  The main benefit then of having a multiple-ethernet port card in the pfSense box is you can still plug in any low-bandwidth devices that are primarily accessing the Internet or have more than one WAN link for load-balancing or backup failover.

That said, if your CPU is vastly overpowered you CAN use the pfSense box as a Switch, but its potentially not as low latency (never noticed this myself) and generally if buying one from scratch you'd save electricity by sticking to what you need rather than building a PC from parts (likely needed for it to be powerful enough) which have higher power consumption.  You could power several dedicated Switches on the electricity a fast CPU is going to consume 24/7 just sitting there compared to a low-power pfSense box that is just as fast as you need for your broadband.

[intertan]

9 minutes ago, Alex Atkin UK said:

Routers typically have a Switch built-in with one or two physical ethernet ports from the SoC (CPU) wired directly into the Switch chip.  This allows the router to use VLAN tagging to specify which physical Switch port is for WAN traffic and then operate the rest as the LAN.  The difference being that if the SoC only has a single port internally, then traffic on both the WAN and LAN going in/out of the router share the same bandwidth of that single ethernet port, but as its a REAL Switch, LAN to LAN traffic never goes over this.

 

With pfSense you don't have that, all Switching is done in the CPU so you need a much more powerful CPU if this is handling LAN speed traffic than if its simply routing your broadband.  So generally it would be bad idea to use the pfSense box as a central Switch, better to just have a proper Switch coming off the LAN port with all the others connected to that.  The main benefit then of having a multiple-ethernet port card in the pfSense box is you can still plug in any low-bandwidth devices that are primarily accessing the Internet or have more than one WAN link for load-balancing or backup failover.

That said, if your CPU is vastly overpowered you CAN use the pfSense box as a Switch, but its potentially not as low latency (never noticed this myself) and generally if buying one from scratch you'd save electricity by sticking to what you need rather than building a PC from parts (likely needed for it to be powerful enough) which have higher power consumption.  You could power several dedicated Switches on the electricity a fast CPU is going to consume 24/7 just sitting there compared to a low-power pfSense box that is just as fast as you need for your broadband.

except for the pfsense it will all be unifi based

 

[beersykins]

Are you really going to buy four switches?

 

Just do one cable between PFsense and a core/distribution switch, branch other switches off of that switch if needed.  It gets trickier if you have multiple VLANs and want PFsense to do both the inter-VLAN routing and firewalling/IPS policies between VLANs.

 

Data in the same broadcast domain/network will stay on the switch.  If you need to pass traffic between different networks it'd depend on what device has the layer 3 gateway address and can forward that traffic (such as L3 switching, or a router interface).

[Razor Blade]

2 hours ago, intertan said:

Take an example

Router has 4 ethernet ports. Not counting the wan one. I also have 4 5 port switches connected to the router. as seen in my cruel attached image.

If I want to transfer data from switch 1 port 1 to switch 4 port 4 I understand it will have to go through the router

if I transfer data from switch 2 port 1 to switch 2 port 2 does this also go though the router? I am thinking yes

 

I only ask cause I would like to buld a pfsense machine. I am thinking 4 10/100/1000 ports as an in and 2 10gb sfp+ ports out with possibly 2 more as there will be a lot of data running internally in the network.

 

*snip*

 

As far as using all those ports on your PFsense box... it is best to just scale each switch with your network. Less switches means less power consumption, generally better performance, and less complication. If you want to separate things but don't want to mess with VLANs then you could just put each network of devices on a separate switch...but if for example you have 6 devices on one subnet it would be a lot better to use the 8 port switch than it would be to use two 4 port switches.

 

Connecting 10GB to the same network as 1GB can be tricky unless you buy a switch that handles both. I recently ran into this conundrum. If you're wanting to run everything on the same subnet, you can bridge interfaces in PFsense to essentially make multiple ports act as a built in switch but as some others said there would be a bit more latency depending on your NIC hardware and the specs of your PFsense box... Just be warned that I have run into some quirks bridging 10GB and 1GB interfaces. Most likely due to my own fault or maybe hardware generation, firmware, or manufacturer difference. Hard to say. All I ended up doing is running my 10GB network on a different subnet and creating a rule to allow all internal traffic to flow from one interface to the other. Everything seems much happier since I chose to do that instead.

[intertan]

3 minutes ago, beersykins said:

Are you really going to buy four switches?

 

Just do one cable between PFsense and a core/distribution switch, branch other switches off of that switch if needed.  It gets trickier if you have multiple VLANs and want PFsense to do both the inter-VLAN routing and firewalling/IPS policies between VLANs.

 

Data in the same broadcast domain/network will stay on the switch.  If you need to pass traffic between different networks it'd depend on what device has the layer 3 gateway address and can forward that traffic (such as L3 switching, or a router interface).

in the diagram it was an example

 

I am also looking at  and possibly playing with this as it wouldn't take much to saturate a 10gb network. 

 Its all in the planing stage and until fiber comes in there is no point on setting this up. I also am hardly home these days.

[skippytheturtle]

16 hours ago, intertan said:

Take an example

Router has 4 ethernet ports. Not counting the wan one. I also have 4 5 port switches connected to the router. as seen in my cruel attached image.

If I want to transfer data from switch 1 port 1 to switch 4 port 4 I understand it will have to go through the router

if I transfer data from switch 2 port 1 to switch 2 port 2 does this also go though the router? I am thinking yes

 

I only ask cause I would like to buld a pfsense machine. I am thinking 4 10/100/1000 ports as an in and 2 10gb sfp+ ports out with possibly 2 more as there will be a lot of data running internally in the network.

 

Switch 1 port 1 > switch 4 port 4     In your diagram traffic go through the "router's SWITCH (remember a consumer grade router is a router, SWITCH, and access point in 1 unit) and back out to switch 4 port 4. It DOES NOT go through the router's portion of the "router". Layer 2 of the OSI Model

 

Switch 2 port 1 > switch 2 port 2    Traffic will NOT leave switch 2 (Unless host 1 and 2 are in different VLANs)

 

Switch 1 port 1 > Internet / different VLAN will go though the router. Router's main purpose is joining 2 different networks together

 

How about Server/ NAS > PC > one of the 4 switches....PC is connected to both server/NAS with a high speed link as well as to one of the 4 switches

 

Hope this helps, if you need a more in depth explanation (or simpler) PM me or respond here and I will see what I can do

 

[skippytheturtle]

14 hours ago, beersykins said:

Are you really going to buy four switches?

 

Just do one cable between PFsense and a core/distribution switch, branch other switches off of that switch if needed.  It gets trickier if you have multiple VLANs and want PFsense to do both the inter-VLAN routing and firewalling/IPS policies between VLANs.

 

Data in the same broadcast domain/network will stay on the switch.  If you need to pass traffic between different networks it'd depend on what device has the layer 3 gateway address and can forward that traffic (such as L3 switching, or a router interface).

Broadcasts will go to all 4 switches (assuming just one VLAN). Not sure why 4 switches and not just 1.

[Alex Atkin UK]

3 hours ago, skippytheturtle said:

Broadcasts will go to all 4 switches (assuming just one VLAN). Not sure why 4 switches and not just 1.

It rather depends on if its significantly harder to run multiple cables from a central point vs a few cables to strategic points.

I know for my own network its not practical to run them all central, but certainly in the planning stage its worth considering.  If the house was empty I'd certainly be trying.