System Design help

Hi all,

Just wondering if anyone had some advice for system design.

My system has 2 nics Wan/Lan I need to run several jails and several bhyve instances..

What would be the best approach when it comes to networking all of these systems together.

Ideally :

vm 1-3 need to see and pass traffic between lan/wan
vm 4-6 access the lan
vm 5 accesses the host
syslog server that can receive logs from all machines (ie I was thinking of sharing /tmp on the host to scrape logs from?)
jails 1-5 need access just to wan
jails 6-10 need access to just lan
several more jails need access to both
I would also like to be able to configure relayD to balance traffic on all of the above as well as be able to send traffic to ips on other parts of the lan nic.
pf should inspect all traffic
maximum performance at 100GB

I also wish to configure things like bro to be able to filter on all of them

I understand the complexity.. but just wanted to see if there are some best practices to adhere to for maximum performance.

thanks in advance.