is it possible to connect to internet by a layer 3 switch without any router, if yes then how?
- Thread starter skd2510
- Start date
Someone Somewhere
Titan
- Sep 23, 2012
- 22,291
- 8
- 84,965
Unless your ISP is giving you multiple IPs, you need NAT. Most switches (even layer 3 ones), IIRC, don't do NAT.
Or you only want to connect one device to the net at a time. Or use IPv6 only.
Or you only want to connect one device to the net at a time. Or use IPv6 only.
Like "Someone" said.. haha... You won't have the ability to NAT, so unless your ISP hands you more than one IP, you won't have more than one device have access at a time. Also, most cheaper Layer 3 switches use static routing, so you can't configure your routing until you know your IP address.
Another issue I thought about when I also thought about taking this route is the gateway IP of your switch typically is also the management IP. This means your switch's management interface will be public on the Internet, depending on what kind of switch you have.
I highly recommend having a proper firewall. I myself have recently built a PFSense firewall that hangs around 4% cpu usage, even when NATing about 1.5gb/s.
And you get pretty graphs
Another issue I thought about when I also thought about taking this route is the gateway IP of your switch typically is also the management IP. This means your switch's management interface will be public on the Internet, depending on what kind of switch you have.
I highly recommend having a proper firewall. I myself have recently built a PFSense firewall that hangs around 4% cpu usage, even when NATing about 1.5gb/s.
And you get pretty graphs
I too have always wondered why cisco prevents me from using a layer 3 switch as my main internet routers when I do not have to worry about nat. It is much cheaper to get a layer3 switch that has lots of 10g ports and it has much higher total throughput.
So one day we just tried it...everything looked good until we turned up the BGP peer with the ISP. Seems there is a very low limit to the number of routes you can have in the routing table of a layer3 switch. It varies between the models but almost all are well under 10,000 and just one copy of the internet routes is 400,000 prefixes and normally you have 2 or 3 copies when you are using multiple ISP.
Seems HP and juniper switches have a similar limitation so there must be a reason other than the conspiracy theory that they are try to force me to buy their routers. I know it is a memory thing but you think they could just put more memory in.
In any case most people need NAT and we many times need to run traffic shaping also and you can only run policing on a switch.
So one day we just tried it...everything looked good until we turned up the BGP peer with the ISP. Seems there is a very low limit to the number of routes you can have in the routing table of a layer3 switch. It varies between the models but almost all are well under 10,000 and just one copy of the internet routes is 400,000 prefixes and normally you have 2 or 3 copies when you are using multiple ISP.
Seems HP and juniper switches have a similar limitation so there must be a reason other than the conspiracy theory that they are try to force me to buy their routers. I know it is a memory thing but you think they could just put more memory in.
In any case most people need NAT and we many times need to run traffic shaping also and you can only run policing on a switch.
It's not "just memory", it's a special kind of memory that is insanely fast that it can handle 400,000+ looks ups 20mil times per second.
10gb/s is about 20mil packets per second one way and 40mil pps both ways. Say you're doing a binary search of 400,000 prefixes, that's about 18 operations. That means you need to be able to handle upwards of 700mil operations per second. This is a very simplified view. They'd probably need something more like a 3ghz CPU to handle it, except that would consume way too much power.
What it comes down to is they use very custom hardware that doesn't sell often and it requires a lot of support. So they charge a lot of money for it.
hmm i wouldn't use a L3 switch as an internet router.
Whilst you can get BGP running on them - as has been pointed out they struggle to hold the whole internet routing table. They are also built for a very different purpose, usually designed for extremely fast L2 forwarding, (modern switches will forward in about 300 nanoseconds).
however all this tech is useless on the internet where we aren't in the nanosecond game, we're not in the microsecond game, but we're up in 10's of milli's.
PS some new L3 switches support line rate NAT-ing...they ain't cheap.
Whilst you can get BGP running on them - as has been pointed out they struggle to hold the whole internet routing table. They are also built for a very different purpose, usually designed for extremely fast L2 forwarding, (modern switches will forward in about 300 nanoseconds).
however all this tech is useless on the internet where we aren't in the nanosecond game, we're not in the microsecond game, but we're up in 10's of milli's.
PS some new L3 switches support line rate NAT-ing...they ain't cheap.
TRENDING THREADS
-
-
News Nintendo obliterates 8,535 Yuzu repos — Nintendo's most effective DMCA takedown campaign in years- Started by Admin
- Replies: 20
-
Question Need some help with a new prebuilt not displaying- Started by Creatir
- Replies: 16
-
News AMD's gaming revenue nosedives 48%, not expected to recover until 2025
- Started by Admin
- Replies: 38
-
News Windows 11 market share declines as users seemingly shift back to Windows 10
- Started by Admin
- Replies: 52
-
Question Win 10 BSOD IRQL_NOT_LESS_OR_EQUAL, Need help plz- Started by neurotic02
- Replies: 6
Facebook
Twitter
Instagram