L3 switch vs. router on the bounds of IPv6 network

2

0

Consider a typical home network of say ~20 devices. Let's say I want to make it a IPv6 only. I want to do it with only gigabit-capable devices. I can do that through a router or an L3 switch.

Let's take these two as an example:

Assume IPv4 is not used and features such as VPN tunnels are also not important.

Are there any obvious issues with using L3 switch instead of a router in this scenario? E.g. lower security, lower throughput, etc.

To phase the question differently - why would you use one or another in similar scenarios?

Or to phase differently again - what are the scenarios for most people (residential or very small business users) that would require one or another or where picking one or another would be superior?

Edit:

To clarify, this is a new setup and I'm looking at two options:

a) The standard inside network <-> dummy switch <-> router <-> internet, where all devices are connected to a dummy switch and the router is playing a firewall role

b) The router-less inside network <-> L3 switch <-> internet, where devices are connected to an L3 switch that is at the same time playing a role of a firewall

Option a) is both more complex (two devices to administrate) and more costly (need to buy both a dummy switch and a router). Option b) is potentially less secure and could have other cons (that's what I'm trying to figure out).

Since this is a home / small business setup, I'm not interested in anything except the above, so NAT, VPN, other WAN-type connectivity options, BGP routing, etc. are not something I'm looking for. I.e. it's pretty much as bare-bones setup as any other residential customer - I just need to be able to connect to the Internet and have standard security.

Specifically, on the page for the L3 switch I linked to I found:

• RouterOS gateway/firewall/VPN router with passive cooling

So it should support all I need (and more), but then again I'm wary of the marketing and looking for some input about this. Most importantly, whether others have a similar setup (while preferred, absolutely not restricted to the one I linked - just something in the similar price range, e.g. up to $250 or so) and some facts about why the setup is good or not.

To clarify even more, I am leaning towards the L3 switch setup because it's simpler in my opinion. I am trying to figure out whether going with L3 switch has any obvious deficiencies that I would want to avoid, most importantly from security and throughput / latency standpoints.

levant pied

Posted 2016-08-03T13:32:44.653

Reputation: 206

2A "layer 3 switch" is a router, albeit usually with reduced functionality compared to a dedicated router, and of course a layer 3 switch includes a switch. – Michael Hampton – 2016-08-06T04:05:36.520

@MichaelHampton thanks - yeah, I guess I wanted to emphasize the "reduced functionality" part. In the scenarios outlined above, would you care about what you "lost" by choosing an L3 switch instead of a "full" router? – levant pied – 2016-08-08T20:40:16.813

Why do you need another device? Simply turn on IPv6 and use it...? Any switch will do. Or are you perhaps referring to/concerned about the Internet uplink? – Daniel B – 2016-11-28T23:25:19.357

@DanielB Building from scratch, so it would not be "another device" :) I'm considering two options: a) router + switch (as router has only 5 ports and I have more than 5 devices) or b) switch only (as it has 24 ports and that covers all my devices). I'm for the option b) as it's simpler and more cost-effective, but I don't want to be less secure or have lower throughput because of that, so wanted to know pros & cons from someone that's experienced. – levant pied – 2016-11-29T14:58:57.003

That still doesn’t really clear up whether this is about IPv6 Internet access (as well) or not. Also, you still need a (NAT) router for Internet access anyway. Also, in simple networks, a dumb switch is enough, so no administration there. – Daniel B – 2016-11-29T15:15:10.163

@DanielB I've updated the answer, hope it clarifies a bit. Yes, this is about IPv6 internal network + IPv6 internet access (no IPv4 involved anywhere). No, I don't need NAT for IPv6 native connectivity. Agreed, no administration for a dummy switch, but still 2 devices to take care of than 1 - given a relatively equal choice, I'd choose 1. Just trying to get some practical information about how "equal" the choice is given the requirements I have. – levant pied – 2016-11-29T15:26:08.753

You do realize that you (still) won’t be able to access the vast majority of the Internet using IPv6, right? Your Internet uplink is probably also a little more complicated than plugging in an Ethernet connector somewhere. – Daniel B – 2016-11-29T15:47:57.630

@DanielB I'm not saying I'll be accessing sites using IPv6 addresses or using AAAA DNS lookups, just that I'll be talking IPv6 with my ISP. I can definiely have IPv6 with my uplink (see e.g. https://community.infoblox.com/t5/IPv6-Center-of-Excellence/Home-Networking-with-IPv6/ba-p/5755). But this is going off-topic - I'm not asking whether I will be able to connect, but whether connecting given the requirements is a good choice.

– levant pied – 2016-11-29T19:04:57.187

@AdamSilenko Based on the page I linked (copied above in the answer) the L3 switch has a firewall. Do you have any information that confirms this information on their site is false? If so, please share - that's what I'm looking for. As I said in the comment above, I don't need NAT, it's IPv6. I thought I explained what I need in great detail - let me know what additional information you think would be useful and I'll update the question. – levant pied – 2016-11-29T19:07:31.060

1You changed your questions. I remark that this is a Q&A forum, not intended for open discussions. – harrymc – 2016-11-29T19:31:04.790

1L3 switches and routers really, for all intents and purposes in a home/small business settings, can perform all the same tasks. Both can analyze packets up to the IP layer, both are capable of managing a route table, both can define and manage VLANs and both would have the same capabilities for defining basic firewall rules for security. Both would also have the ability to define NAT rules for a private internal network. In all honesty, most SOHO devices you buy that are branded as "routers" are still just variations on an L3 switch. – MaQleod – 2016-11-29T22:51:47.070

@harrymc I don't think I changed the question in any substantial way. I was just adding information based on the answers you guys provided and the additional details that seemed necessary to clarify what I originally wanted. I hope the updated question is clearer and it's certainly not my intent to drag this into a discussion, only to get some facts from people who know more or have had the same kind of setup issues and have valuable experience that could help me learn and decide what to do. – levant pied – 2016-11-29T23:17:25.570

Thanks @MaQleod - to play devil's advocate, what would I need a real router for? Reading e.g. this https://www.reddit.com/r/networking/comments/2a0hdd/stupid_question_router_vs_layer_3_switch_whats/ I see that there's a potential for e.g. slower processing of ACLs. Do you have experience with these with regard to such issues? Also, please put this into an answer if you have a moment.

– levant pied – 2016-11-29T23:31:57.160

@levantpied: You are just looking for an excuse to buyi the L3 switch. Such a switch is just a mini-router tacked-on to an L2 switch. Only the better and costlier ones approach routers in capabilities, and $189 doesn't sound enough. – harrymc – 2016-11-30T06:46:27.777

Answers

1

Since this is a home network, although a large one, I would counsel a router as being more versatile. A router can do NAT, QoS, Voice gateway, access control lists (security) and more, while a switch usually cannot.

Another difference (might not apply here), is that L3 switches do not offer the same WAN-type ports (T1, T3, etc.) that a standard router does.

The L3 switch will act like a switch when it is connecting devices that are on the same network, and like a stripped-down router when connecting externally. In general, you want to use a router when most of the time the device does routing. Likewise, you want to use a switch when when most of the time the device does switching. In other words, if one of the main purposes of the device is to connect externally, use a router. If its main purpose is to connect between local/internal devices, use a switch.

The specifications for your L3 switch includes a firewall, but I'm not sure how good it is. In general a router has its own IP address(es) while a switch doesn’t. I would prefer a router for better protection against attacks coming from the Internet. Routing software knows how to deal with different IP packets, such as ICMP and others, but switches don’t.

As regarding future expansion, multiple routers can be connected together as a network, but not switches.

The advantage of the L3 switch is that it will be much faster on switching packets, but the question only you can answer is whether you need that speed.

In all, for security and versatility I would advise using a router for a home network.

Your linked router is defined as "a low cost multi port device series" for $99. Given that the L3 switch you are considering is priced at $189, you could afford a better router for the same price. I would also counsel a router that supports the DD-WRT firmware with easy installation, just in case you would need more functionality in the future.
(Note : Product recommendations are disallowed on this forum.)

harrymc

Posted 2016-08-03T13:32:44.653

Reputation: 306 093

ockquote>

"multiple routers can be connected together as a network, but not switches."

Do you have that backwards? I thought it was common to daisy-chain switches, but you can have at most one router. Or possibly just one DHCP server. – RJFalconer – 2016-11-29T12:49:18.617

1Daisy-chaining, yes. But not as extenders, and not with wireless portable devices connecting automatically to the best router on the network while moving around your home. – harrymc – 2016-11-29T12:53:33.707

Thanks harrymc - updated the answer, hopefully to clarify what I am looking for. I agree with most of the points you provide, though I'm looking for a bit more practical information if possible. – levant pied – 2016-11-29T15:15:43.737

Your post is "Switch vs. router", but your edit is now totally oriented on the L3 switch. It seems you have now decided on a setup, and now you are asking multiple questions which are totally different from the original. Big confusion - why ask us if you already decided? And changing questions is not a good idea - start multiple posts instead. This is a Q&A forum, not intended for open discussions. – harrymc – 2016-11-29T19:25:17.240

The title did not, but my original question had L3 switch, so I don't think I changed that. I thought it was obvious I want to go with L3 switch and I'm asking if that has any deficiencies, so I have not decided yet. I'm not trying to have a discussion, just clarifying what you guys asked, what I did not explain well it seems and trying to get some useful information out of it. I updated the question with the latest, hope it's clear now. – levant pied – 2016-11-29T20:10:22.457

0

CRS125-24G-1S-IN is not only switch, this is switch with router, exactly with MikroTik RouterOS Level 5. So yes, it have firewall and many other things...

Adam Silenko

Posted 2016-08-03T13:32:44.653

Reputation: 614

0

There are a couple of problems with some of the answers provided. First and foremost we have to understand what a layer 3 switch is, and what a router is.

Usually a router (in the U.S.) is connected to an ISP using a variant of PPP (specifically PPPoE). The router takes a routed protocol (TCP or UDP) and passes it to the provider network directly. Then the provider network uses a routing protocol (OSPF, IS-IS, or RIP) to route the routed protocol.

A layer 3 router is making use of MPLS (Multi-Protocol Label Switching) to switch packets in the router instead of using the routing engine. This means that the packet skips the routing engine and goes directly out a physical port.

The catch is MPLS is only useful if your provider is using it, and you have multiple networks (think 254 devices per network in 254 networks).

What you are attempting to do will provide no net benefit. You are essentially complicating your network... because you can.

An L3 switch is NOT just a switch and a router in one box. An L3 switch is a router runnning specific software that makes it compatible with protocols being used by other L3 switches it is connected to.

I've worked with Layer3 switches. I'm currently a Network Security Engineer at Level3. I've worked for TWTelecom and Reliance Global Com as a network engineer. Let me know if you have any other questions.

Everett

Posted 2016-08-03T13:32:44.653

Reputation: 5 425

Most articles describe an L3 switch as two connected hardware systems. It is said that once the router resolves the route, the MAC-to-MAC relationship is passed to the switch part which then works in an autonomous manner without soliciting again the routing software - that this is why an L3 switch is much faster than a router for message streams, but not for short-term connections for which a full-fledged router is faster and more flexible. Do you say that this is incorrect? – harrymc – 2016-12-04T08:08:24.213

Thanks Everett - can you clarify why having a single L3 switch is going to be more complicated than having a dummy switch and a router / firewall? – levant pied – 2016-12-05T20:14:41.253

A switch and a router in one box is a switch and a router in one box. Google "is-layer-3-switch-more-than-router." – Everett – 2016-12-07T02:37:51.200

Agreed, so why is having one device (one L3 switch = L2 switch + router / firewall) more complicated than having two devices (one L2 switch and one router / firewall)? I thought it would be the other way around, no? – levant pied – 2016-12-07T17:53:38.863

Asked: 2016-08-03T13:32:44.653

Viewed: 324 times

Active: 2016-12-03T03:53:22.157