Router + Switch or just Router

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Router + Switch or just Router

RonnieG

17 posts

Geek

#270530 13-May-2020 20:55

Hi guys, I've had a read of the comprehensive router guide sticky and a few other threads like this one about hardline home networking, but I think I'm missing something fundamental about combining a switch and a router vs just a router.

My apartment has 5 ethernet ports distributed throughout it. The ONT lives in a cabinet hidden away in a wardrobe at one end of the house. Planning to put a router in the cabinet and repurpose my aging DSL-AC68U as a WAP-only. We're on a 900/400 connection and do a lot of gaming and streaming, so want to get the most out of the hardwire connections.

I was looking at the EdgeRouter X / 4 / Lite and the Mikrotik RB750Gr3 suggested in the review thread, but they only have 3 or 4 LAN ports. So to cover the 5 connection points through the house, am I better to:
a) Use one of these routers in combination with a switch, or
b) Buy a larger, more expensive router like the EdgeRouter 6P or Mikrotik RB3011UiAS-RM ?

Might be asking dumb questions here, but I don't understand the pros and cons.

nztim

3696 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#2483168 13-May-2020 21:15

Definitely a router+switch and if budget permits RB4011

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

fe31nz

1200 posts

Uber Geek

#2483286 14-May-2020 00:24

Routers and switches do different things. With a switch, the packets arriving on one switch port are matched against all the other switch ports to see where the matching Ethernet addresses are. If the arriving packet has a specific address, then usually only one other port will match and the packet will be sent to that port. If the packet has a "broadcast" Ethernet address, then it will match all addresses and will be sent to all ports on the switch that have an attached device. This Ethernet broadcast packet capability is used for lots of things, and is not available on router ports. Router ports pretty much ignore the Ethernet addresses and look at the IP address field to see where to send a packet.

Some routers also incorporate a small switch, so if your need for ports is below the number of ports they have that are on that switch, you can get away with not having a switch. This normally works by the router incorporating a switch chip with the switch ports on it, and one of the router's ports is internally connected to that switch chip rather than to an actual external port. So if the switch chip can handle 5 ports, there may be 4 external switch ports and one internal one connected to a router port. The router's WAN port will never be on the switch, it will be directly connected to the router hardware. But often a router will have at least one other LAN port that is not on the switch. So if you use such a port for a device that needs to receive Ethernet broadcast packets, then any protocol that needs the broadcast packets will not work between that device and the others on the switch ports. For example, a PC that uses SMB networking, such as Windows file sharing, needs to get broadcast packets to be able to see the other devices on the network it can share with.

To complicate things, it is possible to tell a router to "bridge" ports together. That allows the broadcast packets to be sent to all the ports on the bridge. Unfortunately, in most routers, if you use bridging, that will disable the router's ability to use it special routing hardware - instead all packets will have to be sent to the router's CPU for routing. So instead of the packets being routed at gigabit speed by the routing hardware, they will be routed only as fast the the router's CPU can handle them, which is usually much less than gigabit speed. And the more work the router's CPU has to do on each packet (the more rules it has to apply to the packet), the slower it will route packets. For my Edgerouter Lite, with my fairly large set of firewall rules, if I disable the routing hardware (either manually or by using a feature such as bridging that automatically disables it), the routing speed drops from 1 gigabit/s to as low as 80 Mbit/s. With fewer rules, an Edgerouter Lite can handle routing of up to about 250-300 Mbit/s using its CPU, so that might be OK if you have only a 100 Mbit/s Internet connection. But if you need to have the router also handling packets between different parts of your network, such as the kids network and the adults network, then those packets will also be routed slowly. So if the kids want to watch videos from your video server box which is naturally on the adult side of the network, they may have trouble doing that, while on the adult side you see no problems. So it really is a bad idea to bridge in routers with this limitation.

Good routers that have a switch will in fact have a VLAN capable switch chip, and that allows them to be set up to either use their switch ports as switch ports (with broadcast working between them), or as router ports where all the traffic ignores the switch capability and is sent out the switch's port connected to the routing hardware. This is very useful, but has one major limitation - there is only one port connecting the router hardware to the switch hardware, so when multiple switch ports have heavy traffic and are being used in routing mode, all the packets from all those ports have to pass through the one switch port that is connected to the routing hardware. So multiple gigabit streams try to go through a single gigabit port, which is not possible and packets will have to be dropped. In a router which has multiple LAN ports that are not on a switch, you do not get this problem. So when buying a router that has an internal switch, do not be fooled by the router being advertised as having 5 or 8 ports. Likely it has only 2 or 3 ports on the router hardware and the rest on the switch. This makes such a 5 or 8 port router very cheap, but if you really need 5 or 8 routeable ports, you need to be buying a router which does not have a switch and will be much more expensive.

So, to summarise, routers with switch ports can be used to do switching for your network, but it is better to start out having both a router and a switch. That way you do not run into nasty compromises. And when your network grows (and they always seem to), you can just plug some more things into your switch. And when the switch runs out of ports, you can just buy another bigger one to replace it.

cyril7

9050 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2483338 14-May-2020 07:38

Hi Ronnie, recommend for $ and simplicity a Rb750g3 and a basic 8 port switch is probably easiest, and whilst not ideal purhaps a couple of 5ports to expand ports at various end locations.

An RB4011 would be ideal, but a little pricey.

Might I suggest if you go for the first option connect all lan ports to the switch and just have a single link to the RB750.

What we're your plans for wireless

Cyril

cyril7

9050 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2483347 14-May-2020 07:59

Hi, to add, just basic switches like these are all you need.

https://www.pbtech.co.nz/product/SWHTPL1010/TP-Link-TL-SG1008D-8-Port-Gigabit-Unmanaged-Switch

https://www.pbtech.co.nz/product/SWHTPL1007/TP-Link-TL-SG1005D-5-Port-Gigabit-Unmanaged-Switch

Cyril

RonnieG

17 posts

Geek

#2483627 14-May-2020 11:54

Thanks for your help everyone, I will go for the smaller router and an 8-port switch. Might pick up an extra 5-port switch for the office, eventually there will be several PCs in here once I get rid of all the junk 🤣 we moved in six months ago and the office has been the receptacle for everything we couldn't find a place for.

Thanks Cyril for anticipating my next question about which switch to buy - I noticed there was a lot of variety in price so it's good to know I can get one pretty cheap.

For wireless, I've been pretty satisfied with the speed and coverage of my Asus DSL-AC68U (which I've had since the VDSL days and have been using as my main router for fibre so far), so I'll try configure that to just work as an AP. Maybe in the future when I feel like spending more money that'll be the next thing to upgrade 🙂

RonnieG

17 posts

Geek

#2487591 21-May-2020 10:30

Went out and bought the Mikrotik RB750Gr3 and the TP-link switches.

I've set up the Mikrotik following the guide and currently I've just got it connected without the switch:

ONTP -> Mikrotik -> wall connection -> PC

but I'm getting sub-par speeds. Testing on speedtest.net gives me 300down/420up when I was getting 400/400 before on the DSL-AC68, and my plan with Now Internet is 900/400.
Is there some setting I should be changing? I just did the quick setup with PPPoE. Or should I be talking to the ISP about it?

I did notice in that Mikrotik setup guide that Michael said the RB750Gr3 processor couldn't handle PPPoE connections beyond about 650Mbit, so is the router the problem?

Rikkitic

Awrrr
18581 posts

Uber Geek

Lifetime subscriber

#2487602 21-May-2020 10:41

fe31nz:

This reply should be made into a sticky. It is the best and clearest explanation of this subject that I have ever seen. Well done and thanks for sharing.

Plesse igmore amd axxept applogies in adbance fir anu typos

cyril7

9050 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2489069 22-May-2020 07:53

Hi, 300/400 does not sound right, micheal is correct in that RouterOS handles PPPoE in software and the Hex series will not make a full GigE with PPPoE, but again 650 is a bit light, I have seen these do well into the late 700s, I think Sam (@Chevrolux) has used them with speeds approaching 800 also.

So what port on the LAN side are you using, depending on the Switch H/W offload mode, its best to use Port2 or 4, and have you tried using Linux rather than Windows, purhaps runnup a Live CD or Ubutuntu or Mint and test.

Cyril

chevrolux

4962 posts

Uber Geek
Inactive user

#2489075 22-May-2020 08:05

Yea you should see around 750-800Mbps with RB750Gr3 on a PPPoE WAN connection.

I dont think it actually matters these days (with fast path and all that), but try running your LAN directly off a single interface rather than a bridge - i.e. put your LAN IP address, DHCP server, etc, on ether2.

All the traffic has to touch the CPU regardless, but removing the bridge is just one less thing.

RonnieG

17 posts

Geek

#2489357 22-May-2020 12:37

Hi @cyril7
I've tested with Linux as well - my Thinkpad runs Kubuntu. Same results, around 300down 400up.
LAN is coming out of port 2 on the mikrotik. White is ONT, green is to the connection to the ethernet cables in the walls (don't know what the term is).

I've had a quick search of the mikrotik forums and wiki but I don't know enough about networking to tell what's out of place.
Here's the interfaces list:

And in the firewall rules fasttrack seems to be set up correctly.

When running speedtests only two out of four threads are doing much, reading 40-50% load.

try running your LAN directly off a single interface rather than a bridge - i.e. put your LAN IP address, DHCP server, etc, on ether2.

@chevrolux so is that changing the first entry in IP > Interfaces > Interfaces list above to LAN - ether2?
And then changing the entry in IP > DHCP server to ether2 as well?

That makes sense to me, but I'm pretty sure I'm in the "just enough knowledge to be dangerous" zone, so I want to check before I break things.

Am I right in understanding that the bridge is designed for the case of using multiple LAN ports on the router, but since I'm only using one it's just unnecessary overhead?

I think this output from the terminal is showing the same thing - hardware offload flag isn't there for the bridge connecting to ether2, so that's where the bottleneck is?

RonnieG

17 posts

Geek

#2489382 22-May-2020 12:57

Based on https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading I changed the bridge's protocol from RSTP -> none and the H flag is now active in the "/interface bridge port print" output. But it had no effect on internet speeds, so I just changed it back.