External Switch vs Bridged Ethernet Ports?
-
Can someone explain to me in detail but in laymans terms why is the external switch recommended over using bridged ethernet port / NICs?
-
Switch is doing the jobs (delegated) with dedicated hardware, bridging does them in software and unfit hardware, (avoidable) wasting of pfSense HW resources.
-
Separation of concerns that leads to much improved performance. With a dedicated switch all of the network internal traffic (traffic that isn't directly addressed to the pfSense router and isn't broad/multicast) won't be relayed to pfSense unnecessarily because the switch is smart enough to see that the traffic wouldn't be of any interest to it. Without the switch and with bridging every single ethernet frame of the internal traffic would potentially have to pass trough the pfSense system and that can be very demanding in performance terms.
-
Unless of the situation that only some really experienced admins know really when and where
to use bridged ports, it will aint mostly or even more problems then without using that construct.- port flapping
- massively packet loss
- missing or disconnected devices
A switch is coming as today together with switch and bridge chips inside and this is not given
at any or the most pfSense firewalls. So it is hardware based and often on top ASIC or FPGA
pushed so you will only with very heavy and strong or powerful hardware able to work it out
without recognizing the massively packet loss.A Layer3 switch likes a Cisco SG300-10 (small dog) is able to delivering GB LAN wire speed
without any hassle between VLANs! And often switch typify things came on top of this! -
Also, switches are really cheap these days. I've seen 5 port, 100 Mb switches for about $10 (Cdn) and I recently picked up a 5 port managed Gb switch for $30. Compare that with the $80 or so I paid for an 8 port 10 Mb hub, in the late '90s. Today, I can even get a 16 port Gb switch for about $100.
BTW, layer 3 switches are functionally equivalent to a router, not what we normally consider a "switch" at layer 2.
-
Also, switches are really cheap these days.
In that case here it will be coming true! but in other cases it is not really matching the realality
we are using here for ~700 users in the headquarter of a mid ranged company;- 2 x NETGEAR ProSAFE XSM7224S + Layer3 license as redundant core switches
(2 x ~6500 € + 2 x 1300 € for the licenses) - many brand new Netgear M4300 switches as stack routing switches
(starting at ~1200 € till ~5500 € for each) - Netgear M5300 Switches as access switches (stacked)
(to connecting the devices)
I've seen 5 port, 100 Mb switches for about $10 (Cdn) and I recently picked up a 5 port managed Gb switch for $30. Compare that with the $80 or so I paid for an 8 port 10 Mb hub, in the late '90s. Today, I can even get a 16 port Gb switch for about $100.
In the mostly cases it would not hurt or does any matter to use layer2 switches, but in also many cases it
is better to use layer3 switches.BTW, layer 3 switches are functionally equivalent to a router,
Because two devices are able to do oine or more same jobs or came with one or more same
options, make them not really staying in the same device group or range!not what we normally consider a "switch" at layer 2.
Where is written that switches are not working on the layer3?
Switches are often todays are coming with special Switch chips and or on top of this with
ASICs and/or FPGAs, Bridge chips and other things like CLI, webconfig or special software
for the entire configuration. - 2 x NETGEAR ProSAFE XSM7224S + Layer3 license as redundant core switches
-
Where is written that switches are not working on the layer3?
In common usage, switches referred to layer 2, Ethernet. A separate function, at layer 3 was done by routers. The layer 3 switches simply move the routing function into dedicated hardware, rather than software, as was previously done. Regardless, if you're not routing a layer 3 switch won't accomplish much that a layer 2 switch couldn't do.
