Have you tried using a TP-Link TL-SG3428?
Have you tried using a TP-Link TL-SG3428?
I bought a TP-Link TL-SG3428 for my data center because I need public IPs. Cogent assigned me a /22 block, but they only forward the specific part of that block (like 38.32.x.2) to an IP in their range. So if they send traffic from 38.32.x.2 on one port, can my switch take it and send it out all other ports? I thought this switch could do that for the whole /22 block, but I'm not sure if it will actually work like that or if I should give up.
It's not actually a full layer 3 switch according to the TP-Link website description. However, it does list static routing as a feature. With a /22 subnet, you probably have more IP addresses than this switch can handle. Trying to manage 1000 public IPs on a $200 device? You should rethink your choice of hardware entirely.
Routing doesn't work exactly like that. You'll need two interfaces and two IP addresses. One on the /29 network goes to the ISP, and you'll use a second interface for your VLAN under the /22 range. You probably want to use the .1 IP address here. It's hard to say if this specific switch can handle it. Switches often need a lot of memory to keep track of more than 1000 IPs at once, and some have a limit on ARP (address resolution protocol) that might cap them around 512 addresses anyway. That means you probably also need a proper DHCP server instead of trying to use the switch for this job. Most people don't do layer 3 routing with their switches; they just rely on firewalls for that. Someone could easily attack your switch or any of your servers and take everything down if things go wrong, but a firewall has way more memory and can handle both tracking all those IPs and running DHCP tasks much better.
Now I have a /22 subnet and 2 /24 subnets with more IPs coming later. I think I'm asking the wrong question. What device will actually handle what I need? I am using a simple Linux router right now, and it works great until too many connections hit it at once. It handles the data speed well, but not so many connections. Cogent is sending all my public IPs to one IP on the outside interface of this router. The inside interface has a .1 address for each network to act as the default gateway for the servers inside. Some people said a Layer 3 switch would work fine. Others say use a full router. bill001g mentioned a firewall device. I am really out of my depth here. All I want is to know what device will do the job and a specific model to start learning it too. It also needs to accept an SFP+ module for the WAN connection. Thank you so much for your help.
It would be weird for your Linux box to be overloaded just by running as a router. A router doesn't think about sessions or connections; it only looks at the destination IP address and decides where to send the packet. If you were using a real routing protocol, that would get complicated, but since you are probably doing simple static routing, this makes sense. I'm assuming you have multiple public IP addresses so you aren't running NAT. NAT eats up lots of CPU power. It is more likely your box is acting as a firewall and the firewall rules causing the overload. A firewall checks how many connections there are. To make it easier, I would buy a very simple switch that can take SFP+ interfaces. Basically, this works like a media converter. You can buy actual media converters, but they are usually too expensive for just two ports. All you really need is a simple Layer 2 switch with an SFP+ port and whatever speed of ethernet you want. After all that, you can get a bigger Linux PC. Everything depends on what extra functions you need besides simple routing.
On my Linux router, the ksoftirqd process eats up so much CPU it can go to 100%. A post on askubuntu explained this might happen because too many connections are causing the problem: https://askubuntu.com/questions/7858/why...-of-my-cpu No NATing. I was using SNORT and iptables, but SNORT is also overloading things here. What happens inside my router is much slower when traffic comes from the other side while the router itself stays fast at normal speeds. At that time SNORT is definitely overloading it. That makes total sense to me. But ksoftirqd is between 50% and 100% CPU used. I also only have a problem when a client on the inside starts doing something bad like port scanning or such. Usually, it looks like a UDP attack. When I stop that ksoftirqd goes back down to normal speeds. My router is an Intel Core2 Duo with 4 GB of ram. It worked great for me when I started out. I have several lying around. I would love just to keep using a Linux router since it's so easy to set up and manage. I was thinking of buying an AMD Ryzen 5 5600G with 6 cores, 12 threads, and 16 GB of ram. Do you think that would be enough?