Switch control for two providers across several network segments?
Switch control for two providers across several network segments?
I'm working on setting up flexible connections between two ISPs and managing multiple subnets. Need to create up to four networks with quick device assignment via switches. Also want IP telephony, multicast TV, remote control, and reliable performance. A budget of 1Gbps is sufficient; PoE could help on a few ports. I need at least ten Ethernet ports for devices plus two for ISPs. Since I'm not very experienced, I'm looking for affordable hardware options, possibly used servers from eBay in Germany. Thanks for any advice!
You require a router featuring two WAN ports that offer capabilities like failover and load balancing. Networks and sub-networks can be established by setting up sub-interfaces on the router with VLAN tagging and employing a managed switch that includes VLAN support and a trunk port. A managed switch alone, even with limited Layer 3 features, lacks the full range of functions found in a dedicated router.
If advanced features aren’t required, any managed switch should suffice. Cisco is well-known in enterprise environments, yet you can often locate used equipment at lower costs. An older Catalyst 2960 series model would cover your basic needs and exceed expectations. Personally, I prefer a device with 10Gbps ports found in the 2960-X lineup. For newer gear, Ubiquiti offers a more consumer-friendly option with Edge series switches that run via WebUI. Regarding routers, I’m not an expert to advise on this choice. I’m familiar with a home-built pfSense unit that could handle similar tasks, but a fully built solution might be preferable. Ubiquiti provides its own router lineup featuring multiple network ports. Whether it supports sub-interfaces isn’t clear. If it doesn’t, you won’t have a dedicated trunk port on the switch. You’d need to manually set up VLANs and link each group to a separate router port—less convenient.
I believe a 2960 might be too much and costly unless you find it in good shape for under $100. A 3750X would be more suitable if L3 is needed, and those used models are generally affordable with a 2-port 10Gb port if required—though I’m not sure about that. Regarding the OP’s original need to connect to an ISP, the best option would be a solution with Policy Based Routing. For advanced load balancing, SDWAN-type systems would become quite pricey. Maybe @mynameisjuan can share more alternatives as well.
To preface, this statement might put this out of your reach and even price range for this situation. Nothing against you, real load balancing across multiple WANs with proper router, firewall zones to avoid asymmetrical routing problems, etc... require experience and if you want to simplify it, SDWAN which will cost you big time . It becomes overwhelming pretty quick. If you are brave and on a budget your best bet here is a used Juniper SRX240, or willing to spend a bit extra for modern supported hardware, SRX320. They will be able to support all your requested fields as these modules base have 6 ports and the 320 has a PoE version. There are 2 slots where you can add additional ports if you need them, even a SIM card slot if you need. They are solid firewalls, can route a gig no problem, almost full switching functionality and has IPS (intrustion prevention system) aka like an anti-virus if needed for a cost. This is quite a task and Juniper is not something you just jump right into. There is nothing else that comes right to mind other than a PFsense box of Ubiquiti but they are not routing and switching in one box and dont support load balancing on the WAN. If you decide to go this route you can update us here and I can give you some templates to use if need be!
I'd set up pfsense with a Unifi switch (or a basic switch if you don't need VLANs) and define rules to direct traffic based on devices, VLANs, or ISP conditions like speed, latency, or data limits.