HomeNetworking is a place where anyone can ask for help with their home or small office network. No question is too small, but please be sure to read the rules before asking for help. We also welcome pretty much anything else related to small networks.
Layer 3 Switch, Or Layer 2 + Firewall/Router?
So I'm finally upgrading my home network from IPtables on a KVM host + OpenWRT on a TP-Link C7, and am trying to decide what the best architecture would be for my needs. I need to do some basic inter-VLAN policy-based routing, along with external NAT, port forwarding, and VPN.
I'd like to hear some suggestions on how to best implement this. I'm planning to use EOL enterprise equipment, partly for the cost and performance compared to consumer devices, but mostly for the nerd-cred. My initial thoughts are to go with a layer-3 switch like a Cisco SG300, because the heaviest load on my OpenWRT box during regular operation comes from VLAN routing. Then my external network needs can be handled by a Forigate 60D or similar.
BUT I've never used a layer-3 switch before, so I'm kind of guessing at whether this is best option. I know that I could buy a decent used layer-2 switch for peanuts, and use a more powerful router to handle all my layer-3 needs, but I'm worried that the router would still be the bottleneck of my network.
Does anyone have any suggestions? What sort of throughput could I expect in both situations? Will it be harder than I expect to find a layer-3 switch that supports policy-based routing? Some equipment suggestions would be great too.
Thanks!
layer 2 switch + proper firewall for you layer 3 needs.
Unless there are large amount of inter-VLAN traffics going on, Layer 2 switches + router on a stick approach would be simpler and cheaper than Layer 3 switches approach.