Layer 3 Switch, Or Layer 2 + Firewall/Router?
Advice
So I'm finally upgrading my home network from IPtables on a KVM host + OpenWRT on a TP-Link C7, and am trying to decide what the best architecture would be for my needs. I need to do some basic inter-VLAN policy-based routing, along with external NAT, port forwarding, and VPN.
I'd like to hear some suggestions on how to best implement this. I'm planning to use EOL enterprise equipment, partly for the cost and performance compared to consumer devices, but mostly for the nerd-cred. My initial thoughts are to go with a layer-3 switch like a Cisco SG300, because the heaviest load on my OpenWRT box during regular operation comes from VLAN routing. Then my external network needs can be handled by a Forigate 60D or similar.
BUT I've never used a layer-3 switch before, so I'm kind of guessing at whether this is best option. I know that I could buy a decent used layer-2 switch for peanuts, and use a more powerful router to handle all my layer-3 needs, but I'm worried that the router would still be the bottleneck of my network.
Does anyone have any suggestions? What sort of throughput could I expect in both situations? Will it be harder than I expect to find a layer-3 switch that supports policy-based routing? Some equipment suggestions would be great too.
Thanks!
Archived post. New comments cannot be posted and votes cannot be cast.
Comments Section
In that case yes. Do you really expect to hit the 1 gbit/s often?
Tbh, not really. But if an OP network will be more future proof, the cost is similar, and I'll occasionally squeeze out a noticeable difference in performance, then why not? Plus nerd cred.