Jump to content

Managed Switch to use 2 ISPs on multiple Sub-Networks?

imcaspar

Hey everyone,

 

I am trying to achieve the following, leaving out the reasoning to keep this post a bit shorter:

 

- Being able to flexibly route the connections from two different ISPs to any devices or subnets in my network

- Create up to 4 different sub networks to which devices can be quickly assigned through switch software

- IP Telephony and Multicast IPTV should work

- Remotely manageable

- 1GBe is enough, POe would be a nice to have on not more than 2 ports

- minimum of 10 ethernet ports for devices + two for the ISPs

 

Not being too experienced when it comes to networking, I am now searching for a hard- and sotware solution to realise this. 

Potentially buying used server hardware from eBay would be preferred over more expensive new solutions, keeping in mind I am located in Germany.

 

I am thankful for any input on this.

 

All the best Regards, -Caspar

Link to comment
Share on other sites

Link to post
Share on other sites

If you're looking to manage the network between two different ISP connections what you need is a router with 2 WAN interfaces that support functions such as Fail Over and things such as Load Balancing. To create networks and sub-networks can be done though creating sub-interfaces on the router with VLAN tagging and using a managed switch with VLANs and a trunk port.

 

A managed switch alone (even partial Layer 3) won't have all the functionality of a standalone router.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, Windows7ge said:

If you're looking to manage the network between two different ISP connections what you need is a router with 2 WAN interfaces that support functions such as Fail Over and things such as Load Balancing. To create networks and sub-networks can be done though creating sub-interfaces on the router with VLAN tagging and using a managed switch with VLANs and a trunk port.

 

A managed switch alone (even partial Layer 3) won't have all the functionality of a standalone router.

Thanks, that was very informative. Is there any specific hardware you would recommend?

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, imcaspar said:

Thanks, that was very informative. Is there any specific hardware you would recommend?

If you don't need any advanced functionality beyond VLANs on the switch then just about any managed switch should do. CISCO is a good name in the enterprise space but if you're looking to save some money you can find their equipment on the used market for pretty cheap. Something like an old Catalyst 2960 series switch. It'd do everything you need and more but @Lurick can probably come up with something more modern in the used space. Personally I'd want something with 10Gbit ports like in the 2960-X series.

 

Looking at new equipment Ubiquiti is a prosumer market with a price point to match. They have Edge series switches that you can manage with a WebUI.

 

As far as routers go I'm not the best person to ask. I know a home built pfSense box should have the functionality to do this but you may want something pre-built with it's own OS. Ubiquiti has their own series of Router with several network ports. Weather or not they support sub-interfaces I can't say. If it doesn't you won't be using a trunk port on the Switch. You'd have to create your VLANs and connect one port in each VLAN group to a port on the router. Not ideal.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Windows7ge said:

If you don't need any advanced functionality beyond VLANs on the switch then just about any managed switch should do. CISCO is a good name in the enterprise space but if you're looking to save some money you can find their equipment on the used market for pretty cheap. Something like an old Catalyst 2960 series switch. It'd do everything you need and more but @Lurick can probably come up with something more modern in the used space. Personally I'd want something with 10Gbit ports like in the 2960-X series.

 

Looking at new equipment Ubiquiti is a prosumer market with a price point to match. They have Edge series switches that you can manage with a WebUI.

 

As far as routers go I'm not the best person to ask. I know a home built pfSense box should have the functionality to do this but you may want something pre-built with it's own OS. Ubiquiti has their own series of Router with several network ports. Weather or not they support sub-interfaces I can't say. If it doesn't you won't be using a trunk port on the Switch. You'd have to create your VLANs and connect one port in each VLAN group to a port on the router. Not ideal.

Yah, I think a 2960 would probably be a bit overkill and expensive, unless it can be gotten in good condition for sub $100 or so. A 3750X or something if L3 is desired would be better and those are pretty cheap used and they have a 2 port 10Gb module as well if needed which I think is pretty cheap but I could be wrong there.

 

As for OP's original requirement of needing to route connections to either ISP, the best way would be something that offers Policy Based Routing but if they want proper load balancing then it's going to get very expensive as you look into SDWAN type solutions. Perhaps @mynameisjuan can comment as well on some alternatives :)

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, imcaspar said:

Not being too experienced when it comes to networking

To preface, this statement might put this out of your reach and even price range for this situation. Nothing against you, real load balancing across multiple WANs with proper router, firewall zones to avoid asymmetrical routing problems, etc... require experience and if you want to simplify it, SDWAN which will cost you big time. It becomes overwhelming pretty quick.

 

If you are brave and on a budget  your best bet here is a used Juniper SRX240, or willing to spend a bit extra for modern supported hardware, SRX320. They will be able to support all your requested fields as these modules base have 6 ports and the 320 has a PoE version. There are 2 slots where you can add additional ports if you need them, even a SIM card slot if you need.

 

They are solid firewalls, can route a gig no problem, almost full switching functionality and has IPS (intrustion prevention system) aka like an anti-virus if needed for a cost.

 

This is quite a task and Juniper is not something you just jump right into. There is nothing else that comes right to mind other than a PFsense box of Ubiquiti but they are not routing and switching in one box and dont support load balancing on the WAN. 

 

If you decide to go this route you can update us here and I can give you some templates to use if need be!

Link to comment
Share on other sites

Link to post
Share on other sites

I would use pfsense and a Unifi switch (if you are not going to use vlans then a dumb switch would get the job done) and create rules to send traffic from specific devices, specific vlans, or traffic to certain ips through a certain isp depending on each connection (ie: speed, latency, data caps, etc)

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×