10gb networking Suggestions on getting best result from our 10Gbit

[Tanasa23]

Hello everybody , I started working in a small/medium business with a 10Gbit fiber connection and they asked me if I could think of some upgrades/changes to make to our networking since all PCs or Access Points are only putting out around 8Mbps and I would like to make it atleast x10 faster than that. I wil also post photos to maybe understand better the situation .Of course the cheaper the better .At the moment this is the config that is running :

CISCO ME 3400E SERIES SWITCH -> USING GE PORT INTO 2X HUAWEI ROUTER AR2200 SERIES -> BOTH GO INTO A CHECK POINT 770/790-WIFI FIREWALL -> 1 DLINK DGS-1210-28 SWITCH -> 1 NETGEAR FS726TP SWITCH .

Those 2 final switches then spread into 5Cate ethernet cables into our offices.We have around 25 PCs ,1 IBM System server that is accessible to other offices from other cities in the country , 3 nas servers ,all workers need poe for their telephone,survaillance cams ,around 6 printers,3 access points to cover the area .

I noticed that by connecting directly to the huawei router my laptop finally sees the connection as a Gbit one , other than that it shows as 100Mbit .Thank you !

[Electronics Wizardy]

Do you mean 10mbit? None of that gear seems like its designed for 10gbit.

 

 

 

That 100 meg switch is gonna limit your speeds a good amount, id get a gig switch there.

 

 

[Skiiwee29]

Agreed with @Electronics Wizardy here, that 10/100 netgear prosafe switch is definitely the bottleneck here. 

[The_russian]

I really hope the 10Gb connection was a typo because the connection looks like it enters a port that can only handle 1Gb, then exits ports that can only handle 100Mbps and since you are limited by the slowest link, max bandwidth will be 100Mpbs. That being said you should still be getting closer to 100Mbps than 8Mbps. If it is possible try connecting your laptop directly to each switch one at a time, starting with the one closest to the end user computers and making your way back to the Cisco switch (or the other way around), that will determine if one of the switches is limiting bandwidth to 10Mbps. Now that I think about it though, if the 10Gb was a typo and you meant your internet connection is 10Mpbs, then users getting 8Mpbs bandwidth sounds about right. 

 

 

Also a side note, is there any particular reason both power plugs are not plugged in on the Cisco switch?

[TheLawyerMan]

44 minutes ago, Electronics Wizardy said:

Do you mean 10mbit? None of that gear seems like its designed for 10gbit.

 

 

 

That 100 meg switch is gonna limit your speeds a good amount, id get a gig switch there.

 

 

 

20 minutes ago, Skiiwee29 said:

Agreed with @Electronics Wizardy here, that 10/100 netgear prosafe switch is definitely the bottleneck here. 

this

[Tanasa23]

 

4 hours ago, Electronics Wizardy said:

Do you mean 10mbit? None of that gear seems like its designed for 10gbit.

 

 

 

That 100 meg switch is gonna limit your speeds a good amount, id get a gig switch there.

 

 

Boss told me we are really getting a 10Gbit connection from our ISP,the 100 netgear switch is for sure a bottleneck , but since connecting to the other dlink switch whick is a gig one i still get the same speeds , also the firewall is something that really concerns me that could be a  big bottleneck 

[Tanasa23]

3 hours ago, The_russian said:

I really hope the 10Gb connection was a typo because the connection looks like it enters a port that can only handle 1Gb, then exits ports that can only handle 100Mbps and since you are limited by the slowest link, max bandwidth will be 100Mpbs. That being said you should still be getting closer to 100Mbps than 8Mbps. If it is possible try connecting your laptop directly to each switch one at a time, starting with the one closest to the end user computers and making your way back to the Cisco switch (or the other way around), that will determine if one of the switches is limiting bandwidth to 10Mbps. Now that I think about it though, if the 10Gb was a typo and you meant your internet connection is 10Mpbs, then users getting 8Mpbs bandwidth sounds about right. 

 

 

Also a side note, is there any particular reason both power plugs are not plugged in on the Cisco switch?

Cisco port it enters in a sfp port and then exists from a 1gb port to the 2 huawei routers, no real reason to why there is only 1 power plug in , i started the way you are suggesting to plug it into all switches and only when connected to my huawei router or to the cisco my laptop gets giagabit connection,from there starting with the firewall it goes to 100Mbps

[Electronics Wizardy]

38 minutes ago, Tanasa23 said:

 

Boss told me we are really getting a 10Gbit connection from our ISP,the 100 netgear switch is for sure a bottleneck , but since connecting to the other dlink switch whick is a gig one i still get the same speeds , also the firewall is something that really concerns me that could be a  big bottleneck 

Well first problem is sfp 1 gig only, you need sfp+ for 10g, so check with your isp for that setup.

 

If you really want 10g, your gonna have to replace everything here. Thats probably what id do here anyways as  that 100m stuff is pretty old.

 

Probably want to let someone design this network that knows it better, probably work with your boss on it. 

 

Do you have a budget in mind?

[Tanasa23]

56 minutes ago, Electronics Wizardy said:

Well first problem is sfp 1 gig only, you need sfp+ for 10g, so check with your isp for that setup.

 

If you really want 10g, your gonna have to replace everything here. Thats probably what id do here anyways as  that 100m stuff is pretty old.

 

Probably want to let someone design this network that knows it better, probably work with your boss on it. 

 

Do you have a budget in mind?

OK any suggestions on something with sfp+ port? Budget wise I think we can manage to spend something around 2000 € at least, would a firewall bottleneck us too as I see online that getting one with 10gbps Wan speed is very difficult or it costs very much

[Overtaxed]

1 hour ago, Tanasa23 said:

OK any suggestions on something with sfp+ port? Budget wise I think we can manage to spend something around 2000 € at least, would a firewall bottleneck us too as I see online that getting one with 10gbps Wan speed is very difficult or it costs very much

https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro

 

That'll push >1G but <10G of traffic and has SFP+ ports on it for 10G connection (including on the WAN side).  Depends what features you have on, if you do IPS, you're going to be in the 3-5Gb/s range, if not, you could push up to ~7-8Gb/s of WAN to LAN throughput.  That's about the cheapest consumer grade device I know of that will crank out close to 10G of throughput across the routed interface.  

 

You can also build a Linux server with a 10G dual port NIC in it and run something like pFsense.  If you have enough CPU in the system you build, you should be able to get 10G LAN/WAN throughput.  

 

If you stay in the enterprise level hardware, this is going to get really expensive.  A Cisco Firepower 2130 can crank full speed 10G and a Firepower 2140 can do full speed 10G with IPS running.  However, these types of devices are "If you have to ask, you can't afford it" level pricing (10's of thousands).  

 

I see an MPLS connection and Internet coming in on 2 seperate lines, is that right?  If so, and you're doing BGP on that connection, I don't think the UDM will work for you; things are gonna get expensive if you need to pull in that MPLS link, run BGP there, pull in Internet and run a 10G firewall there all on one device.  

[Tanasa23]

2 hours ago, Overtaxed said:

https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro

 

That'll push >1G but <10G of traffic and has SFP+ ports on it for 10G connection (including on the WAN side).  Depends what features you have on, if you do IPS, you're going to be in the 3-5Gb/s range, if not, you could push up to ~7-8Gb/s of WAN to LAN throughput.  That's about the cheapest consumer grade device I know of that will crank out close to 10G of throughput across the routed interface.  

 

You can also build a Linux server with a 10G dual port NIC in it and run something like pFsense.  If you have enough CPU in the system you build, you should be able to get 10G LAN/WAN throughput.  

 

If you stay in the enterprise level hardware, this is going to get really expensive.  A Cisco Firepower 2130 can crank full speed 10G and a Firepower 2140 can do full speed 10G with IPS running.  However, these types of devices are "If you have to ask, you can't afford it" level pricing (10's of thousands).  

 

I see an MPLS connection and Internet coming in on 2 seperate lines, is that right?  If so, and you're doing BGP on that connection, I don't think the UDM will work for you; things are gonna get expensive if you need to pull in that MPLS link, run BGP there, pull in Internet and run a 10G firewall there all on one device.  

Yes from the 10/100 cisco ports there are 2huawei routers connected to it with ethernet. 1 is for the MPLS, asked my boss about it says is like an internal private network that doesn't go on the internet while from the other one is for the internet, that goes through our firewall and then inside the dlink switch and Netgear switch. The Cisco from what I understand doesn't support sfp+ but only sfp and the ports are all 10/100 mbps so I get it why ultimately we have low speeds 

[Electronics Wizardy]

7 hours ago, Tanasa23 said:

OK any suggestions on something with sfp+ port? Budget wise I think we can manage to spend something around 2000 € at least, would a firewall bottleneck us too as I see online that getting one with 10gbps Wan speed is very difficult or it costs very much

There are a lot of firewalls with sfp+ ports out there. What features do you need in the firewall? How about something like this guy https://shop.netgate.com/products/7100dt-base-pfsense. Probably can't fill 10gbe, but can do more than 1gbe.

 

Id get switches with sfp+ uplinks too. THere are a lot of options for these switches depending on your exact needs.

 

 

[Tanasa23]

On 4/1/2021 at 3:26 AM, Electronics Wizardy said:

Do you mean 10mbit? None of that gear seems like its designed for 10gbit.

 

 

 

That 100 meg switch is gonna limit your speeds a good amount, id get a gig switch there.

 

 

Boss had a bad memory , we checked the contract with our ISP and it is indeed a 10mbit connection not a 10gbit , still wanna thank you all for the suggestions and help !

[Electronics Wizardy]

1 hour ago, Tanasa23 said:

Boss had a bad memory , we checked the contract with our ISP and it is indeed a 10mbit connection not a 10gbit , still wanna thank you all for the suggestions and help !

Yea those speeds seem fine then. Id probably start wanting to replace those 100m switches, but should be good for now.

 

Also check if parts are eol and try to replace those first.