How to connect switches and router - planing network architecture

RouterOS General
1

Hi Guys.
Can you help me with planning of the architecture of company network?
I’m using already CRS328-24P-4S+RM as switches, and RBcAPGi-5acD2nD as WiFi access points.
But the question is how to connect together switches and then to the router in the best way.

I’m using VLANs(office network, guest network, IT-Structure management network, PLCs, etc.), CapsMan, VPN server with ActiveDirectory authorization (site-to-side and remote workers). I plan to install also Dude Server. Now I have circa 200 devices in a network. I have WAN access via fiber. I’m also interested in assigning VLAN-id to wire interfaces based on some user credentials. I don’t know if PPoE or Dot1x will do that or do I need something other.

Now I have three ideas of the infrastructure

Solution 1
Solution 3.png
Connect each switch to fiber switch via SFP+ - probably to CRS317-1G-16S+RM and also I will connect router to this fiber switch. CCR1009-7G-1C-1S.
So in this setup, I will have

  • 10G between each switch
  • 10G for inter VLAN routing
  • 1,25G for WAN via SFP (without plus) - Now I have 1G limit from my ISP so 1,25G SFP is enough, but if in future I want higher speed this will be the bottleneck.


    Solution 2
    Solution 2.png
    Use router with more SFP+ ports and connect switches directly - for example CCR2004-1G-12S+2XS
    So in this setup, I will have
  • 10G between each switch limited by 2x25G bus, and CPU of CCR2004 - no switching between SPF+ ports - whole traffic will go thru CPUs
  • 10G for inter VLAN routing between EACH switch - again limited by 2x25G bus and CPUs
  • possibility to connect WAN via SFP+ not SFP


    Solution 3 - mixed
    Solution 1.png
    Connect each switch to the fiber switch via SFP+ and to router via another SFP+ interface
    So in this setup, I will have
  • 10G between each switch (not limited neither by 2x25G bus nor CPU)
  • 10G for inter VLAN routing between EACH switch - limited by 2x25G bus and CPUs
  • possibility to connect WAN via SFP+ not SFP
  • have to add some L2 filtering (in order to distinguish what should go to the router, what to the fiber switch)


    I plan to connect servers to the network via SPF+ (in solution 1+3 to the fiber switch) - Most of servers are in the same VLAN as the workers PCs (not accessible from WAN) so inter-vlan-routing is not required. WAN accessible servers will be in separated VLANs

Can you give me some advice which solution should I choose? Or maybe all these three solutions are wrong?
Do you need more details?

2

Guys,
English is not my main language, but I hope more or less I have written understandably.
I don’t know which router should I choose for my network - CCR1009-7G-1C-1S+ or CCR2004-1G-12S+2XS. And how to connect it to switches.
I’ve tried to describe my network and my needs. I’ve looked at block diagrams of both routers, and I understand that they have different architecture.
CCR1009-7G-1C-1S+ - has every port connected directly to CPU - so routing speed is only limited by CPU (and of course by interface speed)
CCR2004-1G-12S+2XS - has ports grouped, and connect to CPU by some additional circuit (98PX1012) and bus 2x25GB. So the routing speed is limited by CPU and the bus. But if I think correctly it is still quicker then CCR1009. CCR1009 has 8x1GB ports + 1x10GB port so max traffic to CPU is 18GB - is still much less than the bus in CCR2004. Am I right? Can I look at this like this?
On the other hand, CCR1009 has more powerful CPU (9x1200Mh = 10,8GHz) than CCR2004 (4x1700Mhz = 6,8GHz). But looking at test results of both - CCR1009 is only quicker in simply bringing and routing lots of small packets.
So if I can use more than one SFP+ interface I should choose CCR2004 and connect it as shown at first diagram in my previous post? If 10GB between router CCR1024 and CRS317 isn’t enough I can always make bonding of two SFP+

I’m counting on your help. Thanks a lot.

3

This is quite the network and I only have my home network to call upon but logically speaking if there is a lot of traffic occurring between switches and it can be done directly without going through the router this will be more efficient. Therefore I like your diagram one in general in that the switches are all linked and router should only be accessed when required., However not knowing the volumes of traffic and what kind of traffic and how often the router is needed makes it a wild assed guess. :slight_smile:

4

I Agree with anav,

for amount of traffic in this network, solution 1 should and would be best option/solution. However, the core fiber switch will be single point of failure. same goes for single router.

Perhaps have two(2) core distribution switches as well as dual access switches. Depending on vendors of those switches, can do MLAG or and then stacking for access layer devices.