Community discussions

MikroTik App
 
v3g4
just joined
Topic Author
Posts: 5
Joined: Wed Aug 03, 2022 10:31 pm

VLANs accross two L3-switches - or routing via Mikrotik router?

Wed Aug 03, 2022 10:39 pm

Hi!

I have two L3-switches, each in one of two buildings. They are interconnected and should behave like a single large switch for both buildings together. I've heart, that there is a technology called "switch stacking", where multiple switches behave like a single switch. As far as I know, it's not possible with the switches we have nor with Mikrotik switches.

A simplified version of my setup is shown in the network diagram below: Building A and building B have their own switches, which are connected through multiple cables (link aggregation). There are VLANs (VLAN 1+2), which are available in both buildings (both switches). And there are VLANs, which are only used in one building (VLAN 3+4), but they need to be reached also by all other VLANs - within the same building, but also from the other building. There are also a number of firewall rules on the L3-switches to control traffic between different VLANs.

There two goals:
  1. Network packages should use the fastest link to destination: A network package from a device in VLAN 1 in building B to another device in VLAN 1 in building B should not be routed through L3-Switch A. That's why L3-Switch B has another IP. Challenge: DHCP server for VLAN 1 needs to know, whether a device is in building A or building B to assign the appropriate default gateway (10.1.1.1 or 10.1.1.2). In my actual setup, switch B behaves currently like a L2-Switch, which means that everything is routed to switch A, which narrows bandwidth (aggregated links between buildings VS. switch backplane)
  2. No manual replication of switch configuration (especially firewall rules to control traffic between VLANs). There are more or less complex firewall rules between VLANs. So it would be quite a large effort, to maintain them in both switches - especially if another default gateway (switch B) comes into play.

As far as I understand, there are 3 approaches. Please correct me, if I am wrong:
  1. Stackable switches = multiple switches which can be configured to behave as a single large switch. This would be the most convenient and most performative option. It's only available for expensive switches from specific manufacturers.
  2. Routing on Mikrotik router, which is doing all the communication accross VLANs. Advantage: a single point of firewall configuration (filter rules between VLANs). Disadvantage: Bottleneck is link from switch(es) to router and of course routing performance of router, Routing performance of L3-switch via backplane would be higher?
  3. Routing at switch level (like shown in the diagram). Advantage: Highest performance through switch backplanes, also in routing scenarios, only bottleneck in building interconnection between switches. Disadvantage: complex setup, because firewall rules have to be duplicated manually and maybe adapted to building/switch. DHCP server needs to know in which building the network client is to assign correct default gateway (switch A vs. switch B).

Which of the three alternatives would you prefer from a practical point of view? Do you see any further alternatives?
Bildschirmfoto 2022-08-03 um 20.51.27.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: VLANs accross two L3-switches - or routing via Mikrotik router?

Thu Aug 04, 2022 7:28 am

For what you are showing, you do not need any routing - only switching. In that situation, if it were me, I would put something like a CSS326 at each location, configure a VLAN trunk between the two switches,and configure whatever VLANs are needed on the various ports. Doing that in SwitchOS would be VERY easy. That is also essentially what I am doing here. In my case, there is also a router that ties to one of the switches to allow routing between VLANs as needed, and also Internet access as needed.

If you wanted higher reliability between the switches, you could set up a LAG with multiple connections between the switches (preferably diverse routes) - also improves total connection throughput as long as all LAG connections are working. If you only want the reliability of multiple paths but don't need the speed, you could also use RSTP between the switches.

BTW, I said, CSS326 switches which are 24 GigE ports + two SFPs. If you need more or less ports, there are other switch options.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLANs accross two L3-switches - or routing via Mikrotik router?

Thu Aug 04, 2022 10:15 am

The main difference between L2 switching and stackable switches nowdays in ease of management - stackable switches are seen as single switch. Performance wise the difference is not that big if L2 switches provide "upstream" ports with decent speed ... some vendors providing stackable switches got rid of proprietary stacking interfaces which used to give an edge over simple L2 switches, so now it's standard interface running proprietary stacking protocol.
 
v3g4
just joined
Topic Author
Posts: 5
Joined: Wed Aug 03, 2022 10:31 pm

Re: VLANs accross two L3-switches - or routing via Mikrotik router?

Thu Aug 04, 2022 1:10 pm

Thanks for your answer, k6ccc!

For what you are showing, you do not need any routing - only switching. In that situation, if it were me, I would put something like a CSS326 at each location, configure a VLAN trunk between the two switches,and configure whatever VLANs are needed on the various ports. Doing that in SwitchOS would be VERY easy. That is also essentially what I am doing here. In my case, there is also a router that ties to one of the switches to allow routing between VLANs as needed, and also Internet access as needed.

I think, that's what I tried to describe with approach number 3. The router is - for instance - connected to switch A. I see two disadvantages in that solution: If there is a connection vom VLAN1 to VLAN2 in building B, packages are sent to building A (switch A) and then further to the connected router and all the way back to building B. Of course, this setup has advantages, like I don't have to maintain firewall rules in two L3-switches, but only in one router. And I don't need any L3-switches at all, as you mentioned.

Probably the bottlenecks can be avoided if I use CSS326 switches. SFP ports can be 10 GBit as far as I've seen. So connection between switch A and router as well as connection between switch A and B can be 10 GBit, whereas all others have still 1 GBit.

If you wanted higher reliability between the switches, you could set up a LAG with multiple connections between the switches (preferably diverse routes) - also improves total connection throughput as long as all LAG connections are working. If you only want the reliability of multiple paths but don't need the speed, you could also use RSTP between the switches.

I use LAG between buildings only for performance reasons (at the moment 4 x 1 GBit). Reliability is not an issue at the moment.
 
v3g4
just joined
Topic Author
Posts: 5
Joined: Wed Aug 03, 2022 10:31 pm

Re: VLANs accross two L3-switches - or routing via Mikrotik router?

Thu Aug 04, 2022 1:12 pm

The main difference between L2 switching and stackable switches nowdays in ease of management - stackable switches are seen as single switch. Performance wise the difference is not that big if L2 switches provide "upstream" ports with decent speed ... some vendors providing stackable switches got rid of proprietary stacking interfaces which used to give an edge over simple L2 switches, so now it's standard interface running proprietary stacking protocol.
I see. In our case, I wouldn't stack them for performance reasons, but for easier configuration maintenance (e.g. one configuration for IP ACLs and not multiple configurations in every switch).

Who is online

Users browsing this forum: Bing [Bot], BioMax and 30 guests