Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
I'm mainly interested in the upcoming 48x PoE switch with L3 support. What does hardware vs software LACP mean?There are two main lines of Mikrotik switches:
CSS: uses a lightweight GUI interface called swOS, supports hardware LACP, VLAN tagging, STP and a few other things. Key word is lightweight, L2 only.
CRS: same physical hardware as the CSS only they support very limited speed L3 support and lack hardware LACP. Most CRS switches are dual boot cabaple and can run the swOS as well. Running swOS disables any L3 support.
I'm mainly interested in the upcoming 48x PoE switch with L3 support. What does hardware vs software LACP mean?
How would you compare their L3 speed vs UBNT Edge switches?
I personally don't run LACP anymore on "smaller" networks because 10Gb is so cheap.
CRS354-48P-4S+2Q+ was the one I was looking at, but the latest prediction I could find is 5/2019 release, so that may not even be an option. L3 would be used for inter-vlan routing. I haven't yet figured out how I should segment the inter-vlan routing and firewalling between the switch itself and pfsense on a separate server.The CRS series running RouterOS (which enables the use of L3 features) typically is quite slow although that is changing with their larger POE switches utilizing the ARM 98DX3236 such as the CRS328-24P-4S+RM. The "Test Results" tab on their product description page shows pretty decent performance for very basic routing (they call it "Fast Path") which would be utilized for simple inter-vlan routing. Once you start adding firewall rules things really, really slow down.
A direct comparison to the UBNT switches? I haven't personally used the Edgeswitch product line extensivly but I have been paying attention to them since UBNT first came out with the line. I do know several people that use them on a regular basis. The Failure rate doesn't seem any different than Mikrotik, Linksys or any other non-pro-grade line of switches. Personally I hate the entire UniFi administration environment but the Edgesiwtch line doesn't seem too bad. The GUI seems to have most the options and the CLI seems familiar if you've used Cisco products before. The RouterOS GUI is complicated (all the options, not many descriptions) but straightforward once you take a look around, same with the CLI. The Edgeswitch line is either near-line rate L3 or pretty close to it from everything I can find.
LACP is the deal breaker on the CRS line. LACP is useless while running RouterOS. In RouterOS LACP runs thorugh the CPU (causing very slow performance), swOS handles it through the switch chip which enables line-speed communication over the LACP link. I personally don't run LACP anymore on "smaller" networks because 10Gb is so cheap.
Short version? Need LACP? Get the Edgeswitch. Don't need LACP? Start looking at the price-per-port value and other features like Dual PSU. Need it now? Get the Edgeswitch because Mikrotik has a terrible time delivering products when they say the "should be ready".
No matter what one you choose, if downtime is an issue then buy a spare because the warranty exchange for either isn't going to be fast.
but maybe it would be better to use two SFP+ ports for that and buy the additional cards for the servers.
I haven't yet figured out how I should segment the inter-vlan routing and firewalling between the switch itself and pfsense on a separate server.
I have a general plan to segment the network like your example above. What I'm not sure about is how to solve the communication and security between some segments that have to talk to each other - when to do it on the switch (faster) and when to go through pfsense (more versatile).I'm going to admit to being new on how to implement this properly, but the basic idea is to put stuff that needs to be separated on separate DHCP subnets, with each subnet tagged with a different VLAN.
An example as a point of further discussion:
I plan on revisiting this a bit as I think I've recovered from borking my network repeatedly during my last attempt
- Put IoT stuff on 10.0.2.0/24 and VLAN2
- Put cameras on 10.0.3.0/24 and VLAN3
- Put guest WiFi on 10.0.4.0/24 and VLAN4
- etc.
I have a general plan to segment the network like your example above. What I'm not sure about is how to solve the communication and security between some segments that have to talk to each other - when to do it on the switch (faster) and when to go through pfsense (more versatile).
There are switches with L3 routing features, though, which avoid the single link bottleneck with an external router. A 10 Gbit switch<->pfsense link would mitigate that hopefully.