GiGaPlus - 8* 2.5G Base-T Ports, 2* 10G SFP+ Ports. (USA?)

[oharag]

23% clipable coupon. Only one per purchase but you can purchase on different orders and discount still works.

Someone turned me onto this switch:

https://www.amazon.com/gp/product/B0CT2F3ZDM/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1

Supposedly good reviews. I'm a newbie but I bought two for future network setup in different locations of my home. I like the 8X2.5gbe for future devices over 4 port.

$73.45 delivered with tax for me.

They have a 4X2.5gbe 10% off right now:

https://www.amazon.com/gp/product/B0CQ4F2813/ref=ox_sc_act_title_1?smid=A1LB4M32XA3SA9&th=1

This was the 4X2.5gbe ieRON Patrick reviewed (12% off):

https://www.amazon.com/dp/B0CFTDLDQL/?coliid=I8L42QY9BIQET&colid=2AWNRS0BD0CML&ref_=list_c_wl_lv_ov_lig_dp_it&th=1

 

[soaringswine]

Network devices from no-name / white label vendor sounds like quite a security gamble. I wouldn’t let any sensitive traffic over it.

 

[MountainBofh]

Network devices from no-name / white label vendor sounds like quite a security gamble. I wouldn’t let any sensitive traffic over it.

There's been a lot of FUD about the generic realtek switches being security threats. It would be REAL easy to catch such a switch doing something it shouldn't be doing - wireshark is easy to use and would make such shenanigans quite obvious. Not to mention the intelligence behind these switches are made in Taiwan.

The Chinese government isn't going to backdoor every single cheap piece of consumer gear. Too much work for too little reward, and too easily caught. No - they're going after the big enterprise telecom gear. Why do you think most western countries have banned Huawei and ZTE ?

 

[Cruzader]

Why do you think most western countries have banned Huawei and ZTE ?

Trade war politics.
US that initiated it literally offered to withdraw all their concerns if their trade terms were accepted.

But how much huawei that is still bought and used for telecom in the west would probably suprise most tbh.
The ban comes with fairly wide exemptions if deemed necessary by ISPs to use it in most of the countries that have "banned" it.

 

[is39]

I see a bigger issue when those switches do not support HTTPS (some do) and SNMP; though SNMP is not a staple for web-managed switches
My personal list of wants would be CLI (via ssh, not telnet), VLANs, LACP, SNMP; Web UI optional (but with HTTPS support if at all).
In some cases CLI is there, but it's not exposed.

With regard to backdoors... it's not impossible to make a switch which would activate a backdoor only in very limited circumstances.
Considering it has full access to the network traffic it could use a variety of tricks to piggy back on the legitimate traffic and exfiltrate some amount of local information (domain suffix, LAN IP ranges, even host inventory) and wait forever for C&C activation sequences in one of the responses. If adversary is playing a long game they could be looking for the way into, say, home network of an employee of some targeted company... the switch in question may not be "managed" from end-user standpoint, and still contain a backdoor; this would decrease probability of firmware being disassembled and analyzed. This scenario is less likely when switch chipsets are made by American or Taiwanese company (Realtek), but even then not impossible. Obviously, backdooring datacenter hardware would provide more gain to the adversary, but there it's higher scrutiny and higher probability of detection; plus purely Chinese designs are unlikely to be used in US datacenters.

Still, such an attack requires discipline and coordination; i find it unlikely to be well executed and remain hidden in the cutthroat competitive environment of consumer/prosumer network equipment... if/when it happens it would be earlier in the chain, during switch chipset manufacturing, by chipset maker compelled (or subverted) to do so.

 

[Cruzader]

Obviously, backdooring datacenter hardware would provide more gain to the adversary, but there it's higher scrutiny and higher probability of detection; plus purely Chinese designs are unlikely to be used in US datacenters.

There is no problem with Chinese designed, produced and validated products to be used in US datacenters if the brand name its made on behalf of is western.

Never really understood how they care more about where the IP is held than who/where actualy makes the hardware.
That products based on the same Chinese OEM base design and produced by the same Chinese facility is deemed safe or not by where the brands HQ is.

If actual backdoors was the concern surely the OEM and their facility should be the concern, not whos branding is on the box.

 

[is39]

It's at least theoretically possible to validate the implementation if you own the IP; extremely expensive for sure.
Reportedly, it's not trivial to backdoor the silicon, keep it hidden and not break anything.
Firmware is much easier to backdoor, but there are more eyes, hopefully.

I guess if we're taking it seriously and assume budget and sophistication comparable to NSA, we should expect substantial and sustained effort;
hard to predict if it's directed deep or wide; for some reason i'd expect China to go wide.

With regard to acceptance, i do agree that it's often a question of a brand label versus reality.
In businesses choices are typically made based on what staff is familiar with and company can afford;
which is unlikely to be Huawei or ZTE, even if it's cost-competitive - less known, hard to import, hard to support.
At larger scale i can believe such re-branding may be already happening ;-)

Government has stricter criteria (approved product lists, FIPS certifications etc).

I agree that backdoored switch is probably very low on the list of threats for most of participants of this forum.
Even if it's indeed backdoored i'd expect that adversary of that scale would not risk burning it for a low-value target, which most of us are ;-)

 

[Cruzader]

I agree that backdoored switch is probably very low on the list of threats for most of participants of this forum.
Even if it's indeed backdoored i'd expect that adversary of that scale would not risk burning it for a low-value target, which most of us are ;-)

Now that i think of it i dont think ive ever seen switches mentioned even with the NSA tailored access stuff regarding cisco backdoors either, its always routers etc more centraly placed hardware that are the success examples and get mentioned.
For switches to be of interest id expect it to be models more in enterprise/ISP cores than a consumers home unit.

It's at least theoretically possible to validate the implementation if you own the IP; extremely expensive for sure.

If its used as an actual attack vector i think that is in the theoretical realm tbh
With the hardware going direct from the possibly "hostile facility" and to the costumer without you handling it to do any physical verification.

With supermicro a while back the concern was if manafacturing had added a secondary circuit on the mobos going to come clients.
But atleast to my understanding it ended up with not finding anything and confusion around why they even suspected it to begin with.

Thats still the status regarding huawei for most of the west also pretty much.

 

[fossxplorer]

Anyone seen a 8x 2.5G 2x 10G SFP+ on AliE similar to these?

 

[sic0048]

2 of the 3 are unmanaged. I would certainly pass on those.......

With more and more WiFi access points offering 2.5gb ports, the most likely reason I would ever add 2.5gb is for these devices. As such, VLAN support is pretty much a requirement. Otherwise if I need faster than 1gb speeds, I'll likely stick with 10gb.

PS - this isn't meant to be a knock on the posted deal. I appreciate posts like this even if they are not what I am looing for. It may be exactly what other people are looking for.

 

[Cruzader]

Anyone seen a 8x 2.5G 2x 10G SFP+ on AliE similar to these?

Not too many brands that do the 8+2 units, most ali brands have the typical 4+2 5+1 8+1 24+2 24+6.

Ive stuck one of these horaco 4+2 in each case with 4 mobos for my 2.5gbe nodes.

 

[ms264556]

Anyone seen a 8x 2.5G 2x 10G SFP+ on AliE similar to these?

Xikestore do one:

https://a.aliexpress.com/_ExlQevt

$70 inc tax and shipping if you go via the coins page

 

[Cruzader]

If you are fine with unmanaged then there are plenty like that yeah, did not even consider unmanaged since people generaly dont want them.

 

[oharag]

Anyone seen a 8x 2.5G 2x 10G SFP+ on AliE similar to these?

Can I ask why you would like to order from Aliexpress? I find that place a hot mess - poor search tools - plus hipping tkwa forever. I worry about getting incorrect items with poor product returns. Wouldn't it be better to order from Amazon or any other site?

 

[oharag]

2 of the 3 are unmanaged. I would certainly pass on those.......

With more and more WiFi access points offering 2.5gb ports, the most likely reason I would ever add 2.5gb is for these devices. As such, VLAN support is pretty much a requirement. Otherwise if I need faster than 1gb speeds, I'll likely stick with 10gb.

PS - this isn't meant to be a knock on the posted deal. I appreciate posts like this even if they are not what I am looing for. It may be exactly what other people are looking for.

Too late you already crapped on the post. There is a chip from AMD called Threadripper. My nickname for you from here on out is "Threadcrapper"

 

[ms264556]

Can I ask why you would like to order from Aliexpress? I find that place a hot mess - poor search tools - plus hipping tkwa forever. I worry about getting incorrect items with poor product returns. Wouldn't it be better to order from Amazon or any other site?

If we're outside the US then a lot of products are unavailable. Your deal has free shipping to NZ and a discount voucher, so it's a very good deal - only $10 more expensive than AliExpress.

AliExpress makes it very difficult to find the best price for an item, or the fastest shipping vendor. I lose count of the number of times my order confirmation screen showed the same item from a slightly cheaper seller.

But Amazon US's global shipping takes a long time & it's not super reliable - it's about as bad as AliExpress. My last 2 Amazon orders (SSDs) were 'lost' in transit during the trip from Amazon to the international shipping hub. Amazon increased the delivery estimate so I had to wait several weeks before they shipped a replacement. The 1st SSD they lost had a huge black friday discount so they refunded rather than replacing.

 

[oharag]

If we're outside the US then a lot of products are unavailable. Your deal has free shipping to NZ and a discount voucher, so it's a very good deal - only $10 more expensive than AliExpress.

AliExpress makes it very difficult to find the best price for an item, or the fastest shipping vendor. I lose count of the number of times my order confirmation screen showed the same item from a slightly cheaper seller.

But Amazon US's global shipping takes a long time & it's not super reliable - it's about as bad as AliExpress. My last 2 Amazon orders (SSDs) were 'lost' in transit during the trip from Amazon to the international shipping hub. Amazon increased the delivery estimate so I had to wait several weeks before they shipped a replacement. The 1st SSD they lost had a huge black friday discount so they refunded rather than replacing.

Man Amazon in USA sucks at times as well - products that get lost in shipping - trying to get a refund is a pain in the arse - and if you purchase a product and the price is adjusted that day they won't give you a price match. That is if you can even get a human being. Oh and the product packaging is horrendous - product bouncing around in the box - squashed product spilled on the inside. But yeah it's convenient. I'm interested in some items on Aliexpress but as stated the search is horrendous - product splash pages are too loud if little or no info. This discussion about Chinese made products above if kind of funny. Most everything is made in China - iPhone/android/etc... Even Taiwan/Japan is producing in China - and China wants to invade them!!!!!!