Hmm, I may be misunderstanding the terms. I understood routing to refer more to managing the flow of data in and out of my network, like firewall rules and port forwarding. While switching was managing my internal network, like splitting traffic up into different subnets or vlans and actually moving all the data. Is that incorrect?
In any case, is there a difference between setting up different subnets on different ports vs setting up vlans off a single port? Can't you isolate them in either case? If I understand you correctly, you're saying it's better to use vlans and let a dedicated switch do the switching? Presumably because using something like this box for switching would have poor performance?
I think I understand. Though I'm not sure what all the ports are for then. On this box, or say the Netgate 8200 that also has lots of ports, you can't really use them? You'll always want a dedicated switch to handle the switching?
The traditional definition is that routing is layer 3, i.e. making decisions based on IP addresses, and switching is layer 2, i.e. making decisions based on MAC addresses and Ethernet stuff.
Part of what's created more confusion is that consumer "routers" also perform NAT functionality. Which is not technically routing - it's an
additional thing... but somehow in consumerland the NAT part of the router seems to be what is seen as 'routing'
If you have multiple subnets, traffic needs to be routed between them. If your computer is 192.168.54.12 and it wants to send traffic to 192.168.88.5, it knows that i) it can talk to 192.168.54.* because it's directly connected to 192.168.54.*, but ii) it has no idea how to get traffic to any other subnet. So, if you want to send traffic to any other subnet, your computer will send it to the "default gateway" that you've either set manually or received via DHCP - this is an IP on your subnet that is presumed to contain a 'router' that is able to take packets to other subnets and send them somewhere useful.
(Nitpicker's corner: I am assuming a /24 "class C" 255.255.255.0 network mask)
Not sure you are correctly understanding VLANs, either - VLANs are a way to have multiple logically-separate layer 2 networks on the same infrastructure. So, for example, you could do the following:
- 192.168.10.* - marketing department
- 192.168.11.* - finance department
Have one switch for the marketing department, one switch for the finance department, run a cable from the marketing switch to the main router (with an interface 192.168.10.1), run a cable from the finance switch to the main router (to an interface 192.168.11.1).
And if someone in marketing wants to access a file server on the finance network, then they will be sending layer 3 packets to 192.168.11.5, say, their TCP/IP stack knows that that's not on their network, it will send those packets to the default gateway 192.168.10.1, and it is 192.168.10.1's job to get those packets to 192.168.11.*, i.e. by sending the packets out the interface that is connected to 192.168.11.*.
Or you can do the same thing with one switch and VLANs. If marketing is ports 1-10 and finance is port 11-20, you can set ports 1-10 to VLAN 10, ports 11-20 to VLAN 11, and have exactly the same thing with one switch instead of two.
Now, because switches are operating at level 2 and those VLANs are separate layer 2 (and 3) networks, those VLANs can't talk to each other unless i) you run a cable from a port on each VLAN to a router, ii) you run a single cable from the switch to the router and 'tag' both VLANs, or iii) you have a fancy switch with layer 3 functionality (in which case the router is essentially built-in to the switch).
A further note on VLAN tagging - this is where the switch sends traffic for multiple VLANs on the same port and 'tags' the frames to indicate what VLAN they're for. Then the device plugged into the switch basically has a separate logical 'subinterface' for each VLAN. So, to pick my example above, instead of having one port on the router for 192.168.10.1 and one port for 192.168.11.1, you could have one interface with tagged VLANs and VLAN 10 is 192.168.10.1 and VLAN 11 is 192.168.11.1.
VLANs are handy for home networks because, if you want to put different things on different subnets, they make wiring much easier. So for example, if you wanted to have some devices in your family room on two different subnets, without VLANs, you have two switches in the family room, two cables from the family room to wherever your network core is, etc. With VLANs, just put one switch in the family room, set each port to the proper VLAN based on what you want for the device plugged into it, and run one uplink with tagged VLANs back to your network core.
As an aside, for a home network, I would say that multiple subnets is... on the very sophisticated end of the spectrum.
In terms of why boxes like these Qotoms have many interfaces, there are lots of things you can do:
- the basic one-port-per-subnet interface in my first example - you need a port on the router for each subnet
- link aggregation - two or more ports to the same switch, possibly with tagged VLANs
- exotic WAN setups, e.g. having two ports going to two different ISPs, one port going to a private circuit somewhere, etc.
What you probably do NOT want to do is use two of those ports as a bridge, i.e. have two halves of one subnet plugged into separate interfaces, then have the Qotom box send frames from one port to the other. Switches are much better at doing these kinds of things than x86 boxes running a full operating system.
And I would note that the 9 interfaces on the Qotom isn't actually
that many in the grand scheme of things. Boxes from people like SonicWall have a lot more interfaces...
It refuses to link with transceivers that don't have Intel's vendor OUI, even if I unload the driver and then reload it again with 