Understanding Router on a Stick

Discussion in 'Networking' started by RobertFontaine, Feb 12, 2017.

  1. RobertFontaine

    RobertFontaine Active Member

    Joined:
    Dec 17, 2015
    Messages:
    666
    Likes Received:
    148
    Naive question time,

    I've been trying to wrap my head around the various configurations - pros/cons.

    I have an 24 port layer 2 switch and have been slowly working my way towards a pfsense router with default, DMZ, home, work, lab vlans.

    Actual bandwidth from the wan is ~150Mbits and the lan is gigabit.

    What are the pros/cons of configuring my firewall/router on a stick?
    - Is the risk one of MAC Spoofing?
    - Bandwidth bottlenecking?

    As I understand it my switch handles ethernet traffic within vlans by MAC address,
    The router moves traffic between vlans at layer 3 by IP address.

    In my home environment I have the ability to plug everything I run into a single switch and it can currently handle all the bandwidth I am sending it a daily basis.

    I've been looking at a little J1900 to serve as pfsense router or a use i5 sff box for half the price and twice the watts. I haven't been able to decide why I would choose a multi-nic router over a single nic router.


    Thanks
    Robert
     
    #1
  2. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    505
    Likes Received:
    117
    1) if you have multiple internal networks, it will bottleneck
    2) it will fail open if someone fumble-fingers the config or (on many soho switches) while the switch is resetting. the real impact of this is probably limited as the internal devices won't readily route to the internet, but it's ugly
    3) it leaves the switch open to attacks from the outside. again, in practice this is of limited impact because the switch is probably using a non-routable IP, but it's still ugly.
    4) if you're on an ISP topology that provides a WAN that lets you see your neighbors, the last couple of points are more compelling, but your neighbors probably don't know how to exploit this. :)

    So mostly it's a matter of aesthetics, but the quality most switch firmware is so bad I'd rather not put it on the public internet if it's pretty easy to buy another NIC and avoid the issue.
     
    #1
Similar Threads: Understanding Router
Forum Title Date
Networking Understanding DHCP-relay Jul 17, 2019
Networking BIDI SFP+ 10G understanding question Mar 17, 2017
Networking sub domain and dns router Tuesday at 6:30 AM
Networking Looking for 2x1GE LACP router advisory Nov 21, 2019
Networking RouterOS: basic firewall policy and rules model Nov 18, 2019

Share This Page