• Get involved.
    We want your input!
    Apply for Membership and join the conversations about everything related to broadcasting.

    After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
    If you use a disposable or false email address, your registration will be rejected.

    After your membership is approved, please take a minute to tell us a little bit about yourself.
    https://www.radiodiscussions.com/forums/introduce-yourself.1088/

    Thanks in advance and have fun!
    RadioDiscussions Administrators

Differences between Layer-2 and Layer-3 ethernet switches?

S

spinjector

A while back I was searching for new switches for our network. When the network was built, some Einstein installed half a dozen Cisco 3560 switches. I feel these are significant overkill for what we need. Especially since they're ~$4,000+ new.

In searching for other suitable models, I found what seemed to be perfect replacements from companies such as Asus and Netgear, at literally 1/10th of the cost. But an issue arose that I understood in concept, but I didn't understand in terms of it's functional effect in a broadcast environment: the difference between Layer-2 or Layer-3 devices.

Aside from basic issues of networking such as internet, file sharing, and printing, there are also things such as audio streaming, RDC, VPN, Intraplex bridges to transmitter sites, and so forth. And then there are the mission-critical applications such as RCS Nexgen, AudioVault, and others.

So - does anyone here understand this level of detail and might be able to explain it to me?

Thanks.
 
Everything I know... I learned from Google.

Layer 2 Switches (The Data-Link Layer)
Layer 2 switches operate using physical network addresses. Physical addresses, also known as link-layer, hardware, or MAC-layer addresses, identify individual devices. Most hardware devices are permanently assigned this number during the manufacturing process.

Switches operating at Layer 2 are very fast because they’re just sorting physical addresses, but they usually aren’t very smart—that is, they don’t look at the data packet very closely to learn anything more about where it’s headed.

Layer 3 Switches (The Network Layer)
Layer 3 switches use network or IP addresses that identify locations on the network. They read network addresses more closely than Layer 2 switches—they identify network locations as well as the physical device. A location can be a LAN workstation, a location in a computer’s memory, or even a different packet of data traveling through a network.

Switches operating at Layer 3 are smarter than Layer 2 devices and incorporate routing functions to actively calculate the best way to send a packet to its destination. But although they’re smarter, they may not be as fast if their algorithms, fabric, and processor don’t support high speeds

Layer 4 Switches (The Transport Layer)
Layer 4 of the OSI Model coordinates communications between systems. Layer 4 switches are capable of identifying which application protocols (HTTP, SNTP, FTP, and so forth) are included with each packet, and they use this information to hand off the packet to the appropriate higher-layer software. Layer 4 switches make packet-forwarding decisions based not only on the MAC address and IP address, but also on the application to which a packet belongs.

Because Layer 4 devices enable you to establish priorities for network traffic based on application, you can assign a high priority to packets belonging to vital in-house applications such as Peoplesoft, with different forwarding rules for low-priority packets such as generic HTTP-based Internet traffic.

Layer 4 switches also provide an effective wire-speed security shield for your network because any company- or industry-specific protocols can be confined to only authorized switched ports or users. This security feature is often reinforced with traffic filtering and forwarding features...
 
Thanks, I read similar information on Wikipedia.

If you review my original post, I asked what the functional effect the different types of switches have in a broadcast environment because of all the wonky hardware & software we have.
 
Layer 2 is the Ethernet Layer and traditionally defines a "LAN". Broadcast traffic will pass through a Layer 2 switch and therefore can use capacity, and introduce variability into the equation if used for AoIP.

Layer 3 is the IP Layer and traditionally define "WAN" links between 2 or more LANs. Layer 3 is what "Routers" deal with. A switch with Layer 3 basically included IP Routing, generally at very hi speeds.

To explain further, if you have two LAN (for example one LAN 192.168.1.x and 192.168.2.x (both with subnet masks of 255.255.255.0) they cannot communicate without a Layer 3 Switch or a router.

By using Layer 3 between these 2 LANs you keep the Ethernet broadcast packets on each LAN and only pass traffic between the two that is actually addressed to it.

This is an over simplified explanation, but I hope it helps!
 
spinjector said:
In searching for other suitable models, I found what seemed to be perfect replacements from companies such as Asus and Netgear, at literally 1/10th of the cost. But an issue arose that I understood in concept, but I didn't understand in terms of it's functional effect in a broadcast environment: the difference between Layer-2 or Layer-3 devices.
Click to expand...

Spinjector-

No disrespect meant for your choices, but the Linksys, Netgear, Asus gear is okay. But if your looking for reasonably priced gear that is rock solid in a broadcast environment, have a look at the Mikrotik routers and switches. They are also less expensive than the options you've noted, and can be configured as Layer 2 or 3.

I have 7 Mikrotik RB450G routers in place: one is on a UPS and has been running non-stop 24/7 since August 2009 (yes, two years soon) with heavy usage. It has not hung, slowed down, or otherwise failed. These routers/switches are actually made for the ISP and WISP industry, so they are built for long-term stability (like an old Bell 2500 telephone).

In some of my installations, I'm using the RB450G as routers; in other, I have them configured as switches. They do everything I need for a broadcast environment: subnetting different segments of the LAN (192.168.1.XXX, 192.168.2.XXX, etc) so that the segments are invisible to one another, true levels of QOS, VLAN, a NTP server for the computer time sync, etc. In reality, they can be configured to do just about anything you want.

Since discovering these devices, I have thrown my Linksys, Netgear devices in the trash :)

http://www.mikrotik.com/

http://routerboard.com/
 
ChiefOperator...

Thanks for that post. I am looking for some more advanced gear to do just that and these seem to fit the bill perfectly.

Thank You.
 
chriscollins said:
ChiefOperator...

Thanks for that post. I am looking for some more advanced gear to do just that and these seem to fit the bill perfectly.

Thank You.
Click to expand...

You're welcome. I like to think of Mikrotik as having Cisco features and stability at Linksys prices :). Out of the box, they will function as basic routers and switches or you can delve into the more advanced features and configure as complex as you wish.

I don't know your needs, but I would have a look at the RB750G router at around $80 and the more advanced (hardware) RB450G router at around $120. This RB450G is extremely powerful. Either can be configured as a "smart" switch or you could look at the RB250GS switch at $40. Don't let these low prices fool you; this gear is high-quality, professional stuff.
As I mentioned before, the Mikrotik markets are ISP and WISP. One nice feature is that all the routers use the same OS and interface, so once you understand how to configure one, you know how to configure all.

My most recent install was a RB450G, a RB750G (used as switch), and some RB250GS switches. I subnetted into 4 segments: automation, office, wireless access, and encoder. I then added advanced firewall rules to prevent computers on the same segment from "seeing" each other and to allow only certain computers to see certain printers. I set-up QOS for the encoder and even configured the RB450G router as a NTP server. It queries the outside world for time sync every 15 minutes and the rest of the computers in the building then query the router for time syncs. The result of this project is 24/7 bullet-proof operation at a total cost of about $350

On the Mikrotik website, there may still be a demo link that allows you to log into a working router to see all the features.

I get my gear from here:

http://www.roc-noc.com/

The guys are sharp and helpful, and the service is excellent.

Finally, there is a lot of good information on the Mikrotik website, including a very active forum. In addition, this link has been helpful to me. I've even exchanged many helpful emails with him.

http://gregsowell.com/

Note: I have NO affiliation with any of these companies. I'm only happy to share the information.
 
ChiefOperator said:
chriscollins said:
ChiefOperator...

Thanks for that post. I am looking for some more advanced gear to do just that and these seem to fit the bill perfectly.

Thank You.
Click to expand...

You're welcome. I like to think of Mikrotik as having Cisco features and stability at Linksys prices :). Out of the box, they will function as basic routers and switches or you can delve into the more advanced features and configure as complex as you wish.

I don't know your needs, but I would have a look at the RB750G router at around $80 and the more advanced (hardware) RB450G router at around $120. This RB450G is extremely powerful. Either can be configured as a "smart" switch or you could look at the RB250GS switch at $40. Don't let these low prices fool you; this gear is high-quality, professional stuff.
As I mentioned before, the Mikrotik markets are ISP and WISP. One nice feature is that all the routers use the same OS and interface, so once you understand how to configure one, you know how to configure all.

My most recent install was a RB450G, a RB750G (used as switch), and some RB250GS switches. I subnetted into 4 segments: automation, office, wireless access, and encoder. I then added advanced firewall rules to prevent computers on the same segment from "seeing" each other and to allow only certain computers to see certain printers. I set-up QOS for the encoder and even configured the RB450G router as a NTP server. It queries the outside world for time sync every 15 minutes and the rest of the computers in the building then query the router for time syncs. The result of this project is 24/7 bullet-proof operation at a total cost of about $350

On the Mikrotik website, there may still be a demo link that allows you to log into a working router to see all the features.

I get my gear from here:

http://www.roc-noc.com/

The guys are sharp and helpful, and the service is excellent.

Finally, there is a lot of good information on the Mikrotik website, including a very active forum. In addition, this link has been helpful to me. I've even exchanged many helpful emails with him.

http://gregsowell.com/

Note: I have NO affiliation with any of these companies. I'm only happy to share the information.
Click to expand...

I need to combine the streams & automation system into one router, but keep the traffic off of each other. Then, I will open ONE port for each set of call letters between the two to pass metadata to the encoders.
 
I need to combine the streams & automation system into one router, but keep the traffic off of each other. Then, I will open ONE port for each set of call letters between the two to pass metadata to the encoders.


I *think* I know what your asking. Yes, that is simple to do and can be done with basic firewall rules. Subnet the encoders and automation systems
(automation = 192.168.2.XXX, encoders = 192.168.3.XXX) and then create firewall rules that all traffic between the two shall be dropped. Then, add a firewall exception that traffic on Port XXXX to machine 192.168.3.XXX shall be passed. Or you could keep all machines on the same and create a bunch of rules to separate the two. The former would be simpler and cleaner.

Mikrotik processes firewall rules top to bottom, so the port exception would
be placed above the other rules. It would basically read: "Pass all traffic on Port XXXX to machine 192.168.3.XXX, but drop all other traffic from 192.168.2.XXX to 192.168.3.XXX and from 192.168.3.XXX to 192.168.2.XXX."

If you have a lot of machines, you may need to get a switch as well so that you have enough physical ethernet ports.

You could also certainly set-up a VLAN as DoctorWu states. That would work.

Spinjector-

Yes, it would have to be managed.
 
RolfTaylor said:
Broadcast traffic will pass through a Layer 2 switch and therefore can use capacity.
By using Layer 3 between these 2 LANs you keep the Ethernet broadcast packets on each LAN and only pass traffic between the two that is actually addressed to it.
Click to expand...

Thanks, this is one of the things i was wondering, but didn't know how to ask it.
 
ChiefOperator said:
I need to combine the streams & automation system into one router, but keep the traffic off of each other. Then, I will open ONE port for each set of call letters between the two to pass metadata to the encoders.


I *think* I know what your asking. Yes, that is simple to do and can be done with basic firewall rules. Subnet the encoders and automation systems
(automation = 192.168.2.XXX, encoders = 192.168.3.XXX) and then create firewall rules that all traffic between the two shall be dropped. Then, add a firewall exception that traffic on Port XXXX to machine 192.168.3.XXX shall be passed. Or you could keep all machines on the same and create a bunch of rules to separate the two. The former would be simpler and cleaner.

Mikrotik processes firewall rules top to bottom, so the port exception would
be placed above the other rules. It would basically read: "Pass all traffic on Port XXXX to machine 192.168.3.XXX, but drop all other traffic from 192.168.2.XXX to 192.168.3.XXX and from 192.168.3.XXX to 192.168.2.XXX."

If you have a lot of machines, you may need to get a switch as well so that you have enough physical ethernet ports.

You could also certainly set-up a VLAN as DoctorWu states. That would work.

Spinjector-

I am real particular about traffic on my automation network. There are only 3 computers on it outside of the automation system and all the audio (44.1 Uncompressed) is streamed over it to the On-Air boxes from one of two redundant file servers. I will probably also setup some QOS rules between the servers and the on-air boxes.
Yes, it would have to be managed.
Click to expand...
 
Status
This thread has been closed due to inactivity. You can create a new thread to discuss this topic.


Back
Top Bottom