02-24-2011 12:01 AM - edited 02-24-2011 12:06 AM
Any thoughts or opinions on replacing a Layer 3 core switch that is currently routing 6 VLAN's, with the 16 ports on the SRX 240? The fact that its stateful throughput is 1.5Gbps worries me a little, I can't find anything re. inter-vlan routing, or routing intra-zone (multiple VLAN's in the same zone).
On the other hand, I can't find routing throughput numbers for Dell 6248 either, I doubt they are the same as their fabric capacity at 48Gbps hah.
Most bandwidth is low between subnets, except from user to server VLANS at times (fileserver, large files), and there's a couple server networks that would see backups occuring from VLAN to VLAN also.
My original plan was to replace my core L3 switch with the switching capable SRX 240, but I really don't know.
Any opinions would be appreciated.
02-24-2011 10:35 AM
The Dell 62xx series state that they are wire-speed L2/L3 switches.
As far as replacing a L3 core switch with an SRX240... well... you're going to have to evaluate your needs carefully before making that choice.
You really can't compare a SRX240 to a L3 switch, they're not apples-to-apples. Yes, the SRX can be put into switching mode, but that doesn't make it a switch. It's still a firewall, and it's going to have a very different personality than a typical switch or L3 switch/router.
02-24-2011 07:22 PM
I'm curious as to what prompted this design change in the first place. To the best of my knowledge the ethernet-switching chip is only L2 so all L3 functions would function at the firewall's rated throughput. You might be able to add some performance by using the packet-filter bypass but that would defeat the purpose of placing a stateful device there.
02-25-2011 08:24 AM
Right now I have a Sonicwall with only 5, 10/100 ports and no switching capabilities. Now we have a device with switching capabilities and 16 ports... It's just a case of small business being a small business, if we can free up a $1500 switch and use the Juniper, then it gains us a 48-port GB switch to move the rest of our users too.
I probably won't do it, now that I know it does use the firewalls throughput capabilities, and the Dell switch supposedly does its routing at wire speed.
Thanks for the input!
02-26-2011 10:03 AM
If you are doing pure L2 switching between ports then you should be able to do close to wirespeed on each port. But as soon as you move to L3 then you will have to go through flow processing even if intra-zone. This means you will indeed be limited to the 1.5Gbps system limits.
Also you cannot compare a Dell 62xx switch to SRX. Dell is a pure L2/L3 device with no security inspection. SRX is a firewall which happens to be able to do switching as well. They are really two different class of products.