amuck-landowner

Layer 3 Lite vs Layer 2 (Netgear). Help please.

coreyman

Active Member
Verified Provider
Hi guys, from what I understand layer 3 lite switches or (layer 2 +) with netgear have ip routing capabilities. My datacenter is giving me a bit of trouble and saying that they can't provide me any uplink unless the switch is fully layer 3 (they looked up my switch), which makes no sense to me. I'm not an expert on routing, but someone correct me if I'm wrong with the following. If they require layer 3 shouldn't I only need the ip routing capabilities that layer 2 doesn't have?

The issue that I was having was I believe they had the old mac address to my other switch locked on their equipment and when I plugged in my switch it wasn't able to negotiate for the link because it was not the right mac address. So I've opened a ticket and two weeks later got the reply that my switch needs to be 'fully layer 3 capable'.
 

gordonrp

New Member
Verified Provider
Firstly, a netgear is only really fine for hobby usage, I assume you're only using it for personal colo, otherwise grab a used ex4200 on ebay or something.

What model is it? If you can set an ip from their /30 on the uplink, and they can route all your IP space (from them or your own) to your end of the /30 then that should be all you need.

I assume you're not trying to do anything like ospf (redundant uplinks from the provider, etc)?
 

coreyman

Active Member
Verified Provider
Firstly, a netgear is only really fine for hobby usage, I assume you're only using it for personal colo, otherwise grab a used ex4200 on ebay or something.

What model is it? If you can set an ip from their /30 on the uplink, and they can route all your IP space (from them or your own) to your end of the /30 then that should be all you need.

I assume you're not trying to do anything like ospf (redundant uplinks from the provider, etc)?
Well firstly it is a business class netgear switch with better specs than my cisco 2950. I can't see how you can group all netgears into that category. Thank you for your suggestion though, I did contemplate getting a switch like that but wanted to get something 'NEW' for the same price and comparable specs instead of something 'USED'. I have set an ip from the /29 they gave me on my uplink and turned on routing for that port, not running redundant uplinks.
 
Last edited by a moderator:

gordonrp

New Member
Verified Provider
Well firstly it is a business class netgear switch with better specs than my cisco 2950. I can't see how you can group all netgears into that category. Thank you for your suggestion though, I did contemplate getting a switch like that but wanted to get something 'NEW' for the same price and comparable specs instead of something 'USED'. I have set an ip from the /29 they gave me on my uplink and turned on routing for that port, not running redundant uplinks.
Didn't mean to rub you the wrong way. The business class switches are intended for branch environments, not typically exposed to the www. They don't handle high pps well. 

Anyway, does your side of the /29 ping from the Internet? If so, the DC can static route all your nets to it. Maybe they are worried that your switch is a dumb switch or hub that will be arping up to their side of the /29, if that is not the case you should just inform them as such.
 

coreyman

Active Member
Verified Provider
Didn't mean to rub you the wrong way. The business class switches are intended for branch environments, not typically exposed to the www. They don't handle high pps well. 

Anyway, does your side of the /29 ping from the Internet? If so, the DC can static route all your nets to it. Maybe they are worried that your switch is a dumb switch or hub that will be arping up to their side of the /29, if that is not the case you should just inform them as such.
Oh okay, if this switch doesn't handle the load netgear support will be hearing from me :)

When I plugged in my uplink it wouldn't ping at all, so I've got a third party involved that I'm paying hourly to work with the datacenter as I didn't know what else to do. I'm not an expert but I believe my end was configured correctly.
 

coreyman

Active Member
Verified Provider
Just as an update, this switch is a joke. I did get it working, but the arp table cache only allows 509 entries. They claim to have a '16k' mac address table. WTF do you need to store that many mac addresses for if you can't associate ip addresses with them? Waste of time and money... The arp table cache size is not listed anywhere in any specs. I had to buy it to find out.

They want me to spend many thousands of dollars to get a switch that allows 4k arp entries.

Edit: Oh and the support guy told me this was purely a software/firmware limitation and he could put in a feature request for it..... LOL.

Edit Edit: @gordonrp I should have just listened to you. The ex4200 has 16k arp entries.
 
Last edited by a moderator:

gordonrp

New Member
Verified Provider
@coreyman

That sucks. You can get EX4200 used on ebay for about $1k. When buying new or used you want a full spare switch anyway, I'd rather have two used switches than 1 new when budget is constraining. All our Juniper stuff was bought new, but in hindsight it's all so rock solid that used probably would have been fine. I'll keep buying new. 

I have a used ex4200 that I use at home, it's awesome, I think that would be a good route for you.

To make the netgear work you can get around needing a large arp table arp by just doing a /30 on each port/client/server and then static routing larger subnets to the client's side. 

e.g.

#client 1 route;

route 23.29.122.0/24 next-hop 23.29.1.2;

#client one on the port/vlan;

23.29.1.1/30;

Most colo providers will rent switches also. IIRC you don't colo with us, for example we do switch rental from $100/mo and it includes management and a full on-site spare for the whole switch. Your colo provider probably has something like that.

edit: if you can return the netgear for free I would do that!
 
Last edited by a moderator:

coreyman

Active Member
Verified Provider
@coreyman

That sucks. You can get EX4200 used on ebay for about $1k. When buying new or used you want a full spare switch anyway, I'd rather have two used switches than 1 new when budget is constraining. All our Juniper stuff was bought new, but in hindsight it's all so rock solid that used probably would have been fine. I'll keep buying new. 

I have a used ex4200 that I use at home, it's awesome, I think that would be a good route for you.

To make the netgear work you can get around needing a large arp table arp by just doing a /30 on each port/client/server and then static routing larger subnets to the client's side. 

e.g.

#client 1 route;

route 23.29.122.0/24 next-hop 23.29.1.2;

#client one on the port/vlan;

23.29.1.1/30;

Most colo providers will rent switches also. IIRC you don't colo with us, for example we do switch rental from $100/mo and it includes management and a full on-site spare for the whole switch. Your colo provider probably has something like that.

edit: if you can return the netgear for free I would do that!
Ahh ok makes sense. I did purchase the ex4200 now.
 
Last edited by a moderator:

coreyman

Active Member
Verified Provider
Well I did get the juniper ex4200 in today and the only thing I was able to access was the ez-config. I couldn't access the switch via the IP I assigned it in ez-config and I couldn't connect over the serial port.... sigh.

Also - while trying to add static routes to the netgear m4100 it crashed.
 

Wintereise

New Member
Hire someone experienced with JunOS, getting it up should be fairly trivial for them.

As a side note, never been a fan of the ezsetup utilities for Cisco or Juniper...
 

gordonrp

New Member
Verified Provider
Yeah, you really want to hire someone to set it up. You'll need to update the firmware and sync the make sure to sync the config & sw when you're done to the backup boot media. You'll also need some sort of protect-re filters setting up etc to protect the mgmt protocols. Then, to protect your clients, you might also want to add some basic filters for things like limiting icmp, ntp, udp from china/ecatel/ovh, etc, but if your uplink port is the same size as your downlinks that wont really matter.

We have Juniper certified staff, but we only help our own customers as it's a value add that we include with colo. Your data center probably has one off consulting or ongoing switch management options.
 
Last edited by a moderator:

Amfy

New Member
Well I did get the juniper ex4200 in today and the only thing I was able to access was the ez-config. I couldn't access the switch via the IP I assigned it in ez-config and I couldn't connect over the serial port.... sigh.

Also - while trying to add static routes to the netgear m4100 it crashed.
Junipers are rock solid. I have tons of EX4200 myself and never encountered such issue.
 

coreyman

Active Member
Verified Provider
Yeah, you really want to hire someone to set it up. You'll need to update the firmware and sync the make sure to sync the config & sw when you're done to the backup boot media. You'll also need some sort of protect-re filters setting up etc to protect the mgmt protocols. Then, to protect your clients, you might also want to add some basic filters for things like limiting icmp, ntp, udp from china/ecatel/ovh, etc, but if your uplink port is the same size as your downlinks that wont really matter.

We have Juniper certified staff, but we only help our own customers as it's a value add that we include with colo. Your data center probably has one off consulting or ongoing switch management options.

Turns out it was the way the KVM was connected to the serial port making it so that I couldn't access it. Had hell getting the DC techs to get it so I could actually see some output on the serial port.
 
Last edited by a moderator:
Top
amuck-landowner