Gateway Router and Switch

The heart of every network is the router. It is also easy to overlook as it is thought of as being just an “appliance” and most people just using whatever router is given to them by their ISP. What most people don’t think of that their ISP is in the business of connecting their customers to the internet and it is not up to them to setup and manage their customers home networks. For this reason ISPs will only provide the cheapest routers available with only the basic options. So the first thing everyone should do when upgrading their network is to replace the basic ISP supplied router.

The WiFi router provided by a ISP is really 3 devices in one. It is a Gateway Router, Ethernet Switch and WiFi Access Point.

If the components are separate then a Gateway Router would typically need one Ethernet port for each network it connects to. A basic router provided by an ISP would only need two ports, one for the internet (WAN, Wide Area Network) and one for the home network (LAN, Local Area Network). The job of the Router is the route traffic between these 2 networks using IPv4 or IPv6 addresses. Because a router handles network traffic using IP addresses they are refered to as a layer 3 device. A router also performs other functions such as DHCP (Dynamic Host Control Protocol) to assign IP addresses to clients on the LAN, NAT (Network Access Table) routing and port mapping, DNS (Domain Name System) resolution and several protocol specific functions.

To allow for extra ethernet ports for all the clients connected to the network a switch is used. A switch will direct network traffic to different ethernet ports based on the traffics source and destination MAC (Media Access Control) address and not an IP address. This means that a switch is a layer 2 device.

The Wifi access point requires a LAN connection to connect to the router and directs traffic on layer 2. Since I have already decided on using at least 2 WiFi access points, one at each end of the house I have also been looking at replacing the router and switch. Since I have also settled on Ubiquiti access points it also makes sense to look at the Ubiquiti routers.

Ubiquiti have several Gateway Routers in their Unifi range to choose from but since most of these are designed for large networks the choice is simple. The smallest Unifi router is the Ubiquiti Unifi Security Gateway 3P. The USG 3P is a smallish box with one power socket on the back and 4x RJ45 sockets on the front. The RJ45 sockets consist of a Console connection to allow setup of the Gateway via a serial connection, a WAN port, LAN port and configurable WAN/LAN/VOIP port. The router is configured either by a command line interface via the Console port or through the Unifi Controller software. Since I am already using the controller software to setup the Wifi access points I haven’t even tried the console port.

The USG 3P also has several features that my old router doesn’t have including support for multiple Virtual Networks (VLANs) which will allow me to prevent specific clients from communicating with each other as if they are on their own physical network. The USG also has the ability to do Deep Packet Inspection (DPI) on the fly. DPI allows the USG to inspect the contents of the network traffic for malicious activity. This will allow me to button down the network for my IOT devices and also make sure that the kids aren’t doing anything they shouldn’t.

The problem is that I don’t have the budget at the moment to get a Ubiquiti managed switch so I won’t be able to fully use the VLANs as the cheap (free) desktop switch I acquired from an office clean-up doesn’t support layer 3 protocols. A new switch will also be nice as the Ubiquiti switches also support Power Over Ethernet (PoE) so I wouldn’t need seperate power supplies for my access points or Cloud Key. But there is always more upgrades to dream about.