tl;dr
Internet gateways (eg., cable modems, fiber optic gateways) don't function properly when they aren't behind a device with "layer 3" or routing capabilities, correct?
Incredibly long backstory
I'm in an argument with my boss about the root cause of our brand-new fiber internet connection (20/20 mbps) having full upload speeds (that wildly jerks between 17 and 20 mpbs on Speedtest.net), but miserable download speeds of 4-6 mbps.
My boss is convinced it's the provider's problem, but the installer said the light levels were "too strong," indicating a "perfect installation," and he had to turn down the output at the head/hub 3 miles away from us. The ever-escalating tiers of support people insist that all the data they see says our connection is working at the full 20/20 speed.
The topology is like this:
Fiber
|
12-year-old 16-port dumb 10/100 Netgear switch
|
Fedora 12 server (2.6.32), the default gateway for the network
|
A "smart switch" Netgear ProSafe FS750T2
|
Two more chained FS750s (ie, the rest of the network)
No matter what (Vista, 7, Centos 6.5, FC12) we plug into that dumb 16-port switch, we get 4-7.5 mbps down. Any of our computers that route through the server test at the same speeds.
My boss plugged the server straight into the provider's layer 2 switch (the installer described it as a layer 2 switch without any routing capabilities, I don't know the technical term for "the thing that fiber optic lines are running into that also has a few RJ-45 jacks") and got the same results.
However, when a Vista laptop was plugged straight into the fiber connection, it grabbed a steady 20/20 connection from Speedtest.net. My boss chooses to discard that piece of data and insist that, because the server didn't function correctly when plugged straight in, it must be a Time Warner problem. (My theory is that something is broken in the ancient 2.62.32 kernel, or the server's second NIC to our LAN was somehow interfering with his test.)
As a test, I connected our cable modem into the dumb Netgear switch and configured a Centos 6.5 workstation (also running 2.6.32) to use our static cable configuration and… the network continually dropped out. Every ~5 seconds, I'd have to rerun ifconfig eth0 [ip] netmask 255.255.255.252 and re-add the default route with route add default gw [ip] eth0. When the connection worked, Speedtest downloaded and uploaded at our full cable speed, but the fact it was continually dropping out (when it worked fine with the same configuration hooked directly into the modem itself) further leads me to blame the dumb switch for being the guilty party in our speed fiasco.
Edit: ethtool reports both NICs are running at 100 mbps, full duplex. That was our first assumption, that something wonky was going on there, but the fact we can get 20 mbps up, just not down, is a little odd.
I want him to purchase a firewall or layer 3 switch to connect our fiber internet and four public servers into. He won't oblige me.
Am I wrong in the assumption that a hardware router would solve our problem?
Best Answer
I read your entire question, and your last sentence
Am I wrong in the assumption that a hardware router would solve our problem?no one here can properly answer even with the data provided. OH, and for grins I'll say that you should first check and see what kind of duplex/speed settings the ISP setup on their fiber handoff...as you almost always want to match theirs with static duplex/speed settings.However, I will answer your title,
Can internet gateways be plugged straight into a layer 2 switch?...ABSOLUTELY.I'll even give you a case in point. I've seen numerous 100Mbps and above internet connections where the ISP will provide an ethernet hand off (usually a simple biscuit RJ45 jack)...probably just like what you got since you plugged directly in with a laptop, etc...or plugged directly into the cable modem, etc.
A lot of times, there can be a need for the demarcation point for the ISP to be in a different room than some of the networking gear like the firewall, etc. that the true IP/endpoint will be on. For instance, if the company has multiple buildings on campus and wants to have the ISP put the demarcation point for that link in a separate building from the primary datacenter. In this instance, you'd simply have it plug directly into a layer 2 switch that has VLAN capabilities and extend the VLAN from the primary datacenter where the firewall/edge gear is, all the way through the network via Layer 2 VLAN until it reaches the switch the ISP's handoff is plugged into.
There also are times a simple layer 2 switch is used to create a poor man's DMZ or to setup a simple way to do HA between 2 firewalls and the ISP handoff.
Bottom line...yes you can plug an internet gateway straight into a L2 switch, assuming you know what you are doing and wanting to accomplish by doing so.