Router – does a router in front of another router need to be as good as or better

infrastructurenetworkingrouterswitch

If I have a server that is sitting behind two routers, does the first and foremost router have to be "better" than the one behind it that is connected to the server?

For example, if there was a server, doing whatever, averaging thousands of concurrent connections, and that server is connected to a beefy router (Router A), able to withstand anything, able to handle all those connections no problem. And that router is connected to another router (Router B), which lets say isn't quite as good. It's good, but if we directly connected it to the server it would probably crumble. That router is directly connected to a gateway to the ISP.

So: Server->Router A->Router B->Gateway to ISP

Is that setup okay/would it work?
Or does Router B need to best Router A or since Router A is the one directly connected to the server it is the only one that needs to be great in terms of hardware?
And in general, do routers that sit closer to the gateway need to be the best, or the ones that sit closest to the servers?
I have this same question for switches. If a switch upline must be better than one downline (closer to server)?

And if Router B does need to be better than Router A, then in enterprises, if they have Cisco Catalyst 6500 switches attached to each row of servers, then what could they possibly put in front of those to handle multiple Catalyst switches? It appears (an educated guess), that the routers and switches upline don't have to be able to handle the sum of the workloads of everything attached to it. But that's just a guess.

I don't have expert knowledge on routers so I can't say how the workload is handled, hence the question. Thanks to anyone who can shed some light on how this situation is handled!

Update: I think my example may have been too broad. To further specify it, my question is not about bandwidth requirements but the concurrency. I don't know what is involved on the router's part to handle concurrent connections, or which routers would be involved.

The server will hold, lets say 10,000 connections open to one public server outside the gateway. So the server will connect to ONE ip address, on 10,000 different ports, which means it needs to pass through Router A and Router B to get through the gateway.

That being said, will Router B have to be greater than or equal to the power of Router A?

Best Answer

A router needs to be sized for the load it is expected to handle. In our campus network, the big 6500's in the middle of the networks are orders of magnitude more powerful than the router that links us to our ISPs. This is because most of our generated traffic is internal oriented. That border device is shoveling around 500Mb/s, but the backplane on our core routers are handling well above that, and multiple VLANs as well.

Concurrency isn't a terribly big issues so long as the router is just routing packets. Even small routers can handle terribly high concurrency rates. Internal tables are kept for routing, which networks are available on what interfaces, and the ARP table, which hardware devices are visible to each interface. The big 6500's at our core have ARP-tables around 10K in size, where the ISP border router is probably closer to 30 entries.

Once a router starts having to maintain connection-state for either firewall or NAT duties, that greatly increases the CPU and memory requirements for a router. Small home-routers doing FW/NAT can only go so far before the NAT table gets exhausted. Behind our border router is a Cisco ASA firewall, and that DOES have to handle all of our incoming and outgoing connections in memory. I don't know what the average connection-count is, but we're able to consistently do around 450Mb/s with simple web-browsing traffic so it has to be very high.

If we had a second firewall surrounding our server subnets specifically, that firewall wouldn't have to be as beefy as the one at our gateway. The Gateway firewall has to monitor all traffic to the server subnets as well as traffic leaving from all of the internal LANs with end-user generated outgoing connections.

Related Solutions

Routers vs. Switches

Regarding uplinking one switch into another: No, they don't share MAC address tables. Each switch maintains its own bridging table, which is built by listening to the traffic each switch receives on a give port. Consider the following example (apologies for the terrible ASCII art):

________     1________2      2________1     ________
|Host A|-----|Switch 1|------|Switch 2|-----|Host B|
--------     ----------      ----------     --------

Host A is connected to Switch 1, Port 1. Host B is connected to Switch 2, Port 1. The two switches are interconnected via Port 2 on both.

Assume at the start the the bridging tables of both switches are empty. Host A wants to send frame to Host B. (To simplify things, we'll assuming that host A and host B have static ARP entries for each other, so there is no need to ARP for MAC addresses).

Host A send a frame to Host B. The source MAC of the frame is AA:AA:AA:AA:AA:AA, the destination MAC is BB:BB:BB:BB:BB:BB.
Switch 1 currently has an empty bridging table. On receipt of the frame it does two things:
1. It creates a new entry in its bridging table that AA:AA:AA:AA:AA:AA exists on Port 1.
2. As it doesn't know where BB:BB:BB:BB:BB:BB is, it floods the frame to every port except the one it was originally heard from (Port 1).
Switch 2 receives the flooded frame on its Port 2. Again, as its bridging table is initially empty, it follows the same process:
1. New entry: AA:AA:AA:AA:AA:AA exists on Port 2 (recall this is on Switch 2, which has an independent bridging table from Switch 1)
2. The frame is flooded out of all ports except the one it was received on.

At this point, Host B receives the frame. When Host B sends a response, the following happens.

Host B send a frame to Host A. The source MAC of the frame is BB:BB:BB:BB:BB:BB, the destination MAC is AA:AA:AA:AA:AA:AA.
Switch 2 currently has one entry in its bridging table (AA:AA:AA:AA:AA:AA -> Port 2). On receipt of the frame it does two things:
1. It creates an entry in its bridging table that BB:BB:BB:BB:BB:BB exists out of port 1.
2. As it has a specific bridging table entry for the destination MAC (AA:AA:AA:AA:AA:AA), it forwards the frame out of port 2 only, rather than flooding as it did before.
Switch 1 receives the forwarded frame on its port 2. Again, it follows the same process:
1. New entry: BB:BB:BB:BB:BB:BB exists out of port 2
2. There is a specific bridging table entry (AA:AA:AA:AA:AA:AA -> port 1), so the frame is forwarded out of that port only.

In terms of learning MAC addresses, this same process is followed regardless of the number of switches and the number of devices connected to them. As you add more complexity to your switched network (VLANs, Spanning Tree), more subtleties come in to play, but the base algorithm remains the same.

Regarding your second and third questions:

2) My personal bias is to minimise switching wherever possible. Spanning tree is the bane of many professional lives; add to that the fact that Ethernet has no loop protection; a minor misconfiguration could lead to broadcast storms that require you to manually intervene and down links in order for them to subside. Even if your network is small, have at least one router off which all your layer 2 subnets hang; it's just easier in my opinion.

3) It depends very much on the scale of your network, and how much intranet vs. internet traffic you expect to see. If there will be a lot of communication between departments, it may make sense to have a hierarchy of routers so that pure internal traffic does not impact internet access for everyone else. If on the other hand, you expect everyone to access only a common set of services (AD, email) and the internet, then a single core router (or a pair, for redundancy) may be sufficient.

In terms of giving each department a router and meshing them, how is this network to be administered? If there is going to be one administrative IT authority, then just build a hierarchical network; having users served by shared routers won't be a problem. If each department is going to maintain their own IT staff, then a router per department and internal peering may be required, but it will most likely complicate your network design.

Router – the best way to connect 3 switches with a router

From a basic resiliency standpoint and lowest used ports & cables I'd consider the following, if the devices support spanning tree:

Switch A Port 1 -> Router Port 1
Switch B Port 1 -> Router Port 2
Switch C Port 1 -> Switch A Port 2
Switch C Port 2 -> Switch B Port 2

Set spanning tree on for those ports only. This way you'd be fine when(not if) any one of the devices/ports/links fails.

Best Answer

Related Solutions

Routers vs. Switches

Router – the best way to connect 3 switches with a router

Related Topic