Review of the L3-level Gigabit IP-COM G5328X Switch with 10-Gigabit uplinks and cloud management
The core switch bears the main burden of packet forwarding, therefore, for a modern office where video conferencing, VoIP and the meta-universe are actively used, Internet access should be carried out via 10-gigabit channels. Unfortunately, higher-speed ones are still a rarity. But it's nice that today, to use 10-gigabit trunk channels, it no longer requires expensive Class A equipment, since there are inexpensive IP-COM switches on sale, which, in addition to the standard functionality of level 3 switches, also have support for management via a cloud service, from a smartphone. I want to note right away that cloud management is not the same as using a dedicated network controller, which we touched on in previous articles. Today, IP-COM network devices have three types of control: local control itself (via the built-in Web interface or CLI), via a dedicated ProFi software controller, and via the IMS cloud system.
The IP-COM G5328X switch is designed for companies with a high network load and a developed multi-segment LAN. It combines both aggregation levels and cores, for connection to a backbone network or a local data center-the company has 4 dedicated 10-gigabit SFP+ slots installed here (standard transceivers are supported regardless of the brand), and for downstream connections - 24 RJ45 ports with speeds up to 1 Gbit/s, which can be combined as both static and dynamic channels. This model has a non-blocking architecture with a 128 Gbit/s switching matrix corresponding to twice the amount of bandwidth of all ports. For such a device, the IP-COM G5428X has a relatively large 12-megabyte buffer, despite the fact that even in many 10-gigabit models from other manufacturers you rarely find more than 2 MB.
The switch is assembled in a 1U half-depth housing, its dimensions are 440x179.6x44 mm, which allows you to install the device in the most compact suspended telecommunication cabinets, including concealed mounting. Passive cooling is used here, so the IP-COM G5328X can be used in the same room with the working staff - it will not overheat or interfere with noise.
Lightning protection with a maximum breakdown voltage of 6 KV is implemented for network ports and power input, thanks to which extended copper cables laid in an open space, for example, thrown by an air line between houses, can be connected to the switch. Of course, it is better to use optics for these purposes, but there are different situations, and this model is ready for them.
As for channel aggregation, static or dynamic aggregation using the src-dst-mac method is available to you. You can group both 1-gigabit ports and 10-Gigabit ports together. There are also standard port mirroring functions for L3 switches, speed limits and detailed statistics for each of the ports.
To protect against loops, the STP, RSTP and STP protocols are implemented with configurable delays and priority. It is also interesting that the MAC addresses of each of the ports can be set manually. If MAC address-based security features are used in the network, such a feature can help out when replacing equipment.
To implement priority traffic in IP-COM G5328X, QoS is used based on the specified weights or simple priority. Frame marking codes over the 802.1p protocol and priority indication in the IP address header over the DSCP protocol are supported.
What can I say about the security settings? To differentiate horizontal traffic, this switch has ACL support (a kind of Firewall for the second level of OSI). In particular, the administrator can specify the rules for passing packets from one MAC address to another, taking into account VLAN tags and priority marking. Agree, this is much more effective than simple filtering by MAC address, which, by the way, is also present here. The ACL is also configured for IP addresses, which allows you to additionally unload the upstream security gateway and filter out most of the local traffic at the switch level.
The built-in Firewall supports TCP, UDP, IGMP and ICMP protocols and has basic protection against DoS attacks (ICMP Flood, SYN Flood) aimed at buffer overflow.
The L3 functionality implies that the switch is able to work with IP addresses and entire subnets. In the IP-COM G5328X model, for example, you can create virtual subnets on certain VLANs with their own address spaces. Up to 100 VLAN tags can be assigned to one port in Trunk mode, so up to 100 networks with different IP addresses can be served on one port using VLANs, and for most small companies such resources look inexhaustible.
Both static and dynamic routing, as well as OSPF, are supported.
One of the nice features of the built-in interface of the IP-COM G5328X model is the automatic compilation of the network topology. The switch polls all MAC addresses in the local network and classifies devices according to its own databases and determines which of them is an IP camera, which is a computer, and so on. Moreover, devices connected to foreign switches are shown on the map, although in this case the G5328X does not see the hierarchy behind the next switch connected to itself, and thinks that all devices are connected to that.
On the map, you can select and ping the device, as well as access its web interface (via the standard port). Of course, for the best result, you need to use IP-COM network devices.
The highlight of the IP-COM G5328X is the ability to control the device via the Internet. The concept of "Mobile First" is implemented here, that is, it is assumed that you will control the switch, and indeed this network from your smartphone, and there is the possibility of access via a web service, but it is kind of secondary. The cloud service is called EMS, and this is not at all the same as the ProFi cloud controller available for the eponymous series of IP-COM switches and access points. If ProFi is more suitable for granular network setup and displaying metrics in a visually pleasing way, then IMS is more of a project manager that helps organize the network and configure its components.
To access the service, you need to install the application on your smartphone, register and create a project in which you will add switches, access points, etc. By the way, in a large friendly team, you can work together with colleagues on projects, which is especially convenient when working remotely.
When testing, I was interested in the additional delay that the switch introduces into the network connection. We will conduct the test on 10 Gigabit ports by connecting an Intel X520-DA2 network card with DAC cables.
- AMD EPYC 7531p
- 64 GB RAM
- Cooling: Noctua NH-U9 TR4-SP3
- Motherboard: ASRock Rack EPYCD8-2T
- Network cards:
- Intel X550-T2
- Intel X550-T2 Converged Network Adapter
- Intel X520-DA2
- Mellanox ConnectX-2
- 2 x Fenvi FV-AX3000 (Intel AX200)
- 2x Windows Server 2019
By using two virtual machines, we will be able to generate traffic between ports of the same network card. The first test will show us the delay in the passage of packets and the impact of the rules of the built-in ACL and QoS switch, in which 10 rules are written for filtering by MAC and IP addresses.
The switch definitely detects its presence by adding 0.02 ms to each packet, but it's nice that the ACL does not affect the delay in any way.
The total bandwidth between 10G ports is practically kept at maximum values, and even through a switch with the ACL enabled, it works a little faster. This is a typical situation, and it often happens when the built-in buffer speeds up network traffic.
We see a similar picture for switching on 1-gigabit interfaces, which, however, is completely understandable: the IP-COM G5328X processor is more than enough for such a load.
Thus, the switch confirmed high performance at the level of physical capabilities of the interfaces. It is especially pleasant that the speed of uplinks is fully revealed here.
The IP-COM G5328X switch is a solution that can be installed both when deploying a network in modern offices and on peripheral projects where support for 10G communication channels is required. Optical high-speed channels can be used both for access to the global network, and as connection channels for storage or server park for converged systems, PCoIP solutions, as well as for streaming services in high resolution. The performance of this model is sufficient to ensure a low level of latency even with security services enabled.
I want to focus on the passive cooling design, which is still a rarity in such devices with 10G support. Therefore, if the switch is installed in a dirty production or utility room, as well as vice versa - in clean medical institutions, and just in open offices, it is considered as a big plus.
I would attribute only one algorithm to the disadvantages, combining channels into groups and the lack of support for a local network software controller, ProFi. Otherwise, it is an excellent inexpensive solution that can be just a salvation in cases where the rapid growth of network traffic requires the use of 10G channels.
Officia IP-Com website: https://ip-com.com.cn/
Michael Degtjarev (aka LIKE OFF)