We’ve worked with multiple clients who are confused about the differences in routers, switches and firewalls. Each kind of device has advantages and disadvantages over the others, and each have different purposes. In this blog post, we will identify the key uses for each device and explain why you typically need all three devices in a single network!
A local router (sometimes called a Gateway) is the first device in your network that gives you internet connectivity. It sits between your Internet Service Provider (ISP) and determines which network traffic should be passed through to the ISP (internet) versus which traffic should remain in your network.
Routers are the backbone of the internet. You could not browse the web or communicate via email without them. There are even huge routers that process hundreds (or thousands) of gigabits of traffic per day that ISPs manage, and which enable ISPs to be able to pass massive amounts of information back and forth.
Your local router typically has two IP addresses: a public IP address and a private IP address. If your local network traffic is meant to reach the internet (such as someone browsing the web), then your router will automatically “route” the traffic that reaches its private IP address to the public IP address (and vice-versa) so that traffic can flow between the ISP and the local network.
A real-world example:
Billy and Jane work in an office and use a server to back up all of their files. They also use the internet.
Their office has a public IP address given to them by their ISP, 22.214.171.124 (this IP address is actually an IP address we use at Barred Owl Web, but we’ll use it for this example). Whenever they browse the internet, Billy and Jane are identified to the outside world by this IP public address.
However, their private IP addresses are completely different. Billy’s unique IP address is 10.0.0.4, Jane’s is 10.0.0.5, and the copier’s IP address is 10.0.0.3. The server would have an IP address of 10.0.0.2, and the router even has a private IP address of 10.0.0.1.
When Billy wants to browse the internet (such as visit Google’s website), his computer (10.0.0.3) first contacts the router (10.0.0.1) and asks the router to connect him to Google’s website. The router (10.0.0.1) processes this request, and automatically knows the information should be passed on to the ISP for further processing. So the router then contacts the ISP through its public IP address (126.96.36.199).
The ISP (which has a different unique IP address) then routes the request to another router, which gets passed to yet another router. This process keeps happening until the request reaches one of Google’s routers which then finally pass the request to the webserver (and then the process of sending the webpage data is reversed until the website reaches Billy’s computer.
In summary, routers “route” information between different networks.
Most switches don’t have routing capabilities, and are only used inside a network. They help computers and other network devices communicate with each other. Since devices inside the same network are on the same “subnet” (i.e. their IP address share the first three octets), they don’t need a router to “route” traffic between each other.
Building upon the example in which Billy and Jane live, the switch would be directly connected to the router, but each internal network device would be connected to the switch. In this scenario, if Billy were to backup data from his computer (10.0.0.4) onto the server (at 10.0.0.2), the data would pass through the switch, but wouldn’t touch the router!
As you can probably guess, if Billy & Jane’s internet connection to the outside world were to go down, and/or if their router were to break, they would still be able to communicate internally with the local server using the switch.
Some switches have a whole lot more capabilities than others, but since we’re only taking a birds-eye view, I won’t go into these details in this blog post.
Unlike routers and switches, firewalls are network security appliances. There are two types of hardware firewalls: perimeter firewalls and internal firewalls. Most smaller networks typically have just perimeter hardware firewalls, which control access and secure local networks from the outside world. For this reason, most perimeter firewalls also have routing capabilities (although that is not a requirement).
While routers (without firewall capabilities) blindly pass traffic between two separate networks, firewalls actually monitor the traffic and helps block unauthorized traffic coming from the outside trying to get into your network. Some firewalls even have anti-virus and anti-spam mechanisms to protect your network from viruses and unwanted email!
In addition to hardware firewalls, there are programs you can install onto your computer or server that acts as a software firewall, such as several software anti-virus products. Microsoft has even included a Windows Firewall which comes with Microsoft Windows. These programs have limitations and are typically not as sophisticated as a hardware firewall and have several disadvantages. However, they are a great first step.
In summary, routers, switches and firewalls are three unique types of network devices that serve different functions. Some appliances can be purchased which have two or even all three of these features, but typically, it is best to purchase each device separately, especially as a network grows and becomes more complicated.