ZyXel GS2220-10HP PoE Switch Review

Step by step, Zyxel is migrating all of its business products to a cloud-based management system, Nebula. This is understandable: one common online shell more than replaces many third-party services for orchestration and monitoring of network equipment, and even with the ability to control via the Internet. We have already written about the Zyxel Nebula service in relation to access points and powerful network switches, and now we are testing a relatively simple L2 switch with PoE support and management via the cloud.

Zyxel Gigabit PoE switches have proven themselves in projects for mini-hotels and small business centers, where all video surveillance, plus access points can be hung on a cascade of such devices, as well as multicast traffic for video walls and information panels... Usually, it makes no sense to save on L2 switches, so all the possible functionality is present here initially, and the element base is largely determined by a simple condition: whether the client needs PoE support or not.

Construction Zyxel GS2220-10HP

The "HP" index in the name of our switch indicates that the device supports PoE/PoE + for 8 ports, and the total power budget is up to 180W. Let me remind you that according to the PoE + specifications, one device can transmit up to 30 watts of power, so before installing a switch, a video surveillance network, consult the documentation for the connected devices to make sure that they do not exceed the permissible power level. Better yet, take the switch for a test.

For connection to a provider or an upstream switch, there are 2 combo RJ45/SFP ports, which are included in a common 20 Gbps switching fabric on an equal level with PoE ports. The switch has a built-in 110-220V power supply, and since it can get very hot when connected to PoE devices, a small 40x40x25 mm fan is installed here, mainly for the needs of the power supply. Its minimum rotation speed is 2000 RPM, so it is practically inaudible during operation, so the switch can be installed even on a desktop - it will not interfere with you.

In general, Zyxel traditionally uses high quality components for its business switches. For example, the capacitors in the power supply are Rubycon, the fan is Y.S.Tech, the network platform itself is Realtek with the RTL8391M switch processor designed for 28 ports and having a bandwidth of 56 Gb/s. That is, `` iron '' here taken with a margin not only in terms of load, but also in terms of reliability, which is good news

To my surprise, the switch has a very informative hardware monitoring indicating three temperature sensors (board, power supply, processor), fan speed and voltages of four power rails, which is a rarity for a switch. In general, the Zyxel GS2220-10HP is very informative, and as we will see later, it has flexible settings for broadcasting its operating parameters via SNMP.

Basic settings

Perhaps, from the whole range of L2 switch settings, we will highlight the main ones - this is everything related to multicast, and everything related to VLAN. In general, since the GS2220-10HP is designed for use in video installations, even the switch's Web interface is offered in two versions: old, traditional and new with a beautiful information panel about the device status. Here you will find traffic by ports, and PoE power consumption, and IGMP configuration. I would like to say that finally, at the end of 2020, civilization reached network switches, and here not only a beautiful and pleasant interface appeared, but also

.. simple and intuitive wizard for configuring ports for integration into a network with Multicast traffic (IPTV, information boards, etc.). In its simplest form, the wizard offers to enable IGMP Snooping for all PoE ports, leaving the combined ones for connecting to the upstream switch.

In advanced mode, you can assign a role to each of the ports: normal traffic exchange, connection to another switch, or management connection. In the default settings, the switch drops unknown Multicast frames, so for some devices broadcasting 4K images over a local network, this may have to be disabled, but there is no problem with this: the switch allows you to flexibly configure IGMP Snooping. For example, unknown frames can be dropped only on a specific VLAN, you can configure the host timeout, 802.1p priorities, manage multicast on separate VLANs, and apply IGMP filtering profiles individually to each port if the connected equipment requires different settings.

I would like to note that the Zyxel GS2220 firmware focuses on the IGMP courier function for installations with multiple switches in the network, where the router does not support multicast traffic, multicast broadcasting is configured separately for IPv4 and IPv6, prioritization for this type of traffic is supported, and in case you are installing the GS2220-10HP at the top of your Multicast network, you can use MVR for "economical" broadcasting multicast traffic to different VLANs "at the bottom" your network topology.

Regarding the advanced mode, the Zyxel GS2220-10HP can please your feelings. For aspiring engineers who always hit the Advanced button The configuration wizard will offer to select roles for network ports: merge uplinks into Trunk, donate some from PoE ports for management needs, and, if necessary, create port groups here too.

Well, for experienced engineers, the same settings turn into a choice of 6 types of support for grouping ports into groups (IP addresses, MAC addresses) plus LACP support. When configuring VLANs, you can access not only static virtual networks associated with ports, but also:

• VLAN by IP address,
• VLAN Teaming by Protocol Type
• separate VLAN for VoIP with increased priority
• VLAN for MAC addresses
• guest VLAN,
• and even VLAN by Vendor ID.

From a security point of view, everything here is also at a high level. First, the switch allows not only to disable built-in services such as ftp/http, but also to redefine their ports, which is very common in server software. For broadcasting via SNMP, you have the option of choosing which trap to send which data, although I cannot guess for what purpose this may be needed. You have a built-in mechanism for limiting VLAN bandwidth, with a traffic prioritization mechanism in response. The switch allows you to configure the frequency of ARP Scan packets for each port and, of course, protection against brute force passwords.

It is clear that the Zyxel GS2220-10HP provides redundant functionality for experienced engineers, and many options will remain unused reserve 'just in case. Most integrators will prefer 2-click setup and monitoring from a simple HTML-5 interface.

Nebula

And this is not surprising, because the killing feature of Zyxel switches is support for the Nebula cloud management service. Last year, we revealed the possibilities using the example of switches GS1920-8HP. Since then, the interface has changed slightly in the service, support for new access points and switches has been added, switching between light and dark themes has appeared (where can we go without it), and in general the service has become somehow more friendly.

First, for large companies with branches, there is a general view of all devices in all branches. For the latter, it is now possible to download office floor plans and point to them where your devices are installed, so that it is easier to tell the administrator on duty by phone where to unplug the plug, or to determine, for example, in which wing Wi-Fi is not working well. VPN connections are also on the same list with devices, although here they are available only in monitoring mode, without the possibility of creating or configuring.

In general, the convenience of Nebula lies in the fact that on one tab you see statistics and can immediately take some action. For access points, for example, the most active clients are immediately visible, for which, in two clicks, you can change the access policy, disable authorization or block it altogether. For a switch, it's even more convenient: just open the port that interests you: here you are immediately presented with a traffic graph in both directions, power consumption on the port (when it comes to PoE), statistics, including IGMP and the number of errors. Click on a port and you can immediately enable STP, loop protection, enable or disable PoE, or configure bandwidth control.

For more complex settings, such as filtering or IGMP, there are still separate menu items, and here the only difference from configuring the switch via the Web interface is that it is more beautiful and convenient in the cloud. But of course, the main beauty of the cloud is in the general settings, which you can apply in batches to any new device that will be re-added to your network. You can also immediately set the RADIUS and filtering settings with VLANs and apply them to new devices that will only be added to your network. This is what the cloud wins over: you do not need to tinker with each switch individually: you can specify basic things for all types of devices: for gateways, access points and Zyxel switches.

Testing

Testbed:

• AMD EPYC 7531p, 32C
• Motherboard ASRock Rack EPYCD8-2T
• Memory: DDR4-2667 ECC RDIMM
• Network interface card Intel X550-T2
• Hypervisor: VMWare ESXi 6.7 U3
• Guest operating systems: Windows 10 x64 1809

For testing, we will use an Intel X550-T2 network card operating at 1Gbps. Let's conduct two stages of testing: TCP traffic from port 7 to port 9 without enabling Jumbo Frame in the parameters of the network card and TCP traffic between the same ports when the maximum Jumbo Frame value of 9 KB is enabled in the parameters of the network card.

The first test - TCP with a packet size of 512 bytes does not please at all: the speed is not kept evenly, periodically dropping to 820 Mbit/s. Everything suggests that it is as if the switch lacks a built-in buffer.



And increasing the packet size to 9 Kb, which always allows you to align the speed to the maximum, does not change the situation.



The situation is better with UDP traffic: the schedule is smoother, and for packets of 512 bytes the switch is limited by the physical connection speed.

When testing ATEN VE8950 kits for building 4K video walls over IP networks , we measured peak and typical traffic for different resolutions. Below is a table with the results.

Entry permission	Content type	Typical traffic, Mbps	Peak traffic, Mbps
1080p, 50Hz	Presentation Slides	5	9
1080p, 50Hz	Video	320	800
1080p, 60Hz	Video	400	800
4K, 60Hz	Video	300	400
4K, 30Hz	Video	400	800

Under these conditions, the switch was only required to support IGMP Snooping and the ability to skip illegible frames. All these conditions are met by Zyxel GS2220-8HP.

Conclusions

This is a rather expensive switch, its retail price is about $ 450, and of course the lion's share of the price is the support of the Nebula cloud service. Today, this convenience can hardly be overestimated: you can not only entrust the setup of the equipment to specialists from the head office, but also completely reduce the qualified personnel responsible for maintaining the network in branches: almost all basic settings and monitoring are carried out remotely, via the Internet.

The functionality of the switch is at its best: both in the VLAN area, and in the area of ​​multicast and security, - Zyxel has practically surpassed itself, having collected everything that is possible in the L2 switch, plus - two interfaces: old, detailed , mostly textual "for oldfag" and handsome, with big blue hipster buttons.

Mikhail Degtyarev (aka LIKE OFF)
10/13/2020



Tags switch ZyXEL GS2220-10HP PoE Nebula