Comprehensive description of filtering strategy for intelligent three-layer switch

Three-layer switch has a lot to learn, here we mainly introduce the three-layer switch intelligent flow processing technology. The popularization of computer networks and the expansion of application scope are changing our world, but also changing our thinking and life style. With the development of network technology, we are more concerned about how to use the computer and how to make use of the network to create a greater living space for human beings after entering the digital and information age.





a new topic of high bandwidth





in the field of modern data communication, people's thinking jump speed has been unable to keep up with the growth of network bandwidth, and the capacity of network capacity of communication equipment is driven by the increasing data flow processing demand and the processing ability of resolving concurrent data flow. With the increasing of network bandwidth, the traditional method of network data processing and the distribution of data flow can not meet the need of throughput of large-capacity data stream. Here, the fast ASIC technology that can handle the data of two or three or four layers will be able to meet the requirement of high bandwidth and high throughput of the network. However, in a large capacity, high bandwidth environment, if the application is not constrained, then the network data flow will be like a runaway Mustang, the flood of broken dike, a turn and not accept. Therefore, how to manage and distribute the data flow is a new subject in the broadband mode.





in the process of network data processing, it is unavoidable to encounter the allocation efficiency of data stream and the stability of the data packet after the data stream allocation. These two problems are the blind spot of QoS guarantee of broadband service data stream. People are often obscured by the high transmission speed of the packet in the broadband mode, the efficiency and stability of the data stream are forgotten, the efficiency of the broadband network is reduced, the transmission cost is increased, so the broadband becomes the "castle in the Air", and the high transmission speed becomes a "mirage".





according to the characteristics of the above problems, based on the three-layer switch, the paper utilizes the hardware multi-layer switching technology of ASIC to realize the layered packet processing. The first is to classify the data stream, then give different priority to different streams, and deal with the network data more efficiently without losing the data exchange performance, and ensure the priority transmission of the key data. In other words, the integrated processing technology of this ASIC provides an integrated and fast processing platform for the packet, which enables the packet to complete the whole routing and even the whole process of the access policy processing in the ASIC chip.





Traditional IP forwarding is implemented through software, simple and simple software forwarding efficiency compared to the modern broadband data exchange Mode is undoubtedly "a drop in the bucket." Therefore, efficient exchange and flow classification capabilities must be based on the caching of IP exchange. Unlike the two-tier exchange, the three-tier exchange requires CPU intervention, and the CPU's main tasks include: Running RIP, OSPF routing protocols to generate routing tables, running the ARP protocol to resolve IP addresses, and setting cached IP forwarding items.





's IP network as a basic network is evolving into a multiple-service network. Therefore, the network device must provide a data operation platform for different policies, in the intelligent architecture of the harbour Gigabit three layer switch, each packet can ensure the data by the policy processing through a fast filtering engine.





second, intelligent three-layer switch filtering strategy




The filtering strategy in the
Intelligent Switching architecture adopts the method of analyzing the first 80 bytes of the data frame, making the flexible strategy according to the user's different demand, providing the corresponding intelligent service, generally speaking, the main filtering strategy includes the following points.





Physical Port: The main solution for fixed port user filtering.





Two-layer strategy: The main solution to the package of two-layer characteristics of filtering, according to the user's MAC address information, can also be based on VLAN information and so on.





three-layer strategy: The main solution to the package of three-layer characteristics of filtering, either according to the user's source IP address, or according to the user needs to access the destination IP address. Can be based on the user's source IP subnet, can also be based on the user needs to access the destination IP subnet, but also the source and destination IP information can be used in combination.





application strategy: mainly to solve the three-tier strategy implementation, can be based on TCP or UDP port number, but also according to the application of the relevant characteristics of the internal data, such as DNS packet domain name and other information.





based on the multi-layer information of the packet, it can identify how the data stream establishes the connection, the direction of the IP packet in the signaling channel, and the data type that the IP packet hosts. The accurate information of the data flow can be clearly understood by the control flow classification table, so that the data stream can be easily exchanged in a benign environment.





Intelligent three-layer switch smart service





For example, the gigabit three-tier switch of the Harbor Network company, the main intelligent services it can provide according to the different needs of the users, includes the following points. Support packet discard and forward: in the actual network application, can let the user obtain the Selective service, for instance drops the packet according to the destination site's IP address, thus restricts the user to visit certain sites. Support for the redirection of packet output ports: Traffic engineering can be realized in practical network applications. Support Network two-tier 802.1P priority service delivery: According to the different payment, respectively to achieve different levels of gold, silver, bronze service, as far as possible to ensure high priority User Service. Support network three-tier DiffServ service: Provides packet priority marking and prioritization processing.





above intelligent services can solve the network data flow in the transmission of the allocation of efficiency and stability problems, the network physical media is a variety of network data flow carrier, and the carrier will inevitably have some broken or very long packets, or the non-important business data packets occupy a large amount of network bandwidth. It can not only solve the transmission efficiency problem of the network, but also guarantee the service quality of the important application, by selectively discarding the packet and choosing the priority control selectively.