Development Trend of layer-4 vswitches

The layer-4 switch is quite common. So I studied the development and application of the layer-4 switch technology. I will share it with you here, hoping it will be useful to you. Layer-4 switches can be used flexibly in the network. They can be either a collection point device in the network center or an edge access point in the LAN distribution layer, even working groups support switching to desktops.

Especially in terms of performance and functions, the fourth layer switch of the working group level, which is considered to be weak, can not only achieve end-to-end service quality in the network, but also be applied to network edge recognition, it can also mark the priority of data packets, such as running the 802.1Q and IPDiffServ protocols. In terms of congestion control, congestion avoidance, and data shaping, although some layer-3 switches also support queuing congestion control and 802.3x protocol, layer-4 switches also support application layer protocols such as WRR, WRED, RED, and CAR, which are widely used on routers and rarely used on layer-3 switches.

The performance of layer-4 switches in terms of service quality control is greatly improved compared with that of layer-2 switches. For example, in terms of priority, the original Gigabit access switch, each MB port only supports two queues, and the next generation smart edge layer-4 switch can support four; in the classification and identification of QoS, although the L2 Switch also supports the 802.1p protocol, data priority can be determined by identifying ports, MAC addresses, and vids, layer-3 switches can identify IP address information to determine switch priority settings, which can identify the IPDiffServ field and rewrite the field information. However, layer-4 switches can not only recognize port numbers, you can also provide services based on the priority policy.

In traditional user access systems, distributed structure email systems usually use front-end proxy, DNS round robin, or layer-4 switching to achieve complex sharing. The use of layer-4 switches is more efficient, especially the layer-4 switches using Gigabit Ethernet technology, which can greatly improve the system efficiency. Because, in the Internet, Intranet, and excompute systems, the mail system is an important application field of the layer-4 switch. We say that in a enterprise network application supported by a server group, it is often necessary to consider providing robust connections for emergency services. The layer-4 switch becomes the key, make it an essential and important application device. Because the layer-4 switch that supports Server group connection has a unique way to enhance the Networking capability, it is mainly reflected in the following aspects.

(1) improve security: the packet filter of the layer-4 switch can provide protection standards for the networks and servers under its jurisdiction, these protection standards can be used to deal with unauthorized access to specific applications from a specific IP address or subnet. That is, the package filter can prohibit a specific group of users or subnets from accessing the server, or vice versa, it can give a group of users or subnet access rights.

(2) Improve the quality of service for emergency tasks: to provide HTTP-based applications with higher service levels than other services supported by Server Clusters, you can define the quality of communication priority service at the application layer ). All data sent to the server whose destination port is the HTTP port can obtain a higher priority than the data sent to other ports of the server. Because we can now obtain the layer-4 switch that applies to the edge and core of the network, this type of switch can be fully used to provide high-level services for Web Data Stream-based servers throughout the network.

(3) optimal access capability: server load balancing is used to distribute the Web traffic to each server fairly based on the user's needs. servers with high performance can receive more conversations, otherwise, you can limit the number of dialogs that provide services on a specific server. To achieve this, you need to define a virtual server group that includes multiple servers and set the corresponding Server Load balancer scale on it. These are the unique support capabilities of layer-4 switches.

(4) enhanced network scalability: The Hot Backup feature established by layer-4 switches can improve the scalability of Server clusters. After the server is connected to two switches separately as a dual-host, the status of these switches is equal. They have common IP addresses and MAC addresses. If the primary switch fails, the secondary switch can take over the work immediately because it is always operating on the primary switch.

Administrators can use the statistical features supported by layer-4 switches to obtain more management information about the data in the server group. The administrator can not only track data between the server and the client, but also track important information such as the Application Service's work, server activity, and number of opened conversations, therefore, the network management performance can be enhanced.

Advanced switch Development Trend

The "Content-based identification network" that the IT industry has been pursuing for a long time is actually the network management from the transport layer to the application layer from Layer 4 to Layer 7. If a vswitch can unlock each layer encapsulation of each data packet and identify the deepest information, it has the content recognition function. Obviously, it is an important way for high-level switches to have great development potential to resolve the problems of distinguishing applications, dynamic resource allocation, user billing, and other top-level applications that people hope to use networks to identify device distribution business traffic. This type of network management system, which was first introduced in the market, is a content recognition device implemented by software. Although these devices have not achieved the expected results, however, it provides a solid technical foundation for High-level application switches using silicon hardware technology. Although this technology is under development, it actually solves the problem ~ The performance of layer-7 switches is difficult.

Currently, there are three types of devices that use software to implement content recognition networks: devices built on the PC platform, third-layer switches with General CPUs, and systems based on network processors. If only simple traffic exchange functions are completed, the performance of these products can still be accepted by users. However, these simple network management functions cannot allow network administrators to adjust the network to achieve profitable application management. The key to the problem is that the information required to complete these functions is buried inside the data packet, which only appears once when a network session is established. This requires software-based content recognition devices to be able to peat the interior of each packet in each session, resulting in serious latency and performance deterioration. Therefore, software-based content recognition devices that rely on general-purpose CPUs or network processors cannot mobilize computing capabilities in any near real-time manner to complete switching tasks, it quickly becomes a new bottleneck.

In terms of the development direction of high-level switching equipment, there is another application technology worth noting, Extreme application switching technology ApplicationTechnology ). The so-called Extreme application exchange technology is actually a new technology based on PxSilicon, and PxSilicon is actually a unique and superior performance chipset, that is, the previously mentioned silicon technology. Compared with traditional software technologies, PxSilicon has a performance of several orders of magnitude higher, because the solution for implementing content recognition using software can only rely on the combination of complex software with a general CPU or network processor, to complete the same load balancing task. With Extreme application exchange technology, you can fully implement network functions, including line rate Gigabit TCP session analysis, termination, initiation, and even modification, all of which can be implemented by hardware, this removes the need for complex software, general-purpose CPUs, and network processors.

The transfer of Intelligent Network Management from software to hardware silicon technology is not a new idea. The transfer from a software-based router in the late 1990s s to an ASIC-based layer-4 switch that is being promoted today is a good proof. In addition, when the network technology is integrated into a silicon wafer, the performance will be significantly improved, and the corresponding total cost of ownership will be greatly reduced. The result of the application of hardware silicon technology is that service providers and enterprise users can, without sacrificing the performance of gigabit bits, you can freely set the rules required by network applications and services.

The first platform to use hardware silicon technology is the Extreme SummitPx1 Application Switch. In terms of structure and function, SummitPx1 application switch is a type of Layer 7 switch that supports a completely complementary Layer 7 Application layer switch function, the vswitch provides the ability to analyze the syntax of webpage requests and redirect connections to the most suitable webpage Server Based on the requested content and server capabilities. On the Layer 7 Application Switch of SummitPx1, no matter how many content-related forwarding rules you set, it can maintain the gigabit-Bit performance of the device's line rate. In addition, the server selection algorithm of the layer 7 Application Switch of SummitPx1 also includes loops, weighted loops, least connections, and weighted least connections, it can also track the client's IP records, set cookies for the client's status, perform operations, automatically detect and track cookies, and process cookies for server recognition, and supports continuous SSL (Secure Sockets Layer) session ID) and other new technologies.

In short, the development momentum of High-Rise switches will become increasingly fierce. The result is that the current high-rise software exchange technology is replaced by dedicated hardware technologies, or new technologies combined with hardware and software technologies. That is to say, in the future, high-rise switches will focus on the ISO layer-7 Standard and unify traditional network discrete devices, this not only greatly improves the data distribution, transmission and exchange capability and speed of the network system, but also reduces equipment costs, simplifies network management, and optimizes the networking process, the layer-7 Application layer plays an important role in the management and control functions of high-level switches.