How to handle multiple ports of a smart switch

Because smart switching performs simultaneous data exchange on most ports, it requires a wide switching bus bandwidth. If a layer-2 switch has N ports, multiple Access ports and low prices provide a perfect solution for small network users.

In order to ensure the key services of users and treat users of different levels differently, a broadband IP network is required to provide end-to-end service quality to users, it also requires that devices at the edge access layer and devices at the core layer provide uniform QoS features. In addition, user management and billing are also a requirement for broadband devices, especially smart switches.

End-to-End QoS required

For QoS requirements, in order to meet the three-in-one application, different service flows must be treated differently on the switching device. For example, some key services can provide higher bandwidth, for businesses with lower priorities, a smaller bandwidth can be allocated to ensure that the same network provides different services for different businesses to achieve Differentiated Services.

First, we must be able to perform a reasonable and comprehensive stream classification for the business flow, requiring devices to support at least two to four layers of stream classification OSI hierarchical standards ), better devices can be customized as needed. 2 ~ Layer-7 stream classification. Smart switches must be able to support services such as 802.1p mandatory priority), diffserv Differentiated Services, and CAR traffic regulation, WRR, RED, HOLB, and flowcontrol in the early stages of congestion control.

Complete ACL Functions

The second requirement is ACL Access Control). It can filter the data streams that pass through the device according to certain principles, the most common policy is stream classification-based access control. A common application is to configure ACL rules for IP addresses of some illegal websites on the local egress device to prohibit access to illegal websites by local users.

The specific level of ACL access control depends on the ability of stream classification. The higher the ability of stream classification, the higher the level of control. Of course, it does not mean that access control can be achieved through stream classification, streaming classification is a necessary condition for implementing access control. With such a condition, it depends on the level at which access control can be implemented.

This requires that the smart switch can be based on the user's source MAC, destination MAC, source physical port number, destination physical port number, source IP address, destination IP address, source CIDR block address, destination CIDR block address, layer-4 Protocol type socket) data businesses are classified by user-defined rules, and different service quality or ACL control are provided for different business flows based on these classifications, that is, forwarding of a specific stream is prohibited or allowed.

Adapt to multiple business applications

The third requirement is for multi-business applications. The so-called multi-service includes several aspects: first, the support for multicast services, the IGMPSnooping function should be implemented on the layer-2 switch, at least one layer-3 multicast protocols, such as PIM-SM, PIM-DM, and DVMRP, should be implemented on a layer-3 Switch. Currently, the most widely recognized and widely used protocol is PIM;

Second, users' security policy issues, including user identity authentication, user billing, and basic anti-attack policies. Currently, the user identity authentication methods adopted on Ethernet switches are mac + port binding, mac + IP binding, and IP + mac + port binding, complex authentication methods include 802.1x, portal authentication, and forced portal authentication.

802.1x can be implemented through local authentication or remote authentication. Local authentication means that the smart switch has a built-in RADIUSServer, users can directly authenticate the local switch without the need to plug-in the RADIUSServer on the smart switch. Remote Authentication requires the plug-in RADIUSServer to be provided outside the switch. The switch itself only completes the relay of authentication packets.

Portal authentication is an independent authentication protocol. The authentication packets are terminated by the Exchange Device and converted to standard RADIUS Authentication packets for RADIUS Authentication on the remote RADIUS server, there are two methods: Portal authentication and forced Portal authentication.

The multicast service has become one of the main services of the IP network. The multicast-based video service is widely used. Traditional multicast services only focus on the feasibility of the business and the rational use of network bandwidth, and cannot control the access permissions of subordinate users.

Intelligent Ethernet switches should be able to provide control over multicast service permissions. Only Authenticated Users can receive corresponding multicast services, A user without multicast permission authentication can only implement data business communications and cannot receive multicast services. This concept is called controllable multicast or controlled multicast. The access layer supports ACL based on complex stream classification.

It can be based on the user's source mac, destination mac, source physical port number, destination physical port number, source IP address, destination IP address, source CIDR block address, destination CIDR block address, and layer-4 protocol socket) data Services are classified by user-defined rules, and different service quality or ACL control are provided for different business flows according to the preceding classification, that is, forwarding of a specific stream is prohibited or allowed.

As a smart switch, in addition to managing users, it should also have strong management and security features for devices. The first step of device management is to work with network management devices. SNMPV1/V2/V3, RMON1, 2, 3, 9, and WEB network management should be supported.

Provides visualized and convenient device management from the network management platform. In addition, the device itself should have certain security features, including L2 port bundling, STP/RSTP, MSTP, L3 VRRP and other link backup or device backup functions. Huawei's smart Ethernet switch provides cluster management, PVLAN, GMRP, and GVRP.

1. Correct Interpretation and test of vswitch Port
2. Summarize the market status of high-end Switches
3. Focuses on core layer switch faults
4. PythonAndroid
5. Let's talk about the stacking of Ethernet switches.