10G switch leads the rapid development of new generation technology

There are many things worth learning about the 10-ge switch. Here we mainly introduce the 10-ge switch to lead the rapid development of a new generation of technology. As compatible with the latest Ethernet technology, 10-Gigabit Ethernet is not only a "high-speed rebuild" of Ethernet. For the first time, 10-Gigabit Ethernet technology was proposed, this is the first time that a private network is integrated into a public network.

As a core network device, 10-Gigabit Ethernet switches not only support 10-Gigabit access modules on existing 1-gigabit Ethernet switches, but also require a new generation of system design, this includes updates from the switch architecture, the second/third layer technology, to the next generation IPv6 default support and effective bandwidth management. This article will discuss these next-generation technologies.

In recent years, Ethernet technology, from LAN to man, from man to Wan, is occupying more and more markets at an astonishing speed, especially in Enterprise Networks and operator networks, ethernet technology is increasingly becoming an uncontroversial choice. From fast Ethernet to Gigabit Ethernet and then to 10 Gigabit Ethernet, technical updates meet the needs of high-speed Bandwidth growth and new-generation applications brought about by the new generation of Internet technology. Let's take a look at the next-generation technology in 10-Gigabit Ethernet switches.

Distributed Exchange System

A user invests in purchasing a 10-Gigabit Ethernet switch because it needs to be able to process data packet forwarding at the same speed under any circumstances and can process a new generation of Internet applications, such as Multicast Applications, streaming media applications, IP speech, and next-generation Internet IPv6 applications; at the same time, the switch also needs to provide the best investment protection, occupy the least Rack Space, save power as much as possible, and be able to see the user's traffic. Apparently, a Gigabit Switch cannot accommodate high-capacity 10-Gigabit port line rate forwarding. Currently, a Gigabit Switch can only provide dozens to hundreds of Gbps Throughput, the next-generation 10-Gigabit switch can handle more than one thousand Gbps of throughput per second. Because such a large data throughput cannot achieve line rate forwarding with the highest CPU, we need a dedicated network IC chip ASIC ), at the same time, you need to distribute data forwarding tasks to various modules.

The distributed system has different implementation methods. One is to transfer common tasks to a local module in the traditional switch technology, which can use the local switching matrix, the entire switch Switching Matrix can also be used, but such an approach is obviously not the best; another approach is to thoroughly distribute all data-forwarded tasks to each module and implement it using the local large-capacity Switching Matrix. Therefore, the large-capacity distributed switching structure is the most effective. 10-ge switches should not only provide large-capacity backplane switching matrices, but also large-capacity Local switching matrices, non-blocking parallel switching matrix is currently the most advanced technology.

ASIC and FPGA chip

At the same time, ASIC provides dedicated chips instead of CPUs for data forwarding. The ASIC's measure is to process all traffic forwarding at the chip level as much as possible, but the problem is that the switch cannot be modified once the ASIC is designed. Therefore, we will choose to process as many data forwarding design products as possible. We will consider IPv4 packet exchange and routing, IP multicast packet, whether it can achieve chip-level data delivery and service quality assurance (QoS), whether it can achieve chip-level data speed limiting, whether it can implement multiple methods, and use credit rather than door-to-door systems, whether it can implement policy routing, whether it can implement access list control ACL), whether it can implement next-generation IPv6 exchange and routing, or even whether it can collect data traffic at the chip level. The excellent ASIC design reflects the highest technology of switch design.

However, the distributed switching system and excellent ASIC Technology are far from enough, because the ASIC Technology cannot be changed once implemented, new technical standards and new application modes will be fully processed by the CPU, which often results in performance loss and business pain for users. The solution can be to purchase a new generation of ASIC design modules, but hardware upgrades may result in expensive additional investment. The latest 10-ge switch uses FPGA, a field-Programmable Gate Array Chip, to address this defect and upgrade the new standard to hardware, providing the best protection for user investment.

Resolve Conflicts

As a result, it seems that all the problems have been solved. Because each module of a vswitch is an organic whole and they are an organic whole with the central management module, the distribution and maintenance of Internet routing information requires the participation of each module, and there will always be such problems: because the addressing of the local hardware chip is insufficient and the participation of the central management module is required, the performance of the switch will be compromised.

How does the latest 10-ge switch solve this problem? There are two main ways: one is to separate the control channel from the data forwarding channel, and the other is to use high-performance CPU to participate in each interface module. The separation of control channels and data forwarding channels is to implement two different parallel crossover matrices on the vswitch. In this way, the backplane capacity we mentioned will be fully used for the use of data channels, while also ensuring the security of the hardware of the 10-Gigabit switch, the local high-performance CPU participation makes the central management module never process data forwarding involving various interfaces, so as to implement a true distributed architecture. Of course, there are still many factors involved in the architecture of 10-Gigabit Ethernet, such as the ability of large-capacity SDRAM and TCAM to achieve more than 1 billion searches in one second), such as whether the local routing method is based on the topology drive.

More importantly, whether the 10G switch software adopts the multi-thread mode and whether the software provides the latest two/three layer technical standards. These two/three layer technologies include the latest requirements of the next generation network, such as link binding Based on 10-Gigabit Ethernet ports, whether to provide various technologies for Fast Link redundancy, whether to provide security technologies from Port Security to various user authentication, whether to provide complete IPv4 and IPv6 specifications, whether to provide fast BGP routing technology, whether redundant routing protocols are provided, whether two or three layers of security features are provided, whether the protection of switch attacks is provided, whether the Intelligent Protection of switch CPU is provided, and whether all these features are implemented by hardware.

Complete IPv6 specifications

IPv6 provides a variety of devices to access the Internet, not just PCs and servers, but also overcomes some of the current IPv4 defects. The combination of 10G Ethernet and IPv6 is the only way to build a new generation of high-performance network in the future. There are usually three ways to implement IPv6: using software on the current vswitch, or using a new hardware module to insert it into the existing system, so as to enhance the forwarding performance of IPv4/IPv6; or a brand-new IPv6 10-ge switch.

QoS

QoS is an important feature of hardware and software. 10-Gigabit switches provide QoS hardware by providing high-capacity port caching and multi-level hardware queues for each port, at the same time, data stream-based priority classification is implemented through software. High-end features can also achieve 'color' and 'color' of data streams through software and hardware ', for example, you can rewrite the ToS/DSCP or 802.1p bit on the hardware. This feature can be applied to streaming media and IP voice applications. Users can sort data with specific streaming media or IP voice to increase or decrease) their priority or specific digital value, then, it is automatically mapped to the QoS queue to ensure the application service or provide the corresponding service quality according to different service levels.

User features

MPLS is another important user feature, Because MPLS can solve the transformation from unordered to orderly IP networks, providing end-to-end Traffic Engineering and service quality assurance, at the same time, two or three layers of VPN are also provided to occupy the network, achieving network security. However, the implementation of MPLS is subject to system resources. Selecting a 10-ge Ethernet switch will consider the implementation of MPLS and the performance of MPLS, for example, whether L2 MPLS supports multi-point to multi-point VPN.

Security and Traffic Management

Security and network traffic management are currently the most important topics for users. As a backbone device, you not only need to consider the security of the device itself, but also provide user prevention. That is to say, you must be immune and provide powerful blocking measures to protect network users, all defense measures should be implemented based on hardware. However, all security measures are based on known attack methods and security vulnerabilities. If we cannot monitor the entire network, security will not be a complete feature.

Taking into account the high-speed forwarding of 10-ge switches and routes, the previous method of collecting traffic by CPU will not work, and the integrated distributed traffic collection system in ASIC brings an innovation of 10-ge switches. SFlow is an advanced traffic management specification. It can provide both IPv4 data and IPv6 data. If we can provide all the traffic of all devices without affecting the performance, we can easily observe the network traffic, which can be the activity of a specific user on a port, it can also be abnormal traffic on the current network. A distributed traffic monitoring system is like a road monitoring system in the dark. It is hard to imagine the consequences of a traffic management system lacking in a core backbone device.