Application and selection of L3 Switches

Source: Internet
Author: User

1. Basic principles of layer-3 switches

A layer-3 switch is actually a network device that combines a traditional switch with a traditional router. It can complete both the port switching function of a traditional switch and the routing function of some routers. Of course, the combination of Layer 2 devices and Layer 3 devices is not a simple physical combination, but a logical combination of strengths and strengths. The most important manifestation is that, when the first data stream of a source enters the layer-3 switch, the routing system generates a MAC address and IP address ing table and stores the table, when subsequent data streams from the same information source enter layer-3 switching again, the switch will directly transfer the source address from layer-2 to the destination address based on the address ing table generated and saved for the first time, instead of being processed by the third route system, the network delay caused by route selection is eliminated, the packet forwarding efficiency is improved, and the speed bottleneck caused by route information transmission between networks is solved.
The emergence of layer-3 switches has actually experienced three generations. The first-generation product is a simple mix of discrete electronic components combined with primitive software. The device is large in size, heavy in weight, and high in power consumption. The Fan power required for cooling is high and the size is large, poor performance. Although the software system running on a fixed memory processing machine has many improvements in management and protocol functions, when your daily business is more dependent on the network, increasing network traffic, network equipment becomes the transmission bottleneck. The hardware of the Second Generation switch introduces the dedicated Integrated Circuit ASIC (Application Specific Integrated Circuit) chip dedicated for optimizing the second layer processing, the volume, power consumption, and performance have been greatly improved and improved, and the overall cost of the system has been reduced. This is our traditional Layer 2 switch; third-generation switches are not simply built on second-generation switches, but provide line rate performance in layer-3 routing, multicast, and user-selectable policies, in terms of hardware, ASIC chips with more advanced performance and functions are also used.

Ii. Differences between layer-3 vswitches and vrouters

In short, compared with the vro, the layer-3 vswitch has the following advantages:
(1) transmission bandwidth between subnets can be arbitrarily allocated: Each serial port of a traditional router can be connected to a subnet, And the subnet rate transmitted through the router will be directly limited by the interface bandwidth. A layer-3 switch is different. It can define multiple ports as a virtual network (VLAN) and use a virtual network composed of multiple ports as a virtual network interface, the information in the virtual network can be sent to a layer-3 Switch by forming a virtual network port. The number of ports can be specified at will, so there is no limit on the transmission bandwidth between subnets.
(2) reasonable configuration of information resources: the network system connected by a layer-3 Switch has no difference between the resource rate in the subnet and the resource rate in the global network. Therefore, it makes no sense to set up a separate server in the subnet. In this way, Server clusters can be set directly in the global network. By ensuring the Intranet broadband transmission rate, Server clusters can not only save money, but also take advantage of the hardware and software resources of Server clusters, it is difficult to configure and manage all information resources in a vro network.
(3) Cost Reduction: in enterprise network design, because two layer switches are usually used to form subnets in the same broadcast domain, routers are used to interconnect subnets so that the enterprise network can form an intranet, therefore, enterprise networks that support intranets cannot reduce costs on devices. Currently, when a three-tier switch is used to design an inline network system, the system can divide any virtual subnet, and implement inter-subnet communication through the three-tier routing function of the switch, that is, you can use vswitches to create subnets and inline subnets, greatly saving the cost of expensive vrouters.
(4) flexible connections between vswitches: in computer network communication equipment, as vswitches, no loops are allowed between them, but as vrouters, you can also use multiple channels (such as master and slave routes) to improve network reliability and balance the load. To solve this problem, layer-3 switches use the Spanning Tree Algorithm to block the loop ports, the blocked path can still be used as the available path to participate in route selection, which greatly improves the flexibility of Switch Connection.

Iii. layer-3 switch technologies

The layer-3 switching technology is mainly used to address the bandwidth and speed issues between the exchange subnets, that is, when routing between subnets, the transmission data still uses the switching bandwidth and speed. In order to achieve this goal, the third-layer switch manufacturer has done a lot of work, and thus has created many new layer-3 switch technologies based on routing.
Currently, layer-3 exchange technologies widely used mainly include:
Ipsilon IP exchange: the IP exchange technology was first introduced by Ipsilon. It identifies data packet streams and tries its best to switch between them on the second layer to bypass routers and improve network performance. Ipsilon improves the ATM switch, removes the software in the controller, and adds an IP exchange controller to communicate with the ATM switch. The layer-3 Switch using this technology is very suitable for Intranet LAN and campus network planning within the Organization.
Cisco tag switching: This technology directly tags data packets (that is, adding a source/target address header after the original data packet is completely encapsulated without any changes ), the label can be directly read at the switch node, and the destination address in the label can be used to determine the data packet transmission path. This technology applies to large networks and the Internet.
3Com Fast IP: this technology is a layer-3 Exchange protocol developed by 3Com. It focuses on data policy management, priority principle and service quality in layer-3 Exchange. The biggest advantage of Fast IP protocol is that it can ensure that real-time audio or video data streams can obtain the required bandwidth in the exchange. The Fast IP protocol also supports other protocols (such as IPX) and can run in other SWAP environments except ATM. Of course, so that the client of this technology also needs to have related software with priority levels.
FIRE: FIRE, known as the flexible and intelligent routing engine, is one of the core technologies of 3Com's third-tier switches. It is an innovative and integrated inter-network interconnection architecture. This technology provides a wide range of layer-2 and layer-3 functions, as well as a variety of network interface types, such as layer-3 routing, Multicast (Multicast), and user-selectable Policy) provides line rate performance.
Ibm aris (Aggregate Route based IP Switching): similar to Cisco's label exchange technology, that is, the associated address tag is attached to the transmission packet to traverse the exchange network. ARIS is generally used in ATM Networks and can be extended to other exchange technologies. A border device is the entry to the ATM Switching environment and contains a route table mapped to the layer-3 virtual circuit. Allow more than two computers on the same end of the ATM network to send data through a virtual circuit, thus reducing network traffic.
MPOA (Multi Protocol Over ATM): A specification proposed by the ATM Forum. When requested by the source client, the Routing Server provides the optimal transmission path after performing route computing. Then, you can build an switched virtual circuit to bypass the subnet boundary without routing.

4. How to select an appropriate layer-3 Switch

As a key device for establishing an in-line enterprise network system, which of the following aspects should a layer-3 switch be used in device selection to truly obtain the required products? Although the third-tier switch market share is still limited, it shows a strong growth trend and is occupying routers in the LAN application field. Although CISCO products are still the biggest share of the market, the huge market potential of layer-3 switches is attracting a large number of domestic and foreign manufacturers to join the competition. Currently, main products in the Chinese market include annett, 3COM, EXTREME, FOUNTRY, AVAYA, NORTEL, ENTERASYS, and SVA) lenovo-DLINK, Huawei, and TCL.
In the face of such a variety of brands, users must pay attention to the following aspects when choosing:
(1) Selecting trusted technical indicators: Like any electronic product, when selecting a layer-3 switch, the performance indicators of various products should be analyzed first) with many technical indicators such as backboard bandwidth (Gbps), processing capability (Mpps), and throughput (Mpps), You 'd better closely grasp the "throughput at full configuration" indicator, because users of other technical indicators are incapable of measuring, the manufacturers have their own discretion. Only throughput is an indicator that users can directly measure and verify using testing instruments such as Smart Bits and IXIA.
(2) Select the correct product module: vswitches of different brands are completely different in technology, mainly divided into two categories: centralized and distributed. The traditional bus-type switching structure module is centralized, the modern Switching Matrix module is distributed. As the volume of audio, video, and data running on the enterprise intranet is growing, the requirements for switch processing capabilities are also increasing. In order to achieve high-speed and non-blocking switching under high port density conditions, it is wise to adopt a distributed layer-3 switch. In the Ethernet environment, the bus-type switch module can still avoid conflict tests, while the matrix mode avoids conflict during port switching.
(3) Pay attention to the latency and latency jitter indicators: the enterprise intranet is almost a high-speed LAN, which aims to transmit audio, video, and other large-capacity multimedia data, however, these large-capacity multimedia data packets do not require jitter in information transmission due to packet loss due to long latency. The latency of some traditional centralized switches is as high as 2 milliseconds, while that of some modern distributed switches is only about 10 microseconds, the difference between the two is hundreds of times. The delay is usually caused by blocking the design of the switching structure, excessive use of buffering, and so on. Therefore, attention to latency actually requires attention to the module structure of the product.
(4) stable performance: layer-3 switches are mostly used for backbone and aggregation layers and are placed at the network center gate. If the performance is unstable, Most hosts in the network system and even the entire network system are affected. Therefore, only layer-3 switches with stable performance guarantee the continuous, reliable, secure, and normal operation of the network system. Of course, stable performance seems abstract, and it seems that historical detection is required to be persuasive. In fact, equipment performance is actually achieved through a number of basic technical indicators and market reputation. Therefore, you can test throughput, latency, frame drop rate, back-to-back function, Address Table depth, line-End Blocking, many-to-one function, and other indicators as well as market application surveys. The back-to-back switching capability directly affects the overall packet forwarding and data stream processing capabilities, which is of great reference value for stable performance.
Secure and reliable: As the layer-3 switch of the core network equipment, it is naturally an important target of hacker attacks, which requires that we must include the layer-3 switch in the scope of network security protection. Of course, the "security and reliability" mentioned here should include the software and hardware of the layer-3 switch. Therefore, in terms of "security", it is necessary to provide a layer-3 Switch with excellent performance and no security vulnerability firewall features. From the perspective of "reliability", it is a matter of concern that any product cannot guarantee that it will not fail, and whether the product can quickly switch to a good device in case of a fault. In addition, the hardware should consider redundancy capabilities, such as power supply, management module, port and other important components, whether redundancy is supported, which is especially important for users with high security and reliability requirements such as telecom and finance. The other is the heat dissipation method, such as whether the fan is set properly and beautiful. The final consideration is what kind of security international or national standards are met for the product, such as electromagnetic radiation standards and various security standards. Another important aspect for broadband operators is certification. In the past, vswitches were used by enterprises and directly connected to the Internet without authentication. However, the broadband operator needs to confirm whether the user is recorded. When a user accesses the Internet, a window appears, and the user name and password can pass the authentication. Therefore, the layer-3 switch of the broadband operator should also support some special protocols such as 802.1x for authentication.
Complete functions: the product not only needs to meet existing needs, but also needs to meet the needs in the future, so as to provide users with a value-added space and ensure network expansion in the future. For example, when the number of employees increases, you can add modules to expand without removing the original equipment. There are also some features, such as multicast, QoS, port trunking, 802.1d Spanning Tree (Spanning Tree), and whether RIP, OSPF, and other routing protocols are supported, it is very important for layer-3 switches. If not supported, it is difficult to meet user needs. For example, in a VOD application, if a group of users demand a program at the same time, the multicast protocol can ensure that the switch can process data smoothly during high-density video streaming on demand. Otherwise, if the vswitch does not support the multicast protocol, the bandwidth occupied is quite large. Another example is that the QoS function divides users into different levels based on different needs, which allows broadband operators to pay by port traffic to provide different services for different users. In the past, the switch speed was fixed to 100 M, and the maximum adaptive speed was Mbps. Currently, QoS supports hundreds of KB, 1 MB, or even higher, and carriers can charge different fees for different users. You can also pay by Protocol (by port number. An important feature is access list. If VLAN is divided at the access layer, users of different VLANs cannot communicate with each other, because this is a layer-2 VLAN. If you want to communicate, you must pass through the third layer. For example, the finance department and the marketing department of an enterprise generally do not communicate with each other. If a user needs to access the service, the network administrator can set a simple command line through the layer-3 Switch to enable normal communication between VLANs, this is the access list function. It is a function transplanted from a vro to a layer-3 switch, which enables one-way or two-way communication between different VLANs. If an external IP address always sends useless data packets to its own network, you can set it in the access list to prohibit it from sending data packets. You can also disable employees from accessing illegal sites by setting in the access list.
⑺ Good service: users not only buy equipment, but also have a commitment to the company's network, that is, they must choose the products of the manufacturers that have the ability to provide after-sales service assurance for themselves. Therefore, when purchasing a product, you should check whether the manufacturer can quickly respond to users' problems, quickly replace products and accessories, and whether it can provide users with customized functions and services.
⑻ Good ease of use: layer-3 switches support strong functions. both hardware and software are more complex than traditional layer-2 devices in terms of management. Therefore, you should check whether the indicator is properly set, whether there are fault indicators and traffic indicators, whether there are power switches, and whether there are accessories for rack installation. The instructions should be clear and detailed, it is best to have a Chinese statement. Network management software is also recommended to have a Chinese interface.
Cost-effective: IT equipment features fast upgrades, fast performance enhancement, and fast price reduction. Therefore, users should consider their own funds and actual needs when purchasing equipment, with full consideration for future upgrades, the performance of the device is stable, available, and sufficient, so you do not have to pay for the features you don't need.

[1] [2] [3] Next page

Article entry: csh responsible editor: csh

5. layer-3 Switch Application Analysis

The fact that layer-3 vswitches cannot replace vrouters is indisputable because they have their own advantages. Layer-3 vswitches are very adaptable to the LAN environment, while vrouters can be a hero in the wide area network. That is to say, layer-3 switches cannot adapt to wide-area network systems with different network topologies and different transmission protocols. In recent years, with the development and innovation of the Third-layer switch technology, the application of the Third-layer switch has penetrated into the network edge access layer from the backbone layer and convergence layer of the enterprise network environment. In particular, with the popularization of residential broadband networks, the third-layer switch is perfect for placing it at the residential center and the aggregation layer of multiple residential areas. From this perspective, although a layer-3 Switch cannot replace a router, it has completely shaken the status of the enterprise router. That is, in the enterprise inline network system, the layer-3 switch is replacing the router.

Previous Page [1] [2] [3] Next page

Article entry: csh responsible editor: csh

Currently, layer-3 switch technology is widely used in enterprise networks, mainly VLAN (Virtual LAN). As the layer-3 VLAN technology breaks many inherent concepts of traditional networks, it makes the network structure more flexible and changeable, and makes the user group network more convenient and free. The layer-3 VLAN does not need to take into account the physical location of the user. It is based on the IP address and User Name of the information end and other specific signs and application factors that directly contact the user, users can be logically divided into working groups with relatively independent functions, and each user host is connected to a switch port supporting VLAN and belongs to a VLAN. All members in the same VLAN can share the broadcast information. The broadcast information of different VLANs is isolated from each other. This is equivalent to dividing the entire network into multiple different broadcast domains, thus enhancing the management and maintenance of Enterprise inline networks. The communication permissions of different VLAN members can be fully set by the Network Administrator through the layer-3 switch.
Our company's computer network is a medium-sized enterprise intranet system with a relatively concentrated core network system, which is located in the company building's core network, it can be divided into three major functional parts: business system, office system and financial system. The Business System network can also be divided into Database Core subnet, internal business system access subnet, external agent system access subnet, customer service system subnet, and other relatively independent subnets. In addition to the internal business and external agency access systems, the remote access subnet exists, and other subnets are in the same building, which is a typical enterprise intranet system. Among the three major network systems in our company, there are many information terminals in the business system and office system subnets, large data communication volumes, frequent mutual access, and the access permissions of users in different subnets are complex. In order to ensure that the network system of the company building can be m switched to the desktop, reduce the conflict domain and prevent broadcast storms, and also consider the cost and practicality, in addition to the use of Layer 2 switches inside each subnet, in the company's core network system-the computer center machine room uses the layer-3 Switch Cisco ipvst4000.
The Catalyst4000 is a powerful core switch for low-end and Middle-end modules. It offers high performance prices for our networking needs. The WS-X4232-L3 is a module supporting layer-3 switching function, which provides six internal Gigabit Optical Fiber Connection access switch backplane, two Routing Switching engines are connected to the switch backplane, the other four are used to connect a group of 32 10/100 M Adaptive Ethernet ports. In addition, the routing engine has two external routing ports. The function of the entire module is similar to connecting a vro with two Gigabit ports on a 32-port Layer 2 vswitch. It is worth noting that only the two Gigabit ports have the layer-3 routing function, and the other 32 10-Gigabit ports are pure layer-2 switching ports.
Because ipvst4000 supports two Gigabit routing ports, we directly connect all the server devices and control terminals of the core network system to 32 10-Gigabit ports to make them a VLAN. The office system access switch and the financial system access switch are connected to two Gigabit routing ports through optical fiber cables, respectively, so that they are divided into two different VLANs that support layer-3 functions. In this way, we not only connect the information points of the entire building to a high-speed LAN, but also logically separate the three network systems with completely different functions, it not only ensures the high speed of enterprise network data transmission, but also ensures the security of the company's network system. It also provides great convenience for the management and maintenance of the network system of the entire building. More importantly, the network administrator can provide the right to access the server in the central data center at any time according to the needs of office and financial system users.
Because the company's core network has fewer than 30 servers and control terminals, the 2 Gigabit board bandwidth is fully qualified for the communication needs of these hosts.

Previous Page [1] [2] [3]

Article entry: csh responsible editor: csh

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.