Comment and Study on layer-4 switch technology

The layer-4 switch actually adds the ability to identify the layer-4 protocol port in the layer-3 Switch, meeting more user needs and improving the performance. In recent years, with the popularization of G, 1g, or even 10g LAN.

The wide application of Broadband LAN and even Bandwidth WAN drives the continuous development of switch technology. In enterprise applications, the rapid development of Internet, the adoption of e-commerce, e-government, e-trade, e-futures and other online trading methods, while accelerating logistics and capital flow turnover, it also accelerates the rapid increase of information, which puts a great deal of pressure on the Network Information Center Server.

What is layer-4 switch?

The layer-4 switch is a switch product developed using the layer-4 switch technology. Of course, it works on the layer-4 of the OSI/RM model, that is, the transport layer, directly facing specific applications. In terms of functions, a layer-4 switch is not so much a hardware network device as a software network management system.

In other words, it is a kind of network management and exchange equipment that focuses on software technology and supplemented by hardware technology. The layer-4 switch supports all protocols below the layer-4 of TCP/UDP, such as HTTP, FTP, Telnet, and SSL. It can recognize the packet header length of at least 80 bytes, the application types of data packets can be distinguished based on the TCP/UDP port numbers to achieve access control at the application layer and ensure service quality.

Many people are confused about the principle of the layer-4 switch and the layer-3 switch. The so-called layer-4 switch actually adds the ability to identify the layer-4 protocol port on the layer-3 switch, only some value-added software is added to the layer-3 switch.

It does not work on the transport layer, but still performs switching operations on the third layer. The layer-4 switch distinguishes data packets based on TCP/UDP port numbers. That is to say, the layer-4 switch not only has all the switching functions and performance of the layer-3 switch, it also supports smart functions that are impossible for layer-3 switches to control network traffic and service quality.

Key technologies supported by layer-4 vswitches

Different from the L2 Switch, the MAC address and 802.1Q VLAN tags are used to complete the link layer switch process, it is also different from layer-3 switching/routing devices that use IP address information for network path selection to complete the switching process, the layer-4 switching device uses the packet header information of the transport layer to help information exchange and transmission.

That is, all protocols or processes in each IP packet. The layer-4 Exchange protocol used in this way is TCP for connection-based conversations, such as FTP) and UDP for connectionless communication, for example, SNMP or SMTP.

Because the packet header of TCP and UDP data packets can specify the type of the data packet being transmitted, use the information port number related to the specific application ), you can complete a large number of quality services related to network data and information transmission and exchange. Five of these technologies are crucial and are also the main technologies widely used by layer-4 switches.

I. package filtering/security control:

Unlike traditional software-based routers, layer-4 switching is different from layer-3 switching, that is, this filtering capability is implemented in ASIC dedicated high-speed chips, so that the security filtering control mechanism can be implemented at full speed, greatly improving the packet filtering rate. The use of layer-4 Information to define filtering rules has become the default standard for general routers. It not only allows or disables connections between IP subnets, but also controls communication between specified TCP/UDP ports.

Ii. Service Quality:

In the hierarchy of the network system, the layer-4 Information of TCP/UDP is often used to establish application-level communication priority. For example, the port number of the data packet in TCP/UDP is exchanged. It allows you to prioritize communication data based on applications and use a certain amount of bandwidth for important applications based on the traffic of a specific application.

In a sense, layer-4 Switching provides a service level COS in the network. This can reduce WWW or FTP traffic for an Intranet and set higher priority for E-MAIL or Telent traffic. Therefore, the layer-4 switch is particularly important based on this function. In information communication, priority cannot be discussed due to the lack of fourth-level information, which will greatly prevent the rapid transmission of emergency applications on the network.

Iii. Server Load balancer:

The server Load balancer Mode Supported by the layer-4 switch is to attach an IP address of the Server Load balancer service to a group of different physical servers, and set up virtual IP address VIP for each server group for search ). In the Domain Name Server DNS), the address of each application server stored is VIP, rather than the actual server address.

When a user applies for an application, a VIP connection request with the target server group, such as a TCPSYN packet, is sent to the server switch. The server switch selects the best server in the group and replaces the VIP address in the terminal address with the IP address of the actual server. Only after the network address is converted to NAT by the switch, servers that are not registered with IP addresses can be accessed. This setting can effectively prevent unauthorized access.

Iv. Standby host connection:

The standby host Connection provides redundant connections for Port Devices to effectively protect the system in the event of a switch failure. Because the shared MAC address is used, the backup switch receives the same data as the master unit, which enables the backup switch to monitor the communication content of the master switch service. The primary switch continuously notifies the backup switch of data, MAC data, and its power status at Layer 4. When the primary switch encounters a fault, the backup switch automatically takes over without interrupting the conversation or connection.

Statistics and report: by querying layer-4 data packets, layer-4 switches can provide more detailed statistics records. Because the administrator can collect more detailed information about which IP address to communicate with, and even collect communication information based on which Application Layer Service is involved in the communication.

When the server supports multiple services, these statistics are particularly effective for examining the load of each application on the server. The added statistical service is also useful for Server Load balancer connections using vswitches. Including detailed real-time reports and historical reports. The comprehensive report function provides administrators with full control over bandwidth resources, so that enterprises can make more appropriate business decisions.

The fourth layer switch has a common name in the industry called "Application Switch", more famous there are the following: F5 companies in the United States BIG-IP 2400 series link application switch can be customized load balancing, traffic Priority arrangement, policy-based traffic guidance, source, destination, and application exchange.

Radware's Web Server ctor Application Switch ensures the full availability, optimized operation, and complete security of Server Clusters, so as to ensure high reliability and performance for applications within the network and data center. American Foundry ServerIronGT-C2404F Application Switch can realize global server load balancing, high performance VPN/firewall load balancing, transparent cache switching, link load balancing, anti DoS attack protection server.

With the development of network information systems from small to medium-sized to large, the exchange technology also evolved from the original MAC address-based exchange to IP address-based exchange, the layer-4 switching technology is introduced in this article.

Now, some products have proposed a layer-7 Content-based exchange ). It can be seen that the continuous development of network exchange technology has changed from data-based exchange to application-based exchange, which not only improves the network access speed, but also constantly optimizes the overall network performance.

1. Let's talk about the "potential rules" of the security switch"
2. Summarize the market status of high-end Switches
3. Security risks of LAN switches
4. PythonAndroid analyzes the differences and relationships between layer-3 switches and other layer Switches
5. Measure the Power Consumption Characteristics of LAN switches.