Comprehensive Description of filtering policies for smart L3 Switches

There are many things worth learning about layer-3 switches. Here we mainly introduce the smart stream processing technology of layer-3 switches. The popularization and application of computer networks are changing our world and our way of thinking and life. With the continuous development of network technology, we are more concerned about how people use computers and how they use networks to create a larger living space for themselves after entering the digital and information age.

I. New issues brought about by high bandwidth

In the modern data communication field, people's thinking jump speed cannot keep up with the increasing speed of network bandwidth, the network capacity of communication devices is driven by the increasing data traffic processing requirements and the processing capability based on concurrent data streams. As network bandwidth continues to increase, traditional network data processing methods and data stream allocation methods cannot meet the throughput needs of large data streams. Here, the fast ASIC technology that can process Layer 2, Layer 3, and Layer 4 network data can meet the needs of high bandwidth and high throughput. However, in a large-capacity, high-bandwidth environment, if the application is not constrained, the data stream in the network will be like a wild horse, a flood of dash, and cannot be collected. Therefore, how to manage and allocate data streams is a new topic in the broadband mode.

In the process of network data processing, it is inevitable that the data stream distribution efficiency problem and the data packet stability problem after the data stream is allocated. These two problems are blind spots that plague QoS Assurance of broadband service data streams. People are often blinded by the high transmission speed of data packets in the broadband mode, forgetting the efficiency and stability of Data Stream Distribution, reducing the utilization efficiency of broadband networks and increasing transmission costs, it has transformed broadband into a "castle in the air", turning high transmission speeds into a "Mirage ".

Based on the features of the above problems, the stream processing method based on layer-3 switches uses the Hardware Multi-layer switching technology of ASIC to implement hierarchical data packet processing. The first is to classify data streams, and then assign different priority levels to different streams to process network data more efficiently without compromising data exchange performance, ensure priority of key data transmission. That is to say, this ASIC integrated processing technology provides an integrated and fast processing platform for data packets to complete the entire process of routing and even access policy processing in the ASIC chip.

Traditional IP Forwarding is implemented through software. Compared with the modern broadband data exchange mode, the pure and simple software forwarding efficiency is undoubtedly a "drop in the water ". Therefore, the efficient exchange and stream classification capabilities must be based on the cache IP address exchange. Different from L2 switching, L3 switching requires CPU intervention. The main tasks of CPU include running RIP, OSPF, and other routing protocols to generate route tables, and running ARP to parse IP addresses; set the cache IP Forwarding Table item.

As a basic network, the IP network is evolving into a multi-service network. Therefore, network devices must provide a data operation platform for different policies. In the smart architecture of the Gigabit L3 switch in the harbor, each data packet can be processed by a fast filtering engine according to rules.

Ii. Smart layer-3 Switch Filtering Policy

In the smart switching architecture, the filtering policy uses the method of analyzing the first 80 bytes of data frames. It develops flexible policies based on different users' needs and provides corresponding intelligent services. Generally, the main filtering policies include the following.

Physical port: Mainly used to filter fixed port users.

Layer 2 policy: it mainly filters out layer 2 features of a package, which can be based on the user's MAC address information or VLAN information.

Layer-3 Policy: filters out three-layer features of a package based on the user's source IP address or the target IP address that the user needs to access. It can be used based on the user's source IP subnet or the destination IP subnet that the user needs to access. It can also be used together with the source and destination IP information.

Application policy: mainly solves the implementation of policies above Layer 3. It can be based on the TCP or UDP port number, or based on the internal characteristics of application data, such as the domain name of DNS data packets.

In-depth analysis based on the multi-layer information of data packets can identify how data streams establish connections, the IP packet flow direction and the Data Type carried by the IP packet in the signaling channel. By comparing the stream classification table, you can clearly understand the accurate information of the data stream, so as to accurately select the policy of the data stream, so that the data stream can be smoothly exchanged in a benign environment.

Iii. Smart services of smart L3 Switches

Taking the 1-gigabit L3 switch of the Hong Kong Bay network company as an example, the main smart services it can provide based on different user needs include the following. Packet discarding and forwarding are supported: in actual network applications, users can obtain selective services, such as discarding packets based on the IP address of the target site, thus limiting users' access to certain sites. Support packet output port redirection: traffic engineering can be implemented in actual network applications. Support priority transfer of Layer 2 802.1p network services: Different Levels of gold, silver, and bronze services can be implemented based on different payment options, so as to ensure the services of high-priority users as much as possible. Supports the network layer-3 DiffServ service: it provides packet priority tag and priority differentiation processing.

The above intelligent services can solve the problem of distribution efficiency and stability of network data streams during transmission. The physical media of the network is the bearer body of multiple network data streams, some broken or ultra-long packets may inevitably exist on the bearer body, or data packets of non-important services occupy a large amount of network bandwidth. Packet discarding and priority control can not only solve the network transmission efficiency problem, but also ensure the service quality of important applications.