Comprehensive Understanding of mainstream layer-3 switch technologies

In order to help enterprise users better understand the meaning of layer-3 Switch, understand the various new technologies supported by the leading layer-3 switch in the current market, and their position and role in the next-generation smart enterprise network, the computer world evaluation lab recently organized a deep technical test on layer-3 switches.

An in-depth analysis of layer-3 Exchange Technology by Evaluation Engineers is expected to help you build a more smooth and Secure Enterprise Network. With the emergence of new business types and new security threats, enterprise LAN is facing more and more challenges, and the solution is often only to improve complexity. However, unlike traditional data-driven businesses, the current enterprise network needs to meet the basic requirements for multi-business integration, mobility, and security. Therefore, intelligent networks are an inevitable trend. Intelligent networks are affecting almost all network devices. Recently, layer-3 switches deployed on the edge of the network have seen significant changes.

In this test, we used the latest test center Tester of Spirent for the first time, and conducted an in-depth test on several typical layer-3 switches on the market. The test results can be used as a reference for enterprises to select and deploy layer-3 switches. As the latest generation of Spirent testing equipment, TestCenter embodies the concept of overall testing. In the past, it was necessary to perform multi-service scenario testing jointly by a variety of different types of testing equipment, now we can use the same device and the same operation interface. This feature is crucial for carriers to deploy and test the next-generation network.

Understanding layer-3 Exchange

The term "Switch" first appeared in the analog telephone system. It refers to the signal exchange between telephone voices conducted by telephone switches. It belongs to the category of "circuit switch, that is, a circuit is established between the nodes of both parties, and the circuit is released after the communication ends. The ethernet switch is based on the group exchange technology and is an efficient bandwidth multiplexing technology. It divides data traffic into several groups by length. After each group ID, dynamic multiplexing technology is used on a physical line to transmit multiple data groups at the same time. It should be pointed out that group switching is essentially non-connectionless, which also results in the current Ethernet switch in QoS when implementing real-time services such as voice) high complexity in terms of mechanisms.

The "Layer 3" concept comes from the iso osi (open system connection) layer-7 network reference model. Bottom-up: the first layer is the physical layer that defines the physical mode of data transmission through network devices, as well as optical, electrical, and mechanical properties. A typical network device in the physical layer is a Repeater (Repeater), a signal amplifier, which is used to solve the problem of signal attenuation as the transmission distance increases. The second layer is the data link layer, which defines the communication connection process, encapsulates data frames, and monitors and corrects data packet transmission errors. A typical network device of a L2 Switch is a bridge and a L2 Switch.

Traditionally, a network switch is developed by a bridge. It is a network device that can match the physical addresses of both parties. The device can be based on the header information in the data unit, move cells or frames from one or more input ports to one or more output ports to complete information transmission. The biggest advantage of a layer-2 switch is that data transmission is fast, because it only needs to identify the MAC address (the physical address of the network interface) in the data frame ), the algorithm for directly generating forwarding Ports Based on the MAC address is very simple and suitable for ASIC chip implementation. A layer-2 switch can only process data packets based on their peripheral information (mainly MAC addresses). Although it also supports basic functions such as subnet division and broadcast restrictions, however, the capability in traffic processing and control is very limited.

The first layer-3 device is a router. It implements the routing function based on the routing protocol, that is, the data forwarding function between IP networks. On the backbone network, the main role of a router is routing selection. In man networks, routers are mainly used for network connection and route selection, and are responsible for connection and data forwarding between subordinate networks. In the campus network, routers are mainly used to isolate broadcast storms between subnets, simplify network management, and prevent unauthorized subnet access. Vro features are complex, so you can only use software to complete the process, so the performance is limited.

In fact, performance and functions are usually in conflict, while layer-2 switches and routers are a typical embodiment of this conflict. Vswitch exchange speed is fast, but the control function is weak; vro control is strong, but the packet forwarding performance is poor. The emergence of layer-3 switches balances the contradiction to some extent.

A layer-3 Switch combines the functions of a layer-2 switch with a vro. It can complete both the port switching function and the routing function of some vrouters. When two nodes in different subnets communicate with each other through a layer-3 switch, the first packet must be routed through the routing processor of the layer-3 Switch to reach the destination node. However, the packet sent between the two nodes is, it does not need to be processed by the Route Processor. This is because the layer-3 Switch has the capability of memory routing. The routing memory function of a layer-3 switch is implemented by the routing cache.

When a data packet is sent to a layer-3 switch, the layer-3 Switch first checks its cache list to see if there are any records in the route cache. If there are records, it directly retrieves the cached records for routing, instead of being processed by the route processor, the routing speed of such data packets is greatly improved. If no record is found in the routing cache, the layer-3 Switch sends the data packet to the routing processor for processing, and forwards the data packet after processing. Of course, layer-3 switches cannot be compared with routers in terms of routing protocol support and WAN connection, so they do not completely replace routers. However, with the development and innovation of layer-3 switching technology in Lan, layer-3 switches have gradually replaced the status of enterprise routers.

It should be noted that today's "layer-3" switches often have higher-level control functions on the network layer, such as layer-4 traffic Processing Based on protocol types and port numbers, you can even filter content based on the application layer (Layer 7. However, these higher-level functions often only play an auxiliary role, and their essential functions are still concentrated on the third and second layers. Therefore, we still call them layer-3 switches.

View switch mainstream technologies

Due to the increasing complexity of layer-3 Ethernet switches, enterprise users are often confused about the various protocols and features supported by devices when purchasing them. Indeed, from the perspective of actual application, there are usually a considerable number of features that do not play a role throughout the entire lifecycle of the device. In the context of certain requirements, these features have become a necessary means to solve the problem. A proper understanding of these features will be of great help to reasonably apply layer-3 switches. To this end, we will briefly introduce the mainstream features of layer-3 switches.

ProCurve5406zl is one of the mainstream three-tier switch products with rich functions on the market. It supports almost all mainstream technologies and protocols and has good standard compatibility. Compared with other products, it has ProVisionASIC technology, which can better detect and control traffic content, provides higher-level policy execution capabilities and better security. In addition, with ProCurveIdentity Driven Manager (IDM) software, you can seamlessly implement secure and automatic access control based on user identity in the enterprise network environment.

As a three-tier chassis switch, ProCurve5406zl provides six slots. The configuration for this test includes two J8705A modules, j8705A provides 20 Gigabit copper interfaces and 4 mini-GBIC Gigabit Optical interfaces. All copper interfaces not only support MDI/MDI-X polarity adaptation, but also support Ethernet power supply (PoE, it provides great convenience for enterprise users to deploy IP phones and other devices. In addition to the command line interface, ProCurve5406zl also provides a text-based menu system to simplify maintenance and configuration of switches. Of course, ProCurveManager Plus is a more effective management tool for users who need to manage multiple devices. An episode occurred when the device sent the test. Because the J8705A module is newer and the Firmware version is earlier, initialization fails, the ProCurve support staff quickly identified the problem and provided a solution. Because ProCurve 5406zl has no management module or interface, we have successfully upgraded Firmware through the XModem protocol and solved the initialization problem.