In the early 90, with the improvement of computer performance and the increase of traffic, traditional LAN has more and more exceeded its own load, switching Ethernet technology came into being, which greatly improved the performance of LAN. The two-tier switch plays a key role in the development of the switch technology, but with the maturity of the two-layer switch technology, we have not seen the two-layer switch to make any breakthroughs in technology for a long time.
What is a two-tier switch
The original second layer switch is defined for the second protocol layer of OSI because it works only on the second layer of the OSI open System model-the data link layer. The two-layer switch can identify the MAC address information in the packet, forward it according to the MAC address, and record the MAC address with the corresponding port in an address table within itself. The specific work flow is as follows:
(1) When the switch receives a packet from a port, it first reads the source MAC address in the header, so it knows the source MAC address machine is connected to which port;
(2) to read the destination MAC address in the header and find the corresponding outbound port in the Address table.
(3) If there is a port corresponding to the MAC address in the table, copy the packet directly onto the port;
(4) If the table can not find the appropriate port to the packet broadcast to all ports, when the target machine to respond to the source machine, the switch could learn a destination MAC address and which port corresponding, the next time the data transfer will no longer need to broadcast all the ports.
Continuous cycle of this process, for the whole network of MAC address information can be learned, the second-tier switch is to establish and maintain its own address table, which is the most basic operation of the switch. Two-tier switch is the most original Exchange technology products, the current access type switch is generally belong to this type, generally the work undertaken is not very strong, and at the bottom of the Exchange network, so it is only necessary to provide the most basic two-layer data forwarding function. At present, the two-tier switch is the most widely used, which is generally applied to the access level of small enterprise or above enterprise network.
Two-layer switch pointing smart Gigabit
The two-layer switch from the original 10M switched from the network, and gradually toward the 10/100m to 10/100m Ordinary network management, has now moved to Intelligent network management, and is moving towards 1000M exchange capabilities. Second-tier switches are constantly being enhanced with intelligence to enable them to process data packet flows based on layers two to four, which improves quality of service (QOS) and security policies for the switch. and the promotion of "gigabit to the desktop" of the two-tier gigabit switch will also be coming to the hot spot.
1. Network Management Pointing Intelligence
The original switch is not a network management function, it can only identify the purpose of the packet MAC address, according to the hardware address for packet forwarding. The inherent problem of the Exchange environment, the control of the business, the need for the security of the two-tier switch to add network control capabilities, which led to the management of the switch. Now the network administrator has pointed to intelligent features, which include: Quality of Service (QOS) and security policy.
(1) Service quality
With more and more applications of multimedia in the network, high demand for service quality, network system should be able to guarantee QoS, through reasonable QoS strategy to ensure the voice, image and other multimedia data transmission network, to provide users with differentiated services; For enterprise users, can guarantee VoIP, video conferencing, Multimedia teaching and other network applications of uninterrupted transmission, further improve the efficiency of enterprises.
If many network applications are classified, can be divided into data, voice, video three kinds. The mixed transmission of data flow, voice stream and video stream has great influence on network stability, and these applications are all originated on the edge of network, so it is necessary to differentiate the different traffic flow by the two-layer switch and different bandwidth allocation according to the priority. The Edge Smart switch adds quality of service (QoS) on top of the original manageable switch technology. Using High-performance integrated chips, the two-layer intelligent switch can recognize and process data packets and traffic flow including MAC layer, IP layer and TCP/UDP layer, 802.1p priority can provide priority queue, can manage and control according to different traffic flow, to reach the specified bandwidth, priority forwarding target. Fundamentally solve the problem of intelligent exchange of network equipment, to meet the needs of users ' business diversity.
(2) Security Policy
In view of the various security threats faced by the network, the two-layer intelligent switch has a complete security control mechanism to effectively prevent and control malicious attacks and intrusion, and provides a secure solution to the edge of the network.
• Access security. ACL access control based on MAC address, IP address, tcp/udp port number and protocol, etc. l2~l4. 802.1X port Security authentication effectively controls visitors and prevents illegal users from accessing the network.
VLAN control. Through VLANs, each port of switch can be separated from each other.
• Support for the monitoring and defense of DOS (Denial-of-service) attacks. Denial of service attacks will make network devices, servers, and PCs that are being flooded with massive requests for replies, consume network bandwidth and system resources, and cause networks and systems to become overwhelmed and paralyzed to stop providing normal network services. The monitoring and defense capabilities of Dos attacks isolate the threat of attack from the edge of the network. The switch uses certain algorithms to monitor possible Dos attacks and stops accepting messages when detected.
• Manage security aspects. Encrypt all information that is passed by the switch and network management software. Administrative access Control (ACL), you can specify or limit the PC of an IP or IP subnet to the switch telnet or web management, to prevent hackers or illegal users of the switch malicious attacks and control. radius/tacacs+ security certification, users log on to the switch management needs to be authenticated.