There are many things worth learning about edge switches. Here we mainly introduce how to balance the intelligence and performance of edge switches, if the edge devices of the network integrate QoS, rate limit, ACL, PBR, and sFlow into the hardware chip, the Intelligence will not affect the line rate forwarding performance of the basic layer 2 and Layer 3, therefore, the end-to-end smart network can be carried out on a large scale, so that the entire network not only has global connection capabilities, but also has global network intelligence.
From the past to the present, there have been several different ideas in the network design philosophy. Based on the two key points of tpassthrough and intelligence, the different degree of emphasis affects the Network Design: tpassthrough emphasizes connection capabilities, simple management, and low costs; intelligent emphasizes control and value-added capabilities, therefore, most of them are complex and cost-effective. In fact, the design is not competitive, only depends on the actual needs of users and budget.
Therefore, the network architecture can be a layer-2 architecture with poor scalability, or a layer-3 architecture with high prices; most of the plans will strike a certain balance between the two, which leads to two different architectures-fold backbone network architecture and distributed backbone network architecture. The folding backbone intelligently shrinks to the upper-layer aggregation device, while the access device on the lower layer only emphasizes passthrough and wire speed. From the perspective of intelligent control, this is a centralized design.
The two architectures have significant differences on the network edge. The folding backbone uses layer-2 switching as the edge, while the distributed backbone uses layer-3 switching as the edge. If the intelligence of the network is determined simply by switching or routing, of course, layer-3 switching is better than layer-2 switching. However, as more and more businesses are activated on the same network, the intelligent problem of the network is no longer simply determined by Layer 2/Layer 3. More often, support for QoS, security shielding, network traffic statistics and monitoring, and Policy Routing PBR, can more effectively determine the intelligence of the network. Therefore, the edge Layer 2 switching equipment in a foldable backbone is an edge Layer 3 switching equipment in a distributed backbone. Among the Layer 2 and Layer 3 switching equipment of many manufacturers, users can make clearer choices based on their actual business needs.
QoS execution capability
In multimedia services, data, voice, and images have different requirements for latency, jitter, and packet loss. In order to better execute multimedia services, it is best for users to add QoS tags to the data packets, edge switches, read QoS and execute them, or for untrusted sources, this method is used to classify duplicate rows, Mark QoS with duplicate rows, and execute them. QoS has a layer-2 CoS service level in the past) or a layer-3 IP PrecedenceIP priority level), but now it emphasizes the support capability of differential service DiffSew. Therefore, edge switches play a critical role in end-to-end QoS support as QoS inbound or outbound sites. Hardware Support for DiffSew is one of the key features of edge switches.
Capability of specified access rate
Although the popularization of Gigabit Ethernet makes backbone networks have ample bandwidth, such resources are not inexhaustible. In addition, it is the most feasible method to control the effective use of edge bandwidth. Therefore, the edge switch interface should not only provide the setting capability of 10 Mbit/s, it is also necessary to provide speed limits based on port, priority, VLAN, and ACL classification, and it is best to enable inbound or outbound speed limits, ranging from kb to Gbit/s, the granularity is suitable for hardware chips, generally around K.
Application Smart switch Survey
It must be emphasized that the hardware processing requires that edge devices do not affect their ability to forward data packets at the wire speed due to the startup speed limit, which is an important performance indicator for edge devices. With the complete speed limit function without affecting network performance indicators, You can effectively manage network bandwidth resources.
Security shielding capability of ACL
In the network, the ACL not only allows network administrators to set network policies, but also allows or denies the control of individual users or specific data streams. It can also be used to enhance network security shielding. From simple Ping to Death attacks and TCP Sync attacks to more complex hacker attacks, ACL can be shielded. Two types of ACLs are available: Standard ACL and extended ACLExtended ACL. Whether the edge is a layer-2 switch or layer-3 switch, it is best to support standard ACL and extended ACL, in order to distribute the security shield and policy execution capabilities of the network to the edge of the network.
Like speed limits, network devices should not only be able to execute complete ACL functions, including inbound and outbound capabilities, but must also emphasize the hardware processing capabilities. In this way, when the ACL is enabled, the ability of Layer 2 or Layer 3 switching devices to forward packets at the same time will not be affected.
Policy Routing Support
Generally, whether it is through the RIP, OSPF, BGP, or MPLS tag protocol, the route path is mostly determined by the destination address. Therefore, the network traffic cannot be effectively distributed, or set a policy for network traffic. However, the Policy Routing Capability is sometimes one of the necessary functions in today's diversified network environments. For example, in the environment of a large network operator NSP, different users need to be connected to different Internet carrier ISPs); or on the campus network, users of teaching and research must be connected to high-speed network outlets, while those of dormitory networks are usually directed to low-speed outlets, so that traffic distribution will not affect the scientific research performance of campus networks, at the same time, through appropriate traffic distribution, high-speed/low-speed egress can be allocated to the corresponding traffic, so that the bandwidth application can be effectively allocated. To achieve this sort of traffic, generally the route cannot be achieved. Only by routing PBR through the Policy, the source address can be classified and the IP address of the next hop exit can be determined, this is also the difference between policy routing and General Routing: Route Selection Based on source address information, rather than Route Selection Based on target address information. A policy route can be used not only to select routes and distribute routes based on the user type, but also to specify routes or distribute routes based on the service type. The specific method is to look at the layer-3 IP address, the layer-4 IP port number, and different services to guide different routes.
For example, you can classify the HTTP data streams of port 80 and direct them to a specific layer-4 Web edge switch or cache server to use the Web cache mechanism, this greatly improves the user's Web response time and reduces the repeated traffic at the network egress. All of the above examples are only part of the policy routing function. In fact, its function is far more than this, because the policy routing can be directly specified at the bottom of the network device, and then through the general routing of the intermediate device, to reach the exit of the specified upper-end device, it does not start on the aggregation device in the middle. More often, in order to more effectively distribute the traffic, the Policy Routing will start on the access device.