Edge Switch Equipment plays a very important role in networking. How can we balance the intelligence and performance of edge Switch Equipment? If the edge switch device of the network integrates QoS, rate limit, ACL, PBR, and sFlow into the hardware chip, the Intelligence will not affect the line rate forwarding performance of the basic layer 2 and Layer 3,
Therefore, the end-to-end smart network can be carried out on a large scale, so that the entire network not only has global connection capabilities, but also has global network intelligence. From the past to the present, there have been several different ideas in the network design philosophy. Based on the two key points of tpassthrough and intelligence, the different degree of emphasis affects the Network Design: tpassthrough emphasizes connection capabilities, simple management, and low costs; intelligent emphasizes control and value-added capabilities, therefore, most of them are complex and cost-effective. In fact, the design is not competitive, only depends on the actual needs of users and budget.
Therefore, the network architecture can be a layer-2 architecture with poor scalability, or a layer-3 architecture with high prices; most of the plans will strike a certain balance between the two, which leads to two different architectures-fold backbone network architecture and distributed backbone network architecture. The folding backbone intelligently shrinks to the upper-layer aggregation device, while the access device on the lower layer only emphasizes passthrough and wire speed. From the perspective of intelligent control, this is a centralized design.
The two architectures have significant differences on the network edge. The folding backbone uses layer-2 switching as the edge, while the distributed backbone uses layer-3 switching as the edge. If the intelligence of the network is determined simply by switching or routing, of course, layer-3 switching is better than layer-2 switching. However, as more and more businesses are activated on the same network, the intelligent problem of the network is no longer simply determined by Layer 2/Layer 3. More often, support for QoS, security shielding, network traffic statistics and monitoring, and Policy Routing PBR, can more effectively determine the intelligence of the network. Therefore, the edge Layer 2 switching equipment in a foldable backbone is an edge Layer 3 switching equipment in a distributed backbone. Among the Layer 2 and Layer 3 switching equipment of many manufacturers, users can make clearer choices based on their actual business needs.
QoS execution capability
In multimedia services, data, voice, and images have different requirements for latency, jitter, and packet loss. In order to better execute multimedia services, it is best for users to add corresponding QoS tags to the data packets, edge switch devices, read QoS and execute them, or for untrusted sources, this method is used to classify duplicate rows, Mark QoS with duplicate rows, and execute them. QoS has a layer-2 CoS service level in the past) or a layer-3 IP PrecedenceIP priority level), but now it emphasizes the support capability of differential service DiffSew. Therefore, edge switch devices play a critical role as QoS inbound or outbound sites. Hardware Support for DiffSew is one of the key features of edge switches.
Capability of specified access rate
Although the popularization of Gigabit Ethernet makes backbone networks have ample bandwidth, such resources are not inexhaustible. In addition, it is the most feasible method to control the effective use of edge bandwidth. Therefore, the edge switch interface should not only provide the setting capability of 10 Mbit/s, it is also necessary to provide speed limits based on port, priority, VLAN, and ACL classification, and it is best to enable inbound or outbound speed limits, ranging from kb to Gbit/s, the granularity is suitable for hardware chips, generally around K.
Application Smart edge switch device status survey
It must be emphasized that the hardware processing requires that the edge switch device will not affect its ability to forward data packets at line speed due to the startup speed limit, which is an important performance indicator for edge switch devices. With the complete speed limit function without affecting network performance indicators, You can effectively manage network bandwidth resources.
Security shielding capability of ACL
In the network, the ACL not only allows network administrators to set network policies, but also allows or denies the control of individual users or specific data streams. It can also be used to enhance network security shielding. From simple Ping to Death attacks and TCP Sync attacks to more complex hacker attacks, ACL can be shielded. Two types of ACLs are available: Standard ACL and extended ACLExtended ACL. Whether the edge is a layer-2 switch or layer-3 switch, it is best to support standard ACL and extended ACL, in order to distribute the security shield and policy execution capabilities of the network to the edge of the network. Like speed limits, network devices should not only be able to execute complete ACL functions, including inbound and outbound capabilities, but must also emphasize the hardware processing capabilities. In this way, when the ACL is enabled, the ability of Layer 2 or Layer 3 switching devices to forward packets at the same time will not be affected.
Policy Routing Support
Generally, whether it is through the RIP, OSPF, BGP, or MPLS tag protocol, the route path is mostly determined by the destination address. Therefore, the network traffic cannot be effectively distributed, or set a policy for network traffic. However, the Policy Routing Capability is sometimes one of the necessary functions in today's diversified network environments. For example, in the environment of a large network operator NSP, different users need to be connected to different Internet carrier ISPs); or on the campus network, users of teaching and research must be connected to high-speed network outlets, while those of dormitory networks are usually directed to low-speed outlets, so that traffic distribution will not affect the scientific research performance of campus networks, at the same time, through appropriate traffic distribution, high-speed/low-speed egress can be allocated to the corresponding traffic, so that the bandwidth application can be effectively allocated. To achieve this sort of traffic, generally the route cannot be achieved. Only by routing PBR through the Policy, the source address can be classified and the IP address of the next hop exit can be determined, this is also the difference between policy routing and General Routing: Route Selection Based on source address information, rather than Route Selection Based on target address information. A policy route can be used not only to select routes and distribute routes based on the user type, but also to specify routes or distribute routes based on the service type. The specific method is to look at the layer-3 IP address, the layer-4 IP port number, and different services to guide different routes. For example, you can classify the HTTP data streams of port 80 and direct them to a specific layer-4 Web switch or cache server to use the Web cache mechanism, this greatly improves the user's Web response time and reduces the repeated traffic at the network egress. All of the above examples are only part of the policy routing function. In fact, its function is far more than this, because the policy routing can be directly specified at the bottom of the network device, and then through the general routing of the intermediate device, to reach the exit of the specified upper-end device, it does not start on the aggregation device in the middle. More often, in order to more effectively distribute the traffic, the Policy Routing will start on the access device. Like ACL, on the network devices that require policy routing, you must not only have complete and diverse policy routing support functions, but also emphasize that hardware processing capabilities can be enabled at the same time, the three-tier switch line rate forwarding capability is still available.
Network traffic statistics and monitoring capabilities
Traffic statistics and monitoring have become an important part of network construction. A simple idea is that if you cannot see the overall network traffic, how can you manage the entire network? If we provide high-performance bandwidth while fully understanding network traffic information, we can adjust network resources and policies at any time to make the network run smoothly, it also makes troubleshooting of network faults easy and fast. Therefore, a complete, full-network, and real-time network monitoring system is provided in the network, just like installing surveillance cameras everywhere on the cross-border highway network, allow traffic control personnel to take effective traffic diversion measures, and provide an important reference for Route expansion and planning through the complete statistical data.
In the past, due to the limitations of existing technologies, most of the traffic monitoring and statistics functions were only implemented using technologies such as SNMP, RMON, and RMON v2, it also has a considerable impact on the bandwidth usage of the network or the resource overhead of the network device. Therefore, the entire network cannot be covered, and real-time monitoring is not supported, it cannot be executed on high-speed networks such as Mbit/s, 1 Gbit/s, or even 10 Gbit/s ports. All of these make monitoring and statistics across the network unsatisfactory.
Recently, NetFlow and sFlowRFC3176) stream-based traffic monitoring and statistics technology emerged on high-end network devices, including backbone, edge, L2, and L3 devices. These two technologies provide relatively complete traffic information, but they are still different: NetFlow expands to IPX and AppleTalk while providing more information, including VLAN statistics, MAC address statistics, and BGP Community statistics. Therefore, from the perspective of statistics and billing, NetFlow can provide more convincing information, but the relative overhead and cost are also high; from the perspective of Statistics and Monitoring, sFlow provides more information, the Analysis of traffic distribution, the future trend of traffic, the monitoring of abnormal traffic, and fault discovery and troubleshooting can all be achieved through the hardware chip at a wire speed at a relatively low cost, sFlow can therefore be directly built into the edge layer-2 or layer-3 switching devices to provide full-network and real-time network monitoring functions. This is an attractive value-added function for the entire network. Like the above mentioned functions, sFlow traffic statistics and monitoring functions must also be processed by hardware, so as not to affect the two-layer or three-layer switching line rate performance of network devices.
In terms of the design concept of networking, whether it is to use a centralized foldable backbone, thus emphasizing the use of transparent layer 2 switching equipment as edge access equipment; or to use a distributed backbone, therefore, it is emphasized that smart layer-3 switching devices are used as edge access devices. Their intelligence should not be limited to the consideration of switching or routing capabilities, or only emphasize the ability of line rate switching or line rate routing, after all, this part is already the industry standard, and almost all manufacturers can achieve layer-2 switching and layer-3 routing devices. With the development of broadband networks, broadband services, and multimedia applications, users should be more concerned with end-to-end network intelligence and hardware chip integration capabilities. If the edge device is a layer-2 switching or layer-3 Routing Switching Device), the service quality of service (QoS), rate Limiting (Rating Limiting), and access control list (ACL) are greatly affected) and Policy Routing PBR) and traffic monitoring sFlow) are integrated into the hardware chip, so that these intelligence will not affect the basic layer-2 and layer-3 line rate forwarding performance, so that end-to-end smart networks can be carried out on a large scale, so that the entire network not only has global Connectivity), but also has global intelligent Control ). With this concept, users can clearly locate and select different products only on a large number of edge switch devices.