How to purchase a vswitch from all aspects (1)

As the main device for network connection, a vswitch determines the performance and stability of the network. The network structure varies depending on the company's size, however, to enable the company's network to transmit a large amount of network data and operate stably and securely, it is necessary to select a switch with excellent performance and a suitable price. I personally have been engaged in this field for a while and have some basic opinions on the current technology and performance of the switch. I hope to give you some reference:

I. New technologies in switch products in recent years　

Many new technologies have emerged in vswitches in recent years, and some technologies are very useful.

1. the Trunking and Trunking technologies can bind multiple low-bandwidth switching ports of a vswitch into a high-bandwidth link without changing existing network devices and original wiring, load Balancing is achieved through several ports to avoid link congestion. Some equipment in the company's backbone network can use this technology: the network traffic is relatively large, but the actual situation does not allow the use of optical cables, the use of Trunking can solve the bottleneck problem in data transmission.

2. layer-4 switches developed on the basis of layer-3 switches. This is a relatively new feature, which will be described in detail here.

Data Streams composed of data packets in the network can be identified at Layer 2nd, Layer 3, or Layer 4. Each layer provides more detailed information about the data stream. On Layer 3, each data packet in the data stream is identified by the MAC address of the source site and destination site. In the broadcast domain, layer-4 switching is limited, because the source and target MAC addresses only give a rough explanation of the information in the packets. Second-level switches provide low-cost, high-bandwidth network connections, but they cannot provide necessary control capabilities for the main data streams.

On Layer 3, data streams are identified by source and destination network IP addresses. The ability to control data streams is limited to source and destination address pairs. If a client is using multiple applications on the same server at the same time, Layer 2 information will not describe each application stream in detail, so that different data streams cannot be identified, we cannot implement different control rules for each data stream one by one. Layer 2 of the OSI model is the transport layer. It coordinates the communication between the network source and the target system. Both TCP transmission control protocol and UDP User Datagram Protocol) are located at Layer 4th. At Layer 3, each packet contains information that can be used to uniquely identify the application that sends the packet. This can be done because both the TCP and UDP headers contain "port numbers" that determine the application protocol included in each package.

Combining the port number information of the 4th-layer header with the source-target information of the 3rd-layer header can achieve real precise control. The conversation flow of a specific application can be controlled between the client and the server. If the exchange router is fully functional, all this work can be done at line speed.

One client/server can open multiple different application sessions at the same time. An enterprise's backbone network may contain thousands of client/server pairs. Therefore, an enterprise's backbone network-level exchange router must have a large table capacity to store up to millions of 4th laminar flows. Because the sending cache is too high, and the performance of the backbone network is often degraded due to table errors in these routers, Layer 2 switches generally do not store information about Layer 2 data streams.

Application Layer Control has the following advantages:

Application layer service quality. The real service quality policy provides line-rate bandwidth and low latency for all applications to meet the needs of all communication traffic in the network. However, when an output port of a vswitch is overloaded and the internal buffer zone is full, the service quality should be required to establish a rule or "policy" with a specified priority ", in order to prioritize network traffic.

The exchange router allows you to set service quality policies for traffic at the application layer, so that network administrators can fully control the bandwidth usage in the network backbone. In layer-3 and layer-3 switching, the service quality policy can only be applied to network traffic based on the source or target address. The use of quality of service policies for layer-3 application traffic means that application conversations between individual hosts and hosts can also be prioritized.

Network security at the application layer. Traditional routers use security filters and access control lists to achieve secure access to the company's networks and databases. A natural result of software-based processing is that once the security filter is enabled, the router performance will be greatly reduced, because the CPU of the central processor) the command to be executed on each package is greatly increased.

The exchange router eliminates performance loss related to security features. When all advanced features, including security, are activated, the real exchange router should be able to provide line rate performance. In a switched router, data packets are processed in a specific ASIC. Because source and destination port information is captured, application layer security and line rate performance can be achieved simultaneously. For example, access to company information can be controlled based on users' applications, rather than prohibiting all users from accessing a specific application. This gives the network administrator more flexibility and better control over the company's network, and enables the desktop machine to choose to use more applications.

Accounting at the application layer. Management requires measurement. As we cannot measure network traffic, we cannot effectively manage the network. By tracking application flows, the exchange router greatly improves the measurement, accounting, and performance monitoring capabilities.

Accounting information is directly converted into standard RMON (remote network monitoring)/RMON2 on each port, so that independent external RMON/RMON2 detectors are not required. In this way, the exchange router can always provide the line rate RMON/RMON2 including all function groups on all ports, and the administrator can also directly access the RMON/RMON2 statistics from the exchange router. This function should be considered when the company uses a backbone switch, it can greatly improve network performance, and allows the company to slightly monitor the network information flow, user application layer accounting.

3. Support for multiple routing protocols.

The exchange router greatly improves its performance and functions through hardware measures, but the routing processing is still based on software. The original switched router only supports the Router Information Protocol RIP). For a simple network, RIP is generally enough. However, complicated networks require more complex routing protocols. An Open Shortest Path (OSPF) routing protocol is required for a vswitch router designed for a large network.

As applications that require multi-point Multicast (Multicast) are becoming increasingly popular, the exchange-type router should be able to implement a full set of standard-based Multicast protocols, such as the distance vector Multicast Routing Protocol (DVMRP) and more protocol-Independent Multicast Protocol PIM ).

For example, SmartSwitchRouterSSR, a smart exchange router of Cabletron, can exchange 2nd, 3, and 4 layers on all ports at a gigabit rate per second. The high-speed dedicated ASIC chip forwards data packets by searching the 2nd, 3, and 4-layer headers. In addition, smart exchange routers can implement bandwidth allocation, fault diagnosis, and access control for TCP/IP application data streams by switching data packets at Layer 3, it also provides detailed traffic statistics and accounting information, application layer QoS policies, and access control capabilities.

Many companies' networks use static routing, which is determined by the current network topology. When the network structure becomes complex, the company's network must consider using dynamic routing protocols to provide network redundancy.

4. The switch based on port switching has been replaced by the Frame Switch.

5. IEEE802.1X protocol, which is used for user authentication to improve network security. On switches that support this Protocol, only users who pass system authentication can send and receive information. The authentication information is retained on a dedicated server for convenient query. The company should try to select a switch that supports 802.1X, and select a switch that supports passthrough of authentication information near the user end, which can significantly improve network security and manageability.