Intelligent switch should meet three major needs

Source: Internet
Author: User
Tags network function requires socket port number backup


The large-scale application of equipment, the cost of a substantial decline in competition more rational, these show that the broadband business has passed the life cycle of the entry period, into the business into a long-term. The user's demand for the broadband network is finally to achieve "three nets in one", that is, data, voice, video business of the three-network unity. In order to be able to guarantee the key business of the user, different levels of users to treat, it is necessary for broadband IP network to provide users with end-to-end service quality, but also requires from the edge access layer equipment to the core layer of equipment can provide a unified QoS characteristics, in addition, the user's management and billing is also broadband equipment, Especially for the Ethernet switch intelligent requirements.



End to end QoS required



For the requirement of QoS, in order to satisfy the application of triple network integration, you must be able to discriminate between different business flows on a switching device, such as providing a higher bandwidth for some critical business, and allocating less bandwidth to a business with a lower priority, thus ensuring that the same network provides different services for different businesses, Implement differentiated services. First of all, it is necessary to be able to carry out a reasonable and comprehensive flow classification of the business flow, requiring the device to support at least 2 to 4 levels of flow classification (OSI layer standard), better equipment can truly realize according to user needs to customize, realize 2~7 layer of flow classification. The switch must be able to support 802.1p (mandatory priority), DiffServ (differentiated Services), car (traffic supervision) and other service policies, WRR and red, Holb, control and other early-stage congestion controls.



Improve ACL functionality



The second requirement is the improvement of ACL (access control) function, which can be used to filter the data flow of the equipment according to certain principles, and the most common strategy is to access control based on flow classification. A common application is to configure ACL rules on local export devices for the IP addresses of some illegal web sites, and to prohibit local users from accessing illegal web sites. ACL access control to which the specific level of control depends entirely on the ability of the flow classification, the more the flow classification ability to control the level of the larger, of course, is not to say that energy flow classification can access control, but that the flow classification is to achieve access control a necessary condition, With this condition, it depends on what level of access control implementation can reach. This requires the switch to be based on the user's source Mac, purpose Mac, source physical port number, destination physical port number, source IP address, destination IP address, source network segment address, destination network segment address, according to four layer protocol type (socket), according to user custom rules to classify data services, At the same time, according to these classifications to provide different services for different service quality or ACL control, that is, prohibit or allow specific flow forwarding.



Adapt to multiple service applications



A third requirement is the need for a multiple-business application. Here the so-called multiple services include several aspects: first, the support of the multicast business, the two-tier switch on the implementation of IGMP snooping function, three-tier switch should be implemented PIM-SM, PIM-DM, DVMRP and other three-tier multicast protocol at least one of the above, the current industry more recognized, The most widely used is PIM protocol, the other is the user's security strategy, including user authentication, user billing, basic anti attack strategy, etc. At present, the authentication methods of the user identity on the Ethernet switch are mainly mac+port binding, mac+ip binding, ip+mac+port binding, and the complex authentication methods are 802.1x, portal certification, mandatory portal and so on. 802.1X implementations can have both local authentication and remote authentication, local authentication means that the switch has RADIUS server built in, and users can authenticate directly on the local switch without the need to plug the RADIUS server on the switch. Remote Authentication requires the external radius Server to be provided outside the switch, and the switch itself only completes the relay of the authenticated message. Portal certification is an independent authentication protocol, through the exchange of equipment to terminate the authentication message, while converting the standard RADIUS authentication message to the remote RADIUS server for RADIUS certification, divided into portal certification and mandatory portal two ways.



Multicast service has become one of the main services of IP network, and the video service based on multicast has been widely used. Traditional multicast service is only concerned with the feasibility of business, the rationalization of network bandwidth, and can not achieve the control of subordinate users receive permissions. The Intelligent Ethernet switch should be able to provide control over the multicast business permissions, only through authenticated users can receive the corresponding multicast business, the user who does not have the authentication of the multicast authorization can only realize the communication of the data service can not receive the multicast service, this concept is called controllable multicast or controlled multicast. The ability to support ACLs based on complex flow classification in the Access layer device. It can classify data services based on user's source Mac, destination Mac, source physical port number, destination physical port number, source IP address, destination IP address, source segment address, destination network segment address, four-layer protocol type (socket) and user-defined rules, etc. At the same time, according to the above classification of different traffic flow to provide different quality of service or ACL control, that is, prohibit or allow specific flow forwarding.



As an intelligent Ethernet switch, in addition to the user can be managed, but also the equipment should have a strong management and security characteristics. The management of the equipment first is to cooperate with the management of the equipment of network management, should support SNMP v1/v2/v3, RMON 1, 2, 3, 9,web network management, can from the network management platform to the equipment visualization, the convenient equipment manages. In addition, the device itself should have a certain security features, including two-tier port bundle, STP/RSTP, MSTP, three-layer VRRP, such as link backup or device backup capabilities.  Intelligent Ethernet switch can provide cluster management, Pvlan, GMRP, GVRP.



The user's billing mainly relies on the RADIUS server to complete, the switch is responsible for the statistics user's time length, the traffic, the access content and so on billing information, and is responsible for the statistic information to forward to the backstage radius billing server. In the above understanding of Intelligent Ethernet switch, Quidway s3026e (two-layer switch), Quidway s3526e (three layer switch) are intelligent Ethernet switches.



Intelligent Transfer to the access layer



The Intelligent Ethernet Switch market has a wide application prospect, and the intelligent Ethernet switch has become the key equipment of network construction at present, such as large enterprise network, education Network, broadband Intelligent district, etc., and the intelligent Ethernet switch in other areas such as IP metropolitan Area Network and financial network also plays a more and more important role.



Future Intelligent Ethernet Switch functions will be further enhanced, such as hardware NAT Business Board, ALG (address gateway), hardware integrated iad (voice gateway), MPLS VPN and other services will be implemented on the intelligent Ethernet switch, The most intelligent services of the network convergence layer are moved down to the Intelligent Ethernet switch of the access layer gradually, which can reduce the burden of the aggregation layer, so as to optimize the network, improve the network efficiency and enhance the network function, and finally smooth the transition to NGN (Next Generation Network).


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.