Layer-3 Exchange Technology

With the explosive growth of today's network business traffic, and the business flow pattern changes to more business flows across the subnet boundary, the business flow through the router is also greatly increased, network bottlenecks caused by low speed and complexity of traditional routers are highlighted. The emergence of layer-3 switching technology has effectively solved network bottlenecks such as low forwarding rate and high latency caused by the cross-network segment of business flows in the LAN. The application fields of layer-3 switching equipment also penetrate from the initial backbone layer and convergence layer to the edge access layer. Layer-3 switching devices are becoming increasingly popular in network interconnection applications. However, there is a big difference in people's understanding of layer-3 Exchange Technology and Its devices. Some professional magazines and Popular Science Abstracts may be misleading in the inaccurate introduction of layer-3 exchange technology principles. As a new generation of LAN routing and switching technology, layer-3 switching is different from layer-2 Ethernet switches and traditional routers in terms of architecture, functions, and performance. This article analyzes the basic features, classification and implementation principles of layer-3 Exchange Technology, hoping to help people further understand and use layer-3 Exchange devices.

1 Basic Features of layer-3 Exchange Technology

Layer-3 exchange technology is also known as IP exchange technology. It combines the advantages of Layer 2 vswitches and Layer 3 vrouters into an organic whole. It is a mechanism that uses the information in Layer 3 protocol to enhance the Layer 2 switching function, it is a new generation of LAN routing and switching technology. The layer-3 switching technology provides the ability to achieve Transmission Performance over 10 times of the current system at 1/10 of the cost. Since a layer-3 switch can perform most of the functions of a traditional router in place of a router, it should have the basic characteristics of routing. We know that the core functions of a route mainly include data packet forwarding and route processing. Data Packet forwarding is the most basic function of a router and a layer-3 switch. It is used to transmit data packets between subnets. Route processing sub-functions include creating and maintaining a route table, to achieve this function, you must enable the routing protocol such as RIP or OSPF to discover and establish a network topology view to form a route table. Once the route processing is completed, it is the task of forwarding packets to the destination. The packet forwarding sub-function includes checking the IP packet header, splitting and reorganizing IP packets, and modifying TTL) parameters, re-calculation of IP header checksum, MAC address resolution, IP packet data link encapsulation, and IP packet error and control processing ICMP. Layer-3 switching also includes a series of special service functions, such as data packet format conversion, information stream priority classification, user authentication, packet filtering, and other security services, IP address management, the conversion between LAN protocol and Wan protocol. When a layer-3 switch is used only for forwarding traffic between sub-networks or VLANs in a LAN, no route processing is performed and only layer-3 traffic Forwarding is performed. In this case, the device does not need the routing function.

Because a traditional router is a software-driven device, almost all data packet exchange, routing, and special service functions, including processing a variety of underlying technologies and a variety of layer-3 protocols, are implemented by software, you can also upgrade the software to enhance the device functions, so it has good scalability and flexibility. However, it also has the disadvantages of complicated configurations, high prices, relatively low throughput, and relatively high throughput changes. The layer-3 switching technology makes up for the shortcomings of traditional routers. The following methods are often used to design layer-3 switching products:

· Reduce the number of protocols to be processed, often only for IP addresses;

· Only switch and routing functions are completed, and special services are restricted;

· Use dedicated Integrated Circuit ASIC) to construct more functions, instead of running these functions using software on the RSIC processor.

The third-layer exchange product adopts a structured and modular design method, and the architecture has a good sense of attention. The software module and hardware module have a clear division of labor and coordination. Information can be centrally stored, completely distributed, or cached for the entire device. For example, if the layer-3 destination address of an IP packet is fixed in the frame, the address bit can be extracted by the hardware, and the hardware performs route computing or address search. On the other hand, the route table construction and maintenance can continue to be completed by the software in the RSIC chip. In short, the realization of layer-3 switching technology and products is attributed to the rapid development of modern chip technology, especially ASIC Technology.

2 layer-3 Exchange Technology classification, principles and implementation methods

Currently, there are two types of layer-3 switching technology: the first type is packet-to-packet switching. Each packet must undergo layer-3 processing, that is, at least route processing ), in addition, data stream Forwarding is based on the layer-3 address. The second type is stream exchange. Instead of processing all packets on the layer-3, it only analyzes the first packet in the stream to complete route processing, based on the layer-3 address, the next packet in the stream is processed using one or more shortcuts. This technology is designed to facilitate line rate routing. To understand the key of layer-3 switching technology, we must first distinguish the different forwarding methods of the two types of packets.

A notable feature of the packet-to-packet processing method is that it can adapt to the topology changes of the route. By running the standard protocol and maintaining the route table, packets can be dynamically routed to the Packet Exchange Device, bypassing network fault points and congestion points without waiting for high-level protocol packet loss detection. The stream exchange method does not have these features, because subsequent packets take shortcuts without the need for layer-3 processing, so that it cannot identify the changes to the standard protocol's route table. Therefore, the stream exchange method may need another protocol to obtain topology changes or congestion information, so as to reach the correct place in the exchange system. 2.1 principles and implementation methods of packet-to-Packet Exchange

Packet-to-Packet Exchange follows a data flow process: the packet enters the first layer of the OSI reference model in the system, that is, the physical interface, and then receives the target MAC check on the second layer, if the second layer can be switched, the second layer is switched; otherwise, the third layer is the network layer. On the third layer, packets must be identified by path, address resolution, and some special services. After processing, the packet has been updated. After an appropriate output port is determined, the packet is sent to the physical media through the first layer. A traditional router is a typical device that complies with the layer-3 packet to Packet Exchange Technology, the inherent defects of its completely software-based working mechanism have been overcome by modern hardware-based third-layer switching devices.

Currently, layer-3 switching devices provided by various manufacturers have almost the same hardware architecture.

The central silicon exchange array connects to the CPU module through the CPU interface bus, and connects to the I/O interface module through the I/O interface bus. It is the centralized point for traffic aggregation and switching of each port of the device, it provides parallel exchange paths for the incoming and outgoing ports of devices. All data streams across the I/O interface module must be forwarded through the silicon exchange array. Each I/O interface module contains one or more forwarding engines, and the ASIC on it completes all the packets *, including route search, packet classification, layer-3 forwarding, and business flow decision-making, this ASIC method that distributes packets to each I/O port is a key part of the layer-3 switching device's ability to route at line rate. The CPU module mainly serves as the background of the device, such as running various routing protocols related to route processing, creating and maintaining route tables, and configuring the system, the route table information is imported into the ASIC of the distributed forwarding engine of each I/O interface module. In this way, the distributed forwarding engine ASIC of each interface module directly makes a packet forwarding policy based on the route table, without the need to process all packets as traditional routers do.

Principle and Implementation Method of stream Exchange Technology

In stream exchange, the first packet is analyzed to determine whether it identifies a "stream" or a group of packets with the same source address or destination address. Stream switching saves the processing time required to check each packet. Subsequent packets in the same stream are exchanged to the destination address based on the second layer. Two techniques are required for stream exchange. The first technique is to identify which feature of the first packet identifies a stream. This flow can take shortcuts for other packets, that is, the second layer path. The second technique is to make the stream long enough to take advantage of shortcuts once a path passes through the network is established. How to detect a stream, identify packets belonging to a specific stream, and establish a flow path through the network varies with the implementation mechanism. A variety of stream exchange technologies have emerged, such as the Fast IP address of 3Com, the Multi-Protocol Label Switching MPLS that Cisco submits to IETF), and the multi-protocol MPOA of the ATM Forum) and Ipsilon's IP exchange. We can divide it into two main types: end system-driven stream exchange and network-centric stream exchange. Limited by space, we will only briefly introduce the working principle of 3Com's Fast IP address.

3Com's Fast IP address is an end-system-driven stream exchange technology, and its working principle is based on the NHRP standard draft ). The source host sends a Fast IP connection request, which is routed through the network like a data packet. If the target host also runs a Fast IP address, then it sends an NHRP response packet containing its MAC address to the source host. If the source host and the target host have a layer-2 switching path, when the NHRP response packet arrives at the source host, a MAC ing table of the MAC address and port of the target host will be created in the received switch, then, the source host can exchange data packets directly through the layer-2 channel of the switch based on the MAC address of the target host, instead of going through the router. If there is no exchange path between the two hosts and no NHRP response is returned, the packets are routed as before.

The Fast IP software runs on the driver of the network interface card NIC of the source and target hosts. It works with the host's IP protocol stack and NIC Driver interfaces to coordinate NHRP switching. In short, the Fast IP address tries to improve the forwarding performance of routes on the exchange network, but it does not have the potential flexibility and cannot provide any security protection through packet filtering, moreover, NHRP protocol software must be installed on the host involved in the Fast IP address exchange. In fact, it increases the workload of equipment maintenance.

Multiple stream exchange technologies were initially developed on the premise of slow route selection and high costs. The packet-to-Packet Exchange product has proved that this is no longer the case. Compared with packet-to-Packet Exchange products, the stream exchange method is more complex and difficult to understand. In a dynamic network environment, it is still a problem to be studied to identify, establish, manage, and withdraw a large number of streams. Currently, layer-3 switches used for LAN interconnection are mostly based on packet-to-Packet Exchange Technology. Stream switching is more likely to find its location in the wide area network.

3. Question the viewpoint that layer-3 switches "route once, switch everywhere" or "layer-2 switch based on the target MAC address"

At present, many articles have introduced the working principle of layer-3 switches, and the switch tends to share the same view on the forwarding mechanism of layer-3 packets, that is, "one route, switch everywhere "or" Layer 2 switch based on the target MAC address ".

"The principle of layer-3 switching is to assume that two hosts A and B Using IP addresses communicate through layer-3 switches. When Site A starts sending, it compares its IP address with the IP address of Site B to determine whether Site B is in the same subnet as it. If the destination site B and the destination site A are in the same subnet, Layer 2 Forwarding is performed. If the two sites are not in the same subnet, for example, if Station A needs to communicate with Station B, station A must send an ARP request address resolution packet to the "Default Gateway, the IP address of the "Default Gateway" is actually a layer-3 Switch module. When station A broadcasted an ARP request to the IP address of the "Default Gateway", if the layer-3 Switching Module knew the MAC address of Station B during the previous communication, then the MAC address of B is returned to the sending Site. Otherwise, the layer-3 Switch module broadcasts an ARP request to Site B based on the route information. Site B receives the ARP request and then replies to the layer-3 Switch module with its MAC address, the layer-3 Switching Module saves the address and sends it back to the sender Site A. It also sends the MAC address of Site B to the MAC address table of the layer-2 switching engine. After that, all data packets sent by A to B are forwarded to the layer-2 exchange process, enabling high-speed information exchange. Because layer-3 processing is only required in the routing process, most data is forwarded through layer-2 switch, so the speed of layer-3 switch is very fast, close to the speed of layer-2 switch, at the same time, it is much lower than the same vro ".

After analyzing the above article, I think this viewpoint violates the basic principle of communication between the host and the default gateway. The article mentions that "when station A broadcasted an ARP request to the IP address of the" Default Gateway ", if the layer-3 Switching Module knew the MAC address of Station B during the previous communication, then the MAC address of B is returned to the sending Site. Otherwise, the layer-3 Switch module broadcasts an ARP request to Site B based on the routing information ". In fact, when station A sends an ARP request from the gateway IP address to the layer-3 Switch module, the ARP request does not contain the IP address of Station B, the layer-3 Switch module only replies the MAC address corresponding to its IP address to Station A, and does not reply to station A's MAC address. This is one of the errors.

To put it back, even if the layer-3 Switch module replies to the MAC address of Station B, because Station B and station A are not in the same subnet, station A will not encapsulate the destination MAC address of Station B in the Ethernet frame to be sent by Station. This is error 2.

In addition, the layer-3 Switching Module receives the Ethernet frames sent from Station A to Station B. The layer-3 Switching Module extracts the IP addresses of Station B from the IP packets of the Ethernet frames and searches the route table, find the next hop of Station B. If Station B and a layer-3 switch interface are in the same network segment, the layer-3 Switch broadcasts ARP requests to the IP address of the B station, the MAC address of Station B can be learned from the ARP response of Station B. If an interface of Station B and layer-3 switch is not in the same network segment, there are several hops between them, the layer-3 Switch module only broadcasts ARP requests to the next hop IP address. The next hop ARP responds to the MAC address of the next hop IP address. The layer-3 Switch module does not know the MAC address of site B. This is error 3.

To achieve the goal of "routing once, everywhere switching" or "Layer 2 Switching Based on the destination MAC address, the communication mechanism between the existing host and the default gateway or the routing rules of the layer-3 switch must be changed. In other words, the existing communication mechanism must be replaced by a new communication mechanism between the host and the default gateway. Just like the Fast IP technology of 3Com. In the actual network, both the host and the layer-3 switch work well, without any changes to the host or the original network facilities. When the third-layer Switch replaces the traditional router, the traffic forwarding performance between subnets has been improved unprecedentedly. This is not the result of changing the forwarding mechanism of the switch to the layer-3 packet, that is, the result of "one route, switch everywhere" or "layer-2 switch based on the target MAC address, instead, layer-3 switches quickly forward layer-3 packets based on hardware.