Layer-3 Switching Technology and Its Application in VLAN subnet Planning

In the traditional campus network mode, network interconnection is generally a multi-level switch connected to one or more trunk switches. The switches communicate with each other through routers, traditional routers work at the network layer of the OSI model and perform route computing and packet forwarding based on software. With the expansion of the campus network, the increase of users, and the rapid development of various IP-based applications (such as video conferencing and Distance Education, traditional routes are increasingly becoming a bottleneck in campus network security management and traffic control, while traditional switches have fast processing capabilities. However, it is essentially a multi-port bridge that inevitably produces broadcasting and cannot implement routing. To solve this conflict, network vendors have proposed the idea of layer-3 switching.

Working Principle and functions of layer-3 Switching Technology

A traditional router works at the network layer of the OSI Layer-7 model. When it receives any data packet (including a broadcast packet) in the network, it removes the information on the second layer (data link layer) of the packet, view information on the third layer. Then, determine the route of the data packet based on the route table, encapsulate the second layer of information, and finally forward the data packet. The bottleneck of a router is that it is a connectionless device and its working mechanism makes it a forwarding and forgetting network device. Even all data packets sent from the same source address to the same destination address must repeat the same routing process, which makes it impossible for the router to have a high throughput. In addition, the complex processing and powerful functions of a router are mainly implemented by software, which inevitably makes it a network bottleneck.

With the development of the routing technology, the exchange technology, which is one of the solutions for network transmission bandwidth, has developed rapidly. The exchange network is a network system centered on switches. The network switches and multi-port bridges are very similar because they all work at the data link layer. When the network switches transmit data between different ports, they are also the destination MAC address based on data packets. The realization of a vswitch usually adopts a full hardware structure and is fast, but it does not have the ability to isolate broadcast data packets like a bridge.

LAYER3SWITCHING is an emerging network interconnection technology that integrates the advantages of the above two technologies, also known as layer-3 switching technology. If you only consider IP, it is called IP exchange technology. Layer-3 Exchange routers use an ASIC chip that integrates the routing processing function on the basis of the dedicated data packet forwarding function, and combine the high-speed forwarding of the traditional layer-2 switch with the router routing function, the implementation of line rate routing solves the bottleneck of the router. There are two types of L3 switching technology solutions: Core-based and edge-Based Multi-layer Hybrid Switching. The former represents cisco's netflow switching and tagswitching switching, emphasizing the speed of the switch core layer, and completely using ASIC hardware to achieve routing and switching at line speed, the latter represents the fast ip of 3com, and the virtual fast Security Network of cabletron. The method used is to route the network at the first layer, then, the second layer switches the end-to-end network stream data group. This is the policy of "one route, then switch.

The powerful functions of the layer-3 Exchange router are as follows:

(1) routes are calculated based on the L3 protocol. The supported routing protocols include r1_1, V2, and OSPF.

(2) supports IGMP, DVMRP, and other common IP multicast protocols. When a vro receives a multicast packet, it first forwards the packet to the VLAN that contains the multicast group members, then, the packet is forwarded to the port of the multicast group member.

(3) Quality of Service Q OS: the packets are given a specific priority. packets with different priorities are sent to different queues for forwarding.

(4) supports standard SNMP Network Management Protocols and traditional command line interfaces (CLI ).

(5) Multiple partitioning policies for virtual networks. In particular, it not only supports traditional port-based VLAN division, but also supports VLAN division based on IP addresses, subnet numbers, and protocol types, this brings great convenience to campus network management.

Therefore, the new layer-3 Exchange router is used as the main device in the LAN of the campus and building. In addition to providing high bandwidth for packet forwarding and the above functions, it also provides security, monitoring, management, and Configuration Services.

Application of layer-3 switching router in Virtual Network Planning

I. VLAN and Planning Policy

Virtual Local Area Network (VLAN), also known as Virtual Network, is defined as a location-independent LAN broadcast domain in terms of Network management. VLAN technology is generated with the emergence of the exchange technology. It has the following benefits to divide several virtual subnets in a campus network:

1. Isolated broadcast. After dividing the virtual subnet, all broadcasts will be confined to the subnet of the current VLAN, which effectively increases the overall effective bandwidth of the network and isolates the broadcast storm of the network.

2. easy assignment and management of working groups. After virtual networks are divided, the working groups are no longer limited to their physical locations, but can be divided according to their functions, so as to achieve the independence between the physical structure of the network and the virtual subnet.

3. Enhanced network security. Because of the logical independence of VLAN subnets, you can define security policies for each virtual network based on actual conditions to effectively avoid illegal intrusion and improve the security of each virtual network.

Before the launch of the layer-3 switch, the switch provides only two VLAN division methods. The first is based on the port. That is, you can divide machines on one or more ports into one VLAN, which is similar to physical network segments and cannot implement location-independent virtual network configurations. The second is based on the MAC address. That is, the subnet is divided by the MAC address. This policy implements a location-independent virtual network. However, it is inconvenient to add or delete nodes in the subnet.

Layer-3 switching technology provides a new VLAN division method:

VLAN Based on IP address and policy. That is, we can divide subnets Based on the IP addresses of nodes or based on different packet protocols, which makes network management and applications more convenient.

II. Application of layer-3 switching in Campus Network VLAN Planning

Layer-3 switches are based on IP policies when dividing virtual networks. Therefore, physical network segments on the same port can be divided into different logical subnets; nodes of different physical network segments are divided into the same logical subnet, and traffic of subnet sub-points does not need to be routed. By fully utilizing the VLAN division methods provided by layer-3 switches, network administrators can get twice the result with half the effort. Specifically, in the division of the campus network virtual network:

The campus network can be easily divided into different departments in the school. Although the sites of a certain department in the school are distributed in different physical locations, the subnet is divided based on IP addresses, this allows the nodes of the same department in different physical network segments to be set to the same logical subnet, so that they are unrelated to physical locations.

For Network centers, financial departments and other key departments can use VLAN Partitioning technology based on traditional MAC addresses to prevent unauthorized nodes from appearing in the subnet.

Hybrid policies can be used for student dormitories that are scattered and have many physical subnets that are difficult to effectively manage, such as segmenting different logical virtual subnets on the same port or dividing subnets Based on MAC addresses, to minimize IP address theft and other security issues.

Conclusion

Layer-3 switching technology is a relatively new technology. Its architecture not only has a significant impact on improving the Intranet performance, but also affects the design concept of campus network routing in the future. It provides a new virtual network planning policy that greatly facilitates the management and application of networks.

Article entry: csh responsible editor: csh