Layer-4 switch technical principles and product recommendations

The layer-4 switch inherits the features of the layer-3 Switch and adds other features. Here we analyze the basic knowledge and Principles of the layer-4 switch, and the development of the Internet is always changing. In recent years, with the popularization of Mbit/s, Gbit/s, and even Mbit/s LAN, the wide application of Broadband LAN and even Bandwidth WAN has led to the continuous development of switch technology.

With the rapid development of Internet, the use of e-commerce, e-government, e-trade, e-futures and other online trading methods accelerates logistics and capital flow turnover while accelerating the rapid increase of information, this puts a great deal of pressure on the Network Information Center server, so that the general need to ease the pressure on the network core system is too high. To this end, the industry has to begin to consider the fourth-layer switch concept to meet the requirements of policy-based networking, advanced QoSQuality of Service: Service quality) and other Service improvements.

I. What is a layer-4 switch?

A simple definition of layer-4 switch is: it is a function, so it is not so much a hardware network device as a software network management system, in other words, it is a kind of network management and exchange equipment that focuses on software technology and supplemented by hardware technology. It decides that the transmission is not only based on the Layer 2 Bridge of the MAC address) or the Layer 3 route of the source/Target IP address), but also based on the layer 4 of TCP/UDP) application port number. The layer-4 switching function is like a virtual IP address pointing to a physical server. Its transmission services are subject to a variety of protocols, including HTTP, FTP, NFS, Telnet, or other protocols. These services require complex load balancing algorithms based on physical servers. In the IP address world, the service type is determined by the TCP or UDP port address of the terminal. The application interval in the layer-4 switch is jointly determined by the source and terminal IP addresses, TCP and UDP ports.

Some people think that the so-called layer-4 switch is actually adding the ability to identify the layer-4 protocol port on the layer-3 Switch, only adding some value-added software on the layer-3 switch, as a result, it does not work on the transmission layer, but still performs exchange operations on the third layer, but is more sensitive to the third layer exchange. It fundamentally denies the key technology and role of the fourth layer exchange. We know that the layer-2 802.1p field of the data packet or the layer-3 IP ToS field can be used to distinguish the priority of the data packet itself. We say that the layer-4 switch is based on the layer-4 Data Packet Exchange, this means that it can analyze the data packet application type based on the layer-4 TCP/UDP port number, that is, the layer-4 switch not only has all the switching functions and performance of the layer-3 switch, it also supports smart functions that are impossible for layer-3 switches to control network traffic and service quality.

Ii. layer-4 switch Technical Principles

The fourth layer of the OSI model is the transport layer. The transport layer is responsible for peer communication, that is, coordinated communication between the network source and the target system. In the IP protocol stack, This is the protocol layer of TCP transmission control protocol) and UDP User Datagram Protocol. In Layer 4, the TCP and UDP headers contain port numbers), which uniquely differentiate which application protocols are contained in each packet, such as HTTP and FTP ). The endpoint system uses this information to distinguish packet data, especially the port number, so that a computer system at the receiving end can determine the type of the IP packet it receives and hand it over to appropriate high-level software. The combination of the port number and the IP address of the device is usually called "socket )". The latest list of allocated port Numbers can be found in RFC 1700 "Assigned Numbers.

The additional information provided by the TCP/UDP port number can be used by the network switch, which is the basis for layer-4 switching. Vswitches with layer-4 functions can act as the front-end of the "virtual IP" VIP) connected to the server. Each server and server group supporting a single or common application is configured with a VIP address. This VIP address is sent and registered on the domain name system.

When a service request is sent, the layer-4 switch identifies the start of a session by determining the start of TCP. Then it uses complex algorithms to determine the best server for processing this request. Once this decision is made, the switch associates the session with a specific IP address and replaces the VIP address on the server with the real IP address of the server.

Each layer-4 switch stores a source IP address that matches the selected server and a connection table associated with the source TCP port. The layer-4 switch then forwards the connection request to the server. All subsequent packets are reinjected and forwarded between the client and the server until the switch discovers a session. When layer-4 switching is used, the access can be connected to a real server to meet user-defined rules, for example, the number of connections on each server is equal or the transmission stream is allocated based on the capacity of different servers.

3. layer-4 switch product recommendation

The fourth layer switch has a common name in the industry called "Application Switch", the more famous are F5 company BIG-IP 2400 series and Radware company Web Server ctor. Of course, these two application switches are expensive at the same time. As the best layer-4 switch in the industry today, BIG-IP 2400 integrates F5's brand new Packet Velocity ASIC to speed up site response and process up to 250000 layer-4 IP addresses and ports per second) request.

BIG-IP 2400 application traffic management running on the BIG-IP hardware platform can provide all IP-based applications and Web services with previously only Web applications can enjoy the traffic management function. In any network environment, BIG-IP can accurately, securely, economically and efficiently create and provide all IP-based applications or Web services through its powerful Universal check Engine Universal Inspection Engine) and iRules. Ensures the high availability and normal running time of all IP applications, and creates a controllable execution point to control all traffic forward-looking security, so that servers and applications can respond in a timely and accurate manner, no additional hardware, software, or other IT resources are required. It can also intercept, inspect, convert, and guide requests based on header or valid load values to ensure business continuity, security, and outstanding performance.

With full flexibility, you can allocate traffic to the server group and data center. This allows you to seamlessly add servers and handle increasing traffic volumes, so as to achieve service growth economically, the cost-effective service extension Web Server ctor can manage the bandwidth allocation of Server clusters by ip address, application, and content, thus ensuring the best service level, this ensures key task applications and optimizes the performance of all enterprise services, and allows priority control over service levels. With Configware Insite, You can monitor all server operations in an all-round way, this allows you to view Real-time or historical performance statistics of IP applications, locate problems accurately, and manage operations.

Conclusion: the establishment of an internal external network system that is high-speed, broadband, stable, reliable, and able to integrate security and confidentiality among other new requirements is the current trend of enterprise network development. With the development of high-rise switches, the result is that the current high-rise software exchange technology is replaced by dedicated hardware technologies, or new technologies combined with hardware and software technologies. It is foreseeable that in the future, the high-rise switches will focus on the ISO layer-7 Standard and unify the Traditional discrete network devices, this not only greatly improves the data distribution, transmission and exchange capability and speed of the network system, but also reduces equipment costs, simplifies network management, and optimizes the networking process, the layer-7 Application layer plays an important role in the management and control functions of high-level switches.