Layer-4 Switching Technology

The layer-4 switch stores a connection table that matches the selected server's source IP address and the source TCP port. Then, let's take a look at the layer-4 exchange technology, I hope to help you.

A simple definition of layer-4 switching is that it is a function that determines that transmission is not only based on the MAC address (layer-2 Bridge) or the source/Target IP address (layer-3 route ), based on the TCP/UDP (Layer 4) application port number. The layer-4 switching function is like a virtual IP address pointing to a physical server. Its transmission services are subject to a variety of protocols, including HTTP, FTP, NFS, Telnet, or other protocols. These services require complex load balancing algorithms based on physical servers.

In the IP address world, the service type is determined by the TCP or UDP port address of the terminal. The application interval in the layer-4 switch is jointly determined by the source and terminal IP addresses, TCP and UDP ports. In the layer-4 switch, a virtual IP address (VIP) is set up for each server group for search. Each group of servers supports an application.

Each application server address stored in the Domain Name Server (DNS) is a VIP address, rather than a real server address. When a user applies for an application, a VIP Connection Request (such as a tcp syn Packet) with the target server group is sent to the server switch.

The server switch selects the best server in the group, replaces the VIP in the terminal address with the actual Server IP address, and sends the connection request to the server. In this way, all packets in the same range are mapped by the server switch and transmitted between the user and the same server.

The fourth layer of the OSI model is the transport layer. The transport layer is responsible for peer communication, that is, coordinated communication between the network source and the target system. In the IP protocol stack, This is the protocol layer of TCP (a Transport Protocol) and UDP (user data packet protocol. In layer-4, the TCP and UDP headers contain port numbers, which uniquely differentiate which application protocols (such as HTTP and FTP) are contained in each packet ).

The endpoint system uses this information to distinguish packet data, especially the port number, so that a computer system at the receiving end can determine the type of the IP packet it receives and hand it over to appropriate high-level software. A combination of port numbers and device IP addresses is usually called "socket )".

The port numbers between 1 and 255 are retained. They are called "well-known" ports, that is, these ports are the same in all TCP/I P protocol stack implementations of the host. In addition to the "well-known" port, standard UNIX services are allocated between port 256 and port 1024. custom applications generally allocate port numbers over port 1024. You can find the latest list of allocated port Numbers on RFC1700 "Assigned Numbers.

How to choose a layer-4 Switch

(1) Speed

To be effective in Enterprise Networks, layer-4 switching must provide comparable performance with layer-3 line rate routers. That is to say, layer-4 switching must operate on all ports at full-media speed, even on multiple Gigabit Ethernet connections. The Gigabit Ethernet speed is equal to the maximum speed of 1488000 packets per second (assuming the worst case, that is, all packets are the minimum size defined by the network and are 64 bytes long ).

(2) server capacity balancing algorithm

Based on the desired capacity balancing interval, there are many algorithms for layer-4 switches to allocate applications to servers, there are simple detection loop recent connections, detection loop latency, or detection server closed loop feedback. Among all predictions, closed-loop feedback provides the most accurate detection that reflects the current business volume of the server.

(3) Table capacity

It should be noted that the switch for layer-4 Switching requires the ability to differentiate and store a large number of sending table items. This is especially true for vswitches at the core of a CEN instance. The size of many second/third-layer switches tends to be proportional to the number of network devices.

For a layer-4 switch, this quantity must be multiplied by the number of different application protocols and Sessions used in the network. Therefore, the size of the table to be sent increases rapidly as the number of device and application types increases. Layer-4 switch designers need to consider this growth when designing their products. Large table capacity is critical to manufacturing high-performance switches that support line rate transmission of layer-4 traffic.

(4) Redundancy

The layer-4 switch supports the redundant topology. When there is a dual-link network card with fault tolerance connection, it is possible to establish a completely redundant system from a server to the network card, the link and the server switch. The management method of the network management switch.

A serial port cable is attached to a network management switch for management. First, insert one end of the serial port cable into the serial port on the back of the switch, and the other end into the serial port of the general computer. Connect the vswitch to the computer. "Super Terminal" programs are provided in Windows 98 and Windows 2000. Open "Super Terminal". After setting the connection parameters, you can use the serial port cable to interact with the switch, as shown in figure 1. This method does not occupy the bandwidth of A vswitch. Therefore, it is called "Out of band ).

In this mode, the switch provides a menu-driven console interface or command line interface. You can use the "Tab" key or the arrow key to move the menu and sub-menu, press the Enter key to execute the corresponding command, or use a dedicated switch to manage the switch. The command sets of vswitches of different brands are different. Even vswitches of the same brand have different commands. It is more convenient to use menu commands.

A network management switch can be managed through a Web browser, but an IP address must be specified for the switch. This IP address is not used unless used by the Management Switch. By default, a vswitch does not have an IP address. You must specify an IP address through the serial port or other methods before you can enable this management mode.

When you use a Web browser to manage a vswitch, The vswitch is equivalent to a Web server, but the webpage is not stored in the hard disk, but in the nvram of the vswitch. You can upgrade the Web program in NVRAM through a program. When the Administrator enters the IP address of the switch in the browser.

A vswitch transmits a webpage to a computer just like a server. It feels like you are visiting a website, as shown in figure 2. This method occupies the bandwidth of A vswitch, so it is called "In band". If you want to manage a vswitch, you only need to click the corresponding function item on the webpage, in the text box or drop-down list, you can change the switch parameters. Web management can be implemented on the LAN, so remote management can be implemented.

1. Let's talk about the "potential rules" of the security switch"
2. Summarize the market status of high-end Switches
3. Security risks of LAN switches
4. PythonAndroid analyzes the differences and relationships between layer-3 switches and other layer Switches
5. Measure the Power Consumption Characteristics of LAN switches.