Layer-4 vswitch basic knowledge and application principles

The layer-4 switch is currently one of the most commonly used switches. Here we mainly explain the basic knowledge and Principles of the layer-4 switch. With the rapid development of Internet, the use of e-commerce, e-government, e-trade, e-futures and other online trading methods accelerates logistics and capital flow turnover while accelerating the rapid increase of information, this puts a great deal of pressure on the Network Information Center server, so that the general need to ease the pressure on the network core system is too high.

I. What is a layer-4 switch?

A simple definition of layer-4 switch is: it is a function, so it is not so much a hardware network device as a software network management system, in other words, it is a kind of network management and exchange equipment that focuses on software technology and supplemented by hardware technology. It decides that the transmission is not only based on the Layer 2 Bridge of the MAC address) or the Layer 3 route of the source/Target IP address), but also based on the layer 4 of TCP/UDP) application port number. The layer-4 switching function is like a virtual IP address pointing to a physical server. Its transmission services are subject to a variety of protocols, including HTTP, FTP, NFS, Telnet, or other protocols. These services require complex load balancing algorithms based on physical servers. In the IP address world, the service type is determined by the TCP or UDP port address of the terminal. The application interval in the layer-4 switch is jointly determined by the source and terminal IP addresses, TCP and UDP ports.

Some people think that the so-called layer-4 switch is actually adding the ability to identify the layer-4 protocol port on the layer-3 Switch, only adding some value-added software on the layer-3 switch, as a result, it does not work on the transmission layer, but still performs exchange operations on the third layer, but is more sensitive to the third layer exchange. It fundamentally denies the key technology and role of the fourth layer exchange. We know that the layer-2 802.1p field of the data packet or the layer-3 IP ToS field can be used to distinguish the priority of the data packet itself. We say that the layer-4 switch is based on the layer-4 Data Packet Exchange, this means that it can analyze the data packet application type based on the layer-4 TCP/UDP port number, that is, the layer-4 switch not only has all the switching functions and performance of the layer-3 switch, it also supports smart functions that are impossible for layer-3 switches to control network traffic and service quality.

Ii. layer-4 switch Technical Principles

The fourth layer of the OSI model is the transport layer. The transport layer is responsible for peer communication, that is, coordinated communication between the network source and the target system. In the IP protocol stack, This is the protocol layer of TCP transmission control protocol) and UDP User Datagram Protocol. In Layer 4, the TCP and UDP headers contain port numbers), which uniquely differentiate which application protocols are contained in each packet, such as HTTP and FTP ). The endpoint system uses this information to distinguish packet data, especially the port number, so that a computer system at the receiving end can determine the type of the IP packet it receives and hand it over to appropriate high-level software. The combination of the port number and the IP address of the device is usually called "socket )". The latest list of allocated port Numbers can be found in RFC 1700 "Assigned Numbers.

The additional information provided by the TCP/UDP port number can be used by the network switch, which is the basis for layer-4 switching. Vswitches with layer-4 functions can act as the front-end of the "virtual IP" VIP) connected to the server. Each server and server group supporting a single or common application is configured with a VIP address. This VIP address is sent and registered on the domain name system.

When a service request is sent, the layer-4 switch identifies the start of a session by determining the start of TCP. Then it uses complex algorithms to determine the best server for processing this request. Once this decision is made, the switch associates the session with a specific IP address and replaces the VIP address on the server with the real IP address of the server.

Each layer-4 switch stores a source IP address that matches the selected server and a connection table associated with the source TCP port. The layer-4 switch then forwards the connection request to the server. All subsequent packets are reinjected and forwarded between the client and the server until the switch discovers a session. When layer-4 switching is used, the access can be connected to a real server to meet user-defined rules, for example, the number of connections on each server is equal or the transmission stream is allocated based on the capacity of different servers.

3. layer-4 switch product recommendation

The fourth layer switch has a common name in the industry called "Application Switch", the more famous are F5 company BIG-IP 2400 series and Radware company Web Server ctor. Of course, these two application switches are expensive at the same time. As the best layer-4 switch in the industry today, BIG-IP 2400 integrates F5's brand new Packet Velocity ASIC to speed up site response and process up to 250000 layer-4 IP addresses and ports per second) request.

BIG-IP 2400 application traffic management running on the BIG-IP hardware platform can provide all IP-based applications and Web services with previously only Web applications can enjoy the traffic management function. In any network environment, BIG-IP can accurately, securely, economically and efficiently create and provide all IP-based applications or Web services through its powerful Universal check Engine Universal Inspection Engine) and iRules. Ensures the high availability and normal running time of all IP applications, and creates a controllable execution point to control all traffic forward-looking security, so that servers and applications can respond in a timely and accurate manner, no additional hardware, software, or other IT resources are required. It can also intercept, inspect, convert, and guide requests based on header or valid load values to ensure business continuity, security, and outstanding performance.