Multi-layer switching technology makes routers "smart"

Over the years, the traditional router processing speed has been a lot of growth, but still not enough to keep up with the pace of strong applications.

For example, they can now forward nearly 1 million packets per second. But considering a Gigabit Ethernet interface that can send 1,488,000 packets (PPS) per second and receive packets at 1,488,000pps speed, 2000 Gigabit Ethernet ports can easily overload the system. In contrast, multilayer switches/routers forward packets at wire speed, and the switching ASIC exists in a distributed manner, allowing the entire system to deliver traffic efficiently.

These new switches/routers use a new network design and management model. In the implementation of wire-speed forwarding today, blocking points can be effectively eliminated, users distance from the data can be further away, and do not have to worry about performance degradation. The stock trader we mentioned in the previous example can now connect to a server or network data that is several floors or hundreds of miles away from itself, depending on the type of interface supported by the switch/router and the copper or fiber type used. In addition, new IP and optimized Ethernet routers are easier to manage, and managers spend only a small amount of time keeping the network synchronized with new applications. Like the Bigiron Chassis series products, they can simply transfer all the traffic from the application, at the same time, can add more modules to meet the requirements of capacity and speed increase.

To determine the type and capacity of network traffic, a new packet sampling technique is built into today's ASIC to provide monitoring of the overall system traffic. RFC3176 or Sflow is now becoming an increasingly popular way to provide business and service providers with real-time monitoring of all application traffic in the network--indicating the bandwidth required for traffic, the whereabouts of traffic, and so on. It can be said that Sflow allows enterprises to better monitor the use of network resources across multiple departments, to identify illegal wireless and wired applications in the network and to detect and deter denial of service (DoS) attacks before network performance is compromised. Now, for those enterprises that attach great importance to security, RFC3176 is rapidly becoming a necessary requirement.

Multi-layer switch/router features are no different from traditional routers and switches, and they simply centralize decentralized local area networks (LANs) and metropolitan Area Network (WAN) functionality in a single device. They enable local exchange (that is, layer 2nd Exchange) between users of the same group, implement routing between different groups of users (that is, layer 3rd Exchange or routing), and provide security features and special services (i.e., layer 4th Exchange) for applications.

Routers are ideal security "checkpoints" because they are portals and exits of the network. After you create a complex rule called an Access Control List (ACL) on a router, the router checks each packet against this set of rules. For traditional routers, it is a time-consuming process to check packets based on security rules. When the router finds information on layers 3rd and 4th in each packet, it must compare the information to the rules. The ability to enable security filtering has always been a nightmare, which slows down the speed of routers. Therefore, when the impact on performance is too high, special devices are needed to share the workload.

Even multilayer switched routers face challenges when performing this function (while maintaining wire-speed performance). Some newer switches/routers slow down when security is enabled. However, most new types of switches/routers have integrated these security policies into the hardware, and therefore can provide wire-speed forwarding performance even when ACLs are enabled. Security and traffic analysis using multi-tier switches/routers is becoming increasingly popular, mainly because device vendors place this technology within a multi-tiered switch/router. More and more network devices are being integrated into the same device. This will no longer require separate hardware to monitor traffic or certain aspects of security, which can be of great benefit to SMB users.