There are many things worth learning about edge switches. Here we mainly introduce a comprehensive description of the intelligent and performance of edge switches. If the edge devices of the network integrate QoS, rate limit, ACL, PBR, and sFlow into the hardware chip, the Intelligence will not affect the line rate forwarding performance of the basic layer 2 and Layer 3, therefore, the end-to-end smart network can be carried out on a large scale, so that the entire network not only has global connection capabilities, but also has global network intelligence.
From the past to the present, there have been several different ideas in the network design philosophy. Based on the two key points of tpassthrough and intelligence, the different degree of emphasis affects the Network Design: tpassthrough emphasizes connection capabilities, simple management, and low costs; intelligent emphasizes control and value-added capabilities, therefore, most of them are complex and cost-effective. In fact, the design is not competitive, only depends on the actual needs of users and budget. Therefore, the network architecture can be a layer-2 architecture with poor scalability, or a layer-3 architecture with high prices; most of the plans will strike a certain balance between the two, which leads to two different architectures-fold backbone network architecture and distributed backbone network architecture. The folding backbone intelligently shrinks to the upper-layer aggregation device, while the access device on the lower layer only emphasizes passthrough and wire speed. From the perspective of intelligent control, this is a centralized design.
The two architectures have significant differences on the network edge. The folding backbone uses layer-2 switching as the edge, while the distributed backbone uses layer-3 switching as the edge. If the intelligence of the network is determined simply by switching or routing, of course, layer-3 switching is better than layer-2 switching. However, as more and more businesses are activated on the same network, the intelligent problem of the network is no longer simply determined by Layer 2/Layer 3. More often, the ability to implement QoS, provide the ability to specify the access rate, the security shielding capability of ACL (Access Control List), the network traffic statistics and monitoring capability, and the support capability of Policy Routing (PBR, can more effectively determine the intelligence of the network. Therefore, the edge Layer 2 switching equipment in a foldable backbone is an edge Layer 3 switching equipment in a distributed backbone. Among the Layer 2 and Layer 3 switching equipment of many manufacturers, users can make clearer choices based on their actual business needs.
QoS execution capability
In multimedia services, data, voice, and images have different requirements for latency, jitter, and packet loss. In order to better execute multimedia services, it is best for users to add QoS tags to the data packets, edge switches, read QoS and execute them, or for untrusted sources, this method is used to classify duplicate rows, Mark QoS with duplicate rows, and execute them. QoS has a layer-2 CoS (Service level) or layer-3 IPPrecedence (IP priority level) in the past, but now it emphasizes the support capability of differential services (DiffSew. Therefore, edge switches play a critical role in end-to-end QoS support as QoS inbound or outbound sites. Hardware Support for DiffSew is one of the key features of edge switches.
Capability of specified access rate
Although the popularization of Gigabit Ethernet makes backbone networks have ample bandwidth, such resources are not inexhaustible. In addition, it is the most feasible method to control the effective use of edge bandwidth. Therefore, the edge switch interface should not only provide the setting capability of 10 Mbit/s, it is also necessary to provide speed limits based on port, priority, VLAN, and ACL classification, and it is best to enable inbound or outbound speed limits, ranging from kb to Gbit/s, the granularity is suitable for hardware chips, generally around K.
Survey on Application Smart edge Switches
It must be emphasized that the hardware processing requires that edge devices do not affect their ability to forward data packets at the wire speed due to the startup speed limit, which is an important performance indicator for edge devices. With the complete speed limit function without affecting network performance indicators, You can effectively manage network bandwidth resources.
Security shielding capability of ACL
In the network, the ACL not only allows network administrators to set network policies, but also allows or denies the control of individual users or specific data streams. It can also be used to enhance network security shielding. From simple PingtoDeath attacks and TCPSync attacks to more complex hacker attacks, ACL can be blocked. There are two types of ACLs: Standard ACL and Extended ACL. Whether the edge is a layer-2 switch or layer-3 switch, it is best to support standard ACL and Extended ACL, in order to distribute the security shield and policy execution capabilities of the network to the edge of the network.
Like speed limits, network devices should not only be able to execute complete ACL functions, including inbound and outbound capabilities, but must also emphasize the hardware processing capabilities. In this way, when the ACL is enabled, the ability of Layer 2 or Layer 3 switching devices to forward packets at the same time will not be affected.
Policy Routing Support
Generally, whether it is through the RIP, OSPF, BGP, or MPLS tag protocol, the route path is mostly determined by the destination address. Therefore, the network traffic cannot be effectively distributed, or set a policy for network traffic. However, the Policy Routing Capability is sometimes one of the necessary functions in today's diversified network environments. For example, in a large network operator (NSP) Environment, different users need to be connected to different Internet operators (ISPS); or in a campus network, users of teaching and research must be connected to high-speed network outlets, while those of dormitory networks are usually directed to low-speed outlets, so that traffic distribution will not affect the scientific research performance of campus networks, at the same time, through appropriate traffic distribution, high-speed/low-speed egress can be allocated to the corresponding traffic, so that the bandwidth application can be effectively allocated. Generally, routes cannot achieve this. Only by classifying the source address through the Policy Routing (PBR) and specifying the IP address of the next hop exit can the routing be achieved, this is also the difference between policy routing and General Routing: Route Selection Based on source address information, rather than Route Selection Based on target address information. A policy route can be used not only to select routes and distribute routes based on the user type, but also to specify routes or distribute routes based on the service type. The specific method is to look at the layer-3 IP address, the layer-4 IP port number, and different services to guide different routes. For example, you can classify the HTTP data streams of all port numbers 80 and direct them to a specific edge switch or cache server to use the Web cache mechanism, this greatly improves the user's Web response time and reduces the repeated traffic at the network egress. All of the above examples are only part of the policy routing function. In fact, its function is far more than this, because the policy routing can be directly specified at the bottom of the network device, and then through the general routing of the intermediate device, to reach the exit of the specified upper-end device, it does not start on the aggregation device in the middle. More often, in order to more effectively distribute the traffic, the Policy Routing will start on the access device. Like ACL, on the network devices that require policy routing, you must not only have complete and diverse policy routing support functions, but also emphasize that hardware processing capabilities can be enabled at the same time, the three-tier switch line rate forwarding capability is still available.
Network traffic statistics and monitoring capabilities
Traffic statistics and monitoring have become an important part of network construction. A simple idea is that if you cannot see the overall network traffic, how can you manage the entire network? If we provide high-performance bandwidth while fully understanding network traffic information, we can adjust network resources and policies at any time to make the network run smoothly, it also makes troubleshooting of network faults easy and fast. Therefore, a complete, full-network, and real-time network monitoring system is provided in the network, just like installing surveillance cameras everywhere on the cross-border highway network, allow traffic control personnel to take effective traffic diversion measures, and provide an important reference for Route expansion and planning through the complete statistical data.
In the past, due to the limitations of existing technologies, most of the traffic monitoring and statistics functions were only implemented using technologies such as SNMP, RMON, and RMONv2, it also has a considerable impact on the bandwidth usage of the network or the resource overhead of the network device. Therefore, the entire network cannot be covered, and real-time monitoring is not supported, it cannot be executed on high-speed networks such as Mbit/s, 1 Gbit/s, or even 10 Gbit/s ports. All of these make monitoring and statistics across the network unsatisfactory.
Recently, NetFlow and sFlow (RFC3176) stream-based traffic monitoring and statistics technologies have emerged on high-end network devices, including backbone, edge, L2, and L3 devices. These two technologies provide relatively complete traffic information, but they are still different: NetFlow expands to IPX and AppleTalk while providing more information, including VLAN statistics, MAC address statistics, and BGP Community statistics. Therefore, from the perspective of statistics and billing, NetFlow can provide more convincing information, but the relative overhead and cost are also high; from the perspective of Statistics and Monitoring, sFlow provides more information, the Analysis of traffic distribution, the future trend of traffic, the monitoring of abnormal traffic, and fault discovery and troubleshooting can all be achieved through the hardware chip at a wire speed at a relatively low cost, sFlow can therefore be directly built into the edge layer-2 or layer-3 switching devices to provide full-network and real-time network monitoring functions. This is an attractive value-added function for the entire network.
Like the above mentioned functions, sFlow traffic statistics and monitoring functions must also be processed by hardware, so as not to affect the two-layer or three-layer switching line rate performance of network devices. In terms of the concept of networking, whether it is to use a centralized foldable backbone, thus emphasizing the use of passthrough edge switches as edge access devices; or to use a distributed backbone, therefore, it is emphasized that smart layer-3 switching devices are used as edge access devices. Their intelligence should not be limited to the consideration of switching or routing capabilities, or only emphasize the ability of line rate switching or line rate routing, after all, this part is already the industry standard, and almost all manufacturers can achieve layer-2 switching and layer-3 routing devices.