Smart switch products and key points of purchase

Source: Internet
Author: User

The difference between a smart switch and a traditional switch is that it supports a dedicated "Blade" server with application functions, these include Protocol sessions, remote images, tape simulation, and Intranet file and data sharing. From an architecture with additional processing capabilities for each port and highly integrated bandwidth between blade servers, to a relatively simple architecture where each server is equipped with a dedicated processor, the architecture of the memory and the input and output functions used for communication between ports. Intelligent switching has many different architectures.

Different merchants use different names, such as "intelligent exchange", "application exchange", and "organization exchange", to make themselves stand out in the competition. Take Cisco's MDS9000 series as an example. There are blades that support applications such as Veritas Volume Manager and ibm san volume controller (SVC. These blades can coexist with other blades, including Fiber Channel ports and IP servers.

Five basic procurement principles for smart switches:

Principle 1: Monitoring and Management of networks and devices

Management is the basis of intelligent exchange. Generally, the network management system includes five functional domains, including performance, configuration, failure, billing, and security, this is the most basic and commonly used function. With the expansion of the user's network scale and the increase of network applications, real-time monitoring and maintenance of network operation conditions become very necessary. The network management system and intelligent switching equipment must work closely together.

Currently, there are two common types of network management systems. One is a common network management platform, such as HP OpenView. It provides a third-party network management platform that supports the discovery and simple monitoring of all SNMP devices. However, because the devices of various manufacturers have a large number of self-developed private MIB (Management Information Base) libraries, the general network Management platform cannot identify and manage them. Therefore, if you want to monitor, manage, and configure various devices in detail, you must perform secondary development. In recent years, the devices of various vendors have been updated quickly, but the cooperation with third-party universal network management platforms has been very limited, making it difficult for the general network management platform to manage devices of multiple vendors in detail.

The other is a network management platform developed by network equipment manufacturers, such as Cisco WORKS and Digital China LinkManager. It can monitor, configure, and manage the devices of the manufacturer in detail, it is highly practical and inexpensive. However, the problem is that such network management systems cannot be used to achieve unified management of devices across the network. Therefore, users often use multiple network management workstations to install different systems for separate management.

As users demand uniform network management for different devices, manufacturers are also considering more open ways to support network management, such as opening a private MIB library, the MIB library is written in full accordance with RFC to achieve interoperability between devices and network management systems of different vendors.

At present, the proportion of the Application Network Management System in large and medium-sized enterprise networks has been greatly increased. Therefore, when selecting a network, you cannot perform topology discovery, traffic monitoring, status monitoring, and other common network management functions, it also puts forward higher requirements for remote device configuration, user management, access control, and QoS monitoring.

In addition, to save IP addresses and simplify management layers, different vendors use stack or cluster network management technologies to manage multiple devices as one logical device. Users can also pay attention to such products.

Principle 2: Classification and processing of data of different application types

Another important manifestation of intelligent exchange is to automatically classify different types of data in the network and provide different transmission policies to ensure smooth operation of key applications, that is, QoS ).

Currently, common QoS technologies include IntServ (RSVP) and DiffServ.

The former uses the Resource Reservation method, that is, for each different application, the "End-to-End" dedicated channel is reserved on the network, to ensure that key applications enjoy dedicated bandwidth resources. Resource Reservation is a virtual leased line solution that ensures the transmission quality of key applications, but cannot achieve bandwidth sharing, which can easily lead to a waste of line resources, resource Reservation is only suitable for simple network topologies, such as point-to-point physical connections between routers. It is difficult to implement complicated and large enterprise networks, let alone man.

Therefore, it is recommended that users use DiffServ switches to achieve "end-to-end" QoS. To implement DiffServ QoS, all related switches on the user's network must support the 802.1p priority function.

Principle 3: Support for multimedia transmission

Vswitches support more and more functions and protocols dedicated to multimedia transmission, the most typical of which is multicast technology.

The Group Management Protocol IGMP has become a basic function required by smart switches. In addition to the RIP, OSPF, and other unicast routing protocols, layer-3 switches also support multicast routing protocols such as DVMRP, pim sm, and DM.

During multicast applications (such as video conferences), each switch can transmit group information throughout the network through the IGMP protocol, so that each switch can determine the members of each group, the multicast routing protocol can route multicast packets so that multicast packets can be transmitted smoothly over the network. Among them, DVMRP is equivalent to the RIP Protocol for unicast, suitable for small-scale network applications, while PIM is a protocol-Independent Multicast Routing Protocol, divided into intensive mode (DM) and Sparse Mode (SM. Dense mode is mainly applicable to scenarios with large network bandwidth and concentrated user distribution, such as the company's lan. Sparse Mode is mainly applicable to scenarios with small network bandwidth and sparse user distribution, for example, Wan or Internet.

Some switches are also configured with the Voice Gateway module, which enables the Ethernet switch to directly provide the VoIP function. However, such applications also need to separately deploy network cables and telephone lines on the client. If the client's VoIP gateway is used, you can transmit voice and data through a network cable. The two solutions are superior and inferior, and must be determined based on the actual situation.

Principle 4: User Classification and Access Control

User Classification, permission settings, and access control are also important functions of smart networks. Due to the refinement of enterprise management, different access permissions should be set for different network resources for different users.

Access Permissions can be set at the workgroup level or user level.

Access Control Based on VLAN and layer-3 switching is a workgroup-level access control. In addition to isolating broadcast and improving network performance, VLAN is used to isolate different working groups for easy and controllable mutual access. A layer-3 switch can implement cross-VLAN access. By using the access control list ACL, you can set the access permissions of devices with different VLANs or IP addresses for different network services.

For Smart Community broadband access applications, each user is divided into individual VLANs, which can also implement user-level authentication and access control. However, this method is only applicable to fixed access users, and cannot realize billing.

Currently, in broadband access networks and enterprise networks, AAA Technology (authorization, authentication, and billing) used in telecom operation networks, such as traditional RADIUS, PPPoE, and new user authentication functions such as 802.1x are integrated into smart switches to work with the authentication server to implement user-based authentication and access control.

For enterprise networks, user authentication, access control, and service authentication are usually performed when users access different network service resources, rather than access authentication on user access ports. Therefore, access control lists or RADIUS Authentication servers are commonly used to set different access permissions for related application service resources and implement authentication and authorization for users.

For broadband access networks, user authentication is required to control the port connection status. Generally, access authentication is implemented through "PPPoE + RADIUS" or "802.1x + RADIUS.

PPPoE is a mature authentication method. It encapsulates Ethernet frames through the PPP protocol and provides point-to-point connections over unconnected Ethernet networks. PPPoE is similar to the traditional dial-up access method. A user uses a dialing software to initiate a PPP connection request. The request passes through an Ethernet switch or DSL device and ends on the Access Gateway device of the centralized control management layer. The Access Gateway device is responsible for terminating the PPP connection and working with RADIUS to implement user management and policy control.

802.1x originated from the EAPOL 802.11 Protocol and is a recent Ethernet authentication technology. 802.1x is a standard defined by IEEE to address port-based access control.

802.1x authentication controls user access by enabling or disabling user access ports before and after authentication. Port-based network access control is used to authenticate and control access devices at the physical access level of LAN devices. User devices connected to physical ports can access resources in the LAN if they can pass authentication. If they cannot pass authentication, they cannot access resources in the LAN, which is equivalent to physically disconnecting. When the authentication is passed, the Remote Authentication Server can transmit information from users, such as VLAN, CAR parameters, priority, and user access control lists. After the authentication is passed, the user's traffic will be monitored by the above parameters.

802.1x requires the access switch to support the EAPOL Protocol. At least the passthrough of the message is supported, but most of the existing network devices do not. Although more and more vendors are beginning to provide smart switch products that support 802.1x, the development of the Protocol is limited to a certain extent because the protocol standards are not yet mature and the implementation methods of different vendors are different.

Principle 5: Prevent Network Attacks

To ensure that the core switch is not affected by DoS attacks, some vendors adopt the anti-attack technology in the firewall and IDS System in the core route switch, to ensure that the core switch is more stable and strong. This can especially defend against attacks from inside the network and improve system security. However, this technology is rarely used in edge switches.

Smart switch representative products:

3Com SuperStack 3 Switch 4400 easy to use

3Com's SuperStack 3 Switch 4400 smart Switch is easy to use and has rich functions. This product has a higher port density and is capable of assigning a higher priority service level for important business applications during data transmission over the network. In addition, the performance-price ratio of this product is the highest. It has twice the port density of the original solution, reducing the total cost of the product for the customer. Through the combination of SuperStack 3 Switch 4400 and other Gigabit Ethernet Switching Products, 3Com provides users with a complete set of advanced enterprise-level LAN Solutions.

Cisco Catalyst 3550 features

The Cisco Catalyst 3550 smart Ethernet switch is a stackable multi-layer switch product that improves network health through high availability, quality of service (QoS), and security. With a series of Fast Ethernet and Gigabit Ethernet configurations, Cisco Catalyst 3550 is suitable for enterprise and Metro access applications, enabling users to deploy smart network services with the simplicity of traditional LAN switching. The built-in Cisco Cluster Management Suite simplifies the deployment of the access layer and small backbone networks, and provides powerful Gigabit Ethernet connections with a full set of GBIC devices.

D-Link DES-6300 high speed switching and Routing

D-Link's DES-6300 is a three-tier switch for high-speed switching and routing. This product adopts a chassis design and integrates with features such as line rate data packet routing, packet switching, multi-port aggregation, and multi-level data service quality (QoS, it is particularly suitable for high-speed, high-port density, and department-level, backbone-level, and enterprise-level large backbone networks with multiple port types. This product has a wide range of ports to meet business expansion needs. At the same time, the fully modular design enables the product to support Ethernet/fast Ethernet, Copper Twisted Pair wires/optical fiber and other rich port options, and provides 7 expansion slots, traditional Ethernet can be smoothly transplanted to Fast Ethernet or Gigabit Ethernet. In addition, the module hot swapping feature allows the network to install and uninstall the port module at the same time without affecting the performance of the switch.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.