The emergence of 10-ge switches completely realizes the convergence of private networks to the public network, and it can provide a throughput of more than one thousand G in one second, which is not supported by traditional switches. As compatible with the latest Ethernet technology, 10-Gigabit Ethernet is not only a "high-speed rebuild" of Ethernet. For the first time, 10-Gigabit Ethernet technology was proposed, this is the first time that a private network is integrated into a public network.
As a core network device, 10-Gigabit Ethernet switches not only support 10-Gigabit access modules on existing 1-gigabit Ethernet switches, but also require a new generation of system design, this includes updates from the switch architecture, the second/third layer technology, to the next generation IPv6 default support and effective bandwidth management.
In recent years, Ethernet technology, from LAN to man, from man to Wan, is occupying more and more markets at an astonishing speed, especially in Enterprise Networks and operator networks, ethernet technology is increasingly becoming an uncontroversial choice. From fast Ethernet to Gigabit Ethernet and then to 10 Gigabit Ethernet, technical updates meet the needs of high-speed Bandwidth growth and new-generation applications brought about by the new generation of Internet technology. Let's take a look at the next-generation technology in 10-Gigabit Ethernet switches.
Distributed Exchange System
A user invests in purchasing a 10-Gigabit Ethernet switch because it needs to be able to process data packet forwarding at the same speed under any circumstances and can process a new generation of Internet applications, such as Multicast Applications, streaming media applications, IP speech, and next-generation Internet IPv6 applications; at the same time, the switch also needs to provide the best investment protection, occupy the least Rack Space, save power as much as possible, and be able to see the user's traffic.
Apparently, a Gigabit Switch cannot accommodate high-capacity 10-Gigabit port line rate forwarding. Currently, a Gigabit Switch can only provide dozens to hundreds of Gbps Throughput, the next-generation 10-Gigabit switch can handle more than one thousand Gbps of throughput per second. Because such a large data throughput cannot achieve line rate forwarding with the highest CPU, we need a dedicated network integrated circuit chip (ASIC ), at the same time, you need to distribute data forwarding tasks to various modules. The distributed system has different implementation methods. One is to transfer common tasks to a local module in the traditional switch technology, which can use the local switching matrix, the entire switch Switching Matrix can also be used, but such an approach is obviously not the best; another approach is to thoroughly distribute all data-forwarded tasks to each module and implement it using the local large-capacity Switching Matrix. Therefore, the large-capacity distributed switching structure is the most effective. 10-ge switches should not only provide large-capacity backplane switching matrices, but also large-capacity Local switching matrices, non-blocking parallel switching matrix is currently the most advanced technology.
ASIC and FPGA chip
At the same time, ASIC provides dedicated chips instead of CPUs for data forwarding. The ASIC's measure is to process all traffic forwarding at the chip level as much as possible, but the problem is that the switch cannot be modified once the ASIC is designed. Therefore, we will choose to process as many data forwarding design products as possible. We will consider IPv4 packet exchange and routing, IP multicast packet, whether chip-level data delivery and service quality assurance (QoS) can be achieved, whether chip-level data speed limiting can be achieved, whether multiple methods of data speed limiting can be implemented, and credit-based instead of door-to-door methods can be adopted, whether it can implement policy routing, whether it can implement access list control (ACL), whether it can implement next-generation IPv6 exchange and routing, or even whether it can collect data traffic at the chip level. The excellent ASIC design reflects the highest technology of switch design.
However, the distributed switching system and excellent ASIC Technology are far from enough, because the ASIC Technology cannot be changed once implemented, new technical standards and new application modes will be fully processed by the CPU, which often results in performance loss and business pain for users. The solution can be to purchase a new generation of ASIC design modules, but hardware upgrades may result in expensive additional investment. The latest 10-ge switch will use field-Programmable Gate Array Chip (FPGA) to solve this defect, and upgrade the new standard to hardware, providing the best protection for user investment.
Resolve Conflicts
As a result, it seems that all the problems have been solved. Because each module of a vswitch is an organic whole and they are an organic whole with the central management module, the distribution and maintenance of Internet routing information requires the participation of each module, and there will always be such problems: because the addressing of the local hardware chip is insufficient and the participation of the central management module is required, the performance of the switch will be compromised.
How does the latest 10-ge switch solve this problem? There are two main ways: one is to separate the control channel from the data forwarding channel, and the other is to use high-performance CPU to participate in each interface module. The separation of control channels and data forwarding channels is to implement two different parallel crossover matrices on the vswitch. In this way, the backplane capacity we mentioned will be fully used for the use of data channels, while also ensuring the security of the hardware of the 10-Gigabit switch, the local high-performance CPU participation makes the central management module never process data forwarding involving various interfaces, so as to implement a true distributed architecture. Of course, there are still many factors involved in the architecture of 10-Gigabit Ethernet, such as the large-capacity SDRAM and TCAM (which can achieve more than 1 billion searches in one second), such as whether the local routing method is based on the topology drive.
More importantly, whether the 10G switch software adopts the multi-thread mode and whether the software provides the latest two/three layer technical standards. These two/three layer technologies include the latest requirements of the next generation network, such as link binding Based on 10-Gigabit Ethernet ports, whether to provide various technologies for Fast Link redundancy, whether to provide security technologies from Port Security to various user authentication, whether to provide complete IPv4 and IPv6 specifications, whether to provide fast BGP routing technology, whether redundant routing protocols are provided, whether two or three layers of security features are provided, whether the protection of switch attacks is provided, whether the Intelligent Protection of switch CPU is provided, and whether all these features are implemented by hardware.
Complete IPv6 specifications
IPv6 provides a variety of devices to access the Internet, not just PCs and servers, but also overcomes some of the current IPv4 defects. The combination of 10G Ethernet and IPv6 is the only way to build a new generation of high-performance network in the future. There are usually three ways to implement IPv6: using software on the current vswitch, or using a new hardware module to insert it into the existing system, so as to enhance the forwarding performance of IPv4/IPv6; or a brand-new IPv6 10-ge switch.
Security and Traffic Management
Security and network traffic management are currently the most important topics for users. As a backbone device, you not only need to consider the security of the device itself, but also provide user prevention. That is to say, you must be immune and provide powerful blocking measures to protect network users, all defense measures should be implemented based on hardware. However, all security measures are based on known attack methods and security vulnerabilities. If we cannot monitor the entire network, security will not be a complete feature.
Taking into account the high-speed forwarding of 10-ge switches and routes, the previous method of collecting traffic by CPU will not work, and the integrated distributed traffic collection system in ASIC brings an innovation of 10-ge switches. SFlow is an advanced traffic management specification. It can provide both IPv4 data and IPv6 data. If we can provide all the traffic of all devices without affecting the performance, we can easily observe the network traffic, which can be the activity of a specific user on a port, it can also be abnormal traffic on the current network. A distributed traffic monitoring system is like a road monitoring system in the dark. It is hard to imagine the consequences of a traffic management system lacking in a core backbone device.
Test
To measure the throughput of A 10-ge switch, first test whether it can reach the line rate forwarding throughput and observe the end-to-end transmission delay, an excellent 10-ge switch should be able to forward data packets at no speed and without loading key applications (such as Multicast Applications, IPv6 applications, and large-capacity access list control, in addition, the end-to-end data latency is minimized. Second, to measure the performance of 10-ge switches, test key protocols, such as BGP4 capacity, route convergence, and route fluctuation. Test the attack prevention characteristics and test the key features of traffic management. Redundancy testing is also very important. Redundancy includes the redundancy of hardware systems and software features. It can be said that selecting a 10-ge Ethernet switch is not only a few single functions, but also a comprehensive evaluation of the system selection.