Layer-4 switches are widely used in daily life. What are the differences between layer-4 switches and layer-2 switches? What are the advantages of layer-4 switches over previous switches? The following is a detailed description.
As mentioned above, layer-2 switching devices rely on the MAC address and VLAN tag information of the 802.1Q protocol to complete the link layer switching process, layer-3 switching/routing devices use IP address information for network path selection to complete the switching process, the layer-4 switching device uses the packet header information of the transport layer to help information exchange and transmission.
That is to say, the specific content described in the switch information of the layer-4 switch is essentially all the protocols or processes contained in each IP packet, such as HTTP for Web transmission and FTP for file transmission, telnet for terminal communication, SSL for secure communication, and other protocols.
In this way, the layer-4 Exchange Protocol is generally used in an IP network, in fact, TCP is used for connection-based conversations, such as FTP) and UDP is used for connectionless communication, for example, SNMP or SMTP. Because the packet headers of TCP and UDP packets not only include the domain "port number", it also specifies the type of network data of the packets being transmitted.
Using this information port number related to a specific application), you can complete a large number of quality services related to network data and information transmission and exchange, among them, the following five important application technologies are worth noting, because they are the main technologies widely used by layer-4 switches.
(1) packet filtering/Security Control: In most routers, using layer-4 Information to define filtering rules has become the default standard. Therefore, many routers are used as packet filtering firewalls, this firewall not only allows or disables connection between IP subnet.
You can also control the communication between specified TCP and UDP ports. Unlike traditional software-based routers, layer-4 switching is different from layer-3 switching, that is, this filtering capability is implemented in ASIC dedicated high-speed chips, so that the security filtering control mechanism can be implemented at full speed, greatly improving the packet filtering rate.
(2) Service Quality: in the hierarchy of the network system, the layer-4 TCP/UDP information is often used to establish application-level communication priority permissions. Without the layer-4 switch concept, the service quality/service level must be subject to the information provided by layer-2 and layer-3, such as the MAC address, switching port, IP subnet, or VLAN.
Obviously, in information communication, priority of emergency applications cannot be discussed because of the lack of layer-4 Information, which will greatly prevent the rapid transmission of emergency applications on the network. The layer-4 vswitch allows a combination of application services based on the destination address and destination port number to differentiate the priority. Therefore, an emergency application can obtain high-level services of the network.
(3) Server Load balancer: layer-4 information is crucial when multiple servers with similar service content provide balanced traffic load support. Therefore, layer-4 switches are an important application in the core network system for server load balancing.
The server load balancing method supported by the layer-4 switch is to attach an IP address of the Server Load balancer service to a set of different physical servers to provide the same service together, and define it as a separate virtual server.
This virtual server is a logic server with a separate IP address. User data streams only point to the IP address of the virtual server, instead of directly communicating with the real IP address of the physical server. Only after the network address is converted to NAT by the switch), the server that has not registered an IP address can be accessed. Another advantage of this definition of virtual server is that, after hiding the actual IP address of the server, it can effectively prevent unauthorized access.
The virtual server is defined based on the layer-4 TCP/UDP port number of the application service, so that the independent server can be a member of the virtual server. Using the layer-4 dialog mark information, the layer-4 switch can use many Load Balancing Methods to convert communication traffic in the virtual server group, among them, OSPF, RIP, VRRP and other protocols are consistent with line rate switching and load balancing.
The layer-4 switch can also use the complex mechanism provided by the TRLTransaction Rate Limiting function to curb or reject services of different application types based on traffic characteristics. You can use the CRLConnections Rate Limiting function to enable the network administrator to specify the number of connections allowed within the specified time to ensure QoS. you can also use the SYN-Guard function to make sure that valid connections that meet the TCP protocol can be used to query network services.
(4) host backup connection: the host backup connection provides redundant connections for Port Devices to effectively protect the system in the event of a switch failure. This service allows you to define a Master/Slave switch, as defined by a virtual server, they have the same configuration parameters.
Because the layer-4 switch shares the same MAC address, the backup switch receives the same data as the master unit. This enables the backup switch to monitor the communication content of the master switch service. The primary switch continuously notifies the backup switch of data, MAC data, and its power status at Layer 4. When the primary switch fails, the backup switch automatically takes over without interrupting the conversation or connection.
Layer 4 switch provides more detailed statistics by querying Layer 4 data packets. Because the administrator can collect more detailed information about which IP address to communicate with, and even collect communication information based on which Application Layer Service is involved in the communication. When the server supports multiple services, these statistics are particularly effective for examining the load of each application on the server. The added statistical service is also useful for Server Load balancer connections using vswitches.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
