This article needs additional citations for verification .(October 2009) |
A multilayer switch (MLS) is a computer networking device that switches on OSI layer 2 like an ordinary network switch and provides extra functions on higher OSI layers. The MLS was invented [1] by engineers at Digital Equipment Corporation.
Switching technologies are crucial to network design, as they allow traffic to be sent only where it is needed in most cases, using fast, hardware-based methods. Switching uses different kinds of network switches. A standard switch is known as a layer-2 switch and is commonly found in nearly any LAN. Layer-3 or layer-4 switches require advanced technology (see managed switch) and are more expensive and thus are usually only found in larger LANs or in special network environments.
Multi-layer switching combines layer-2, -3 and -4 switching technologies and provides high-speed scalability with low latency. Multi-layer switching can move traffic at wire speed and also provide layer-3 routing. There is no performance difference between forwarding at different layers because the routing and switching are all hardware-based –routing decisions are made by specialized application-specific integrated circuits (ASICs) with the help of content-addressable memory. [2]
Multi-layer switching can make routing and switching decisions based on the following
MLSs implement QoS in hardware. A multilayer switch can prioritize packets by the 6 bit differentiated services code point (DSCP). These 6 bits were originally used for type of service. The following 4 mappings are normally available in an MLS:[ citation needed ]
MLSs are also able to route IP traffic between VLANs like a common router. The routing is normally as quick as switching (at wire speed).
Layer-2 switching uses the MAC addresses of the hosts’ network interface controllers (NICs) to decide where to forward frames. Layer-2 switching is hardware-based, which means switches use ASICs to build and maintain the forwarding information base and to perform packet forwarding at wire speed. One way to think of a layer-2 switch is as a multiport bridge.
Layer-2 switching is highly efficient because there is no modification to the frame required. Encapsulation of the packet changes only when the data packet passes through dissimilar media (such as from Ethernet to FDDI). Layer-2 switching is used for workgroup connectivity and network segmentation (breaking up collision domains). This allows a flatter network design with more network segments than conventional networks joined by repeater hubs and routers.
Layer-2 switches have the same limitations as bridges. Bridges break up collision domains, but the network remains one large broadcast domain which can cause performance issues and limits the size of a network. Broadcast and multicasts, along with the slow convergence of spanning tree, can cause major problems as the network grows. Because of these problems, layer-2 switches cannot completely replace routers. Bridges are good if a network is designed by the 80/20 rule: users spend 80 percent of their time on their local segment.[ citation needed ]
A layer-3 switch can perform some or all of the functions normally performed by a router. Most network switches, however, are limited to supporting a single type of physical network, typically Ethernet, whereas a router may support different kinds of physical networks on different ports.
Layer-3 switching is solely based on the (destination) IP address stored in the header of an IP datagram (layer-4 switching may use other information in the header). The difference between a layer-3 switch and a router is the way the device is making the routing decision. Conventionally, routers use microprocessors to make forwarding decisions in software, while the switch performs only hardware-based packet switching (by specialized ASICs with the help of content-addressable memory). [2] [3] However, many routers now also have advanced hardware functions to assist with forwarding.
The main advantage of layer-3 switches is the potential for lower network latency as a packet can be routed without making extra network hops to a router. For example, connecting two distinct segments (e.g. VLANs) with a router to a standard layer-2 switch requires passing the frame to the switch (first L2 hop), then to the router (second L2 hop) where the packet inside the frame is routed (L3 hop) and then passed back to the switch (third L2 hop). A layer-3 switch accomplishes the same task without the need for a router (and therefore additional hops) by making the routing decision itself, i.e. the packet is routed to another subnet and switched to the destination network port simultaneously.
Because many layer-3 switches offer the same functionality as conventional routers they can be used as cheaper, lower latency replacements in some networks. Layer-3 switches can perform the following actions that can also be performed by routers:
The benefits of layer-3 switching include the following:
IEEE[ citation needed ] has developed hierarchical terminology that is useful in describing forwarding and switching processes. Network devices without the capability to forward packets between subnetworks are called end systems (ESs, singular ES), whereas network devices with these capabilities are called intermediate systems (ISs). ISs are further divided into those that communicate only within their routing domain (intradomain IS) and those that communicate both within and between routing domains (interdomains IS). A routing domain is generally considered as a portion of an internetwork under common administrative authority and is regulated by a particular set of administrative guidelines. Routing domains are also called autonomous systems.
A common layer-3 capability is an awareness of IP multicast through IGMP snooping. With this awareness, a layer-3 switch can increase efficiency by delivering the traffic of a multicast group only to ports where the attached device has signaled that it wants to listen to that group.
Layer-3 switches typically support IP routing between VLANs configured on the switch. Some layer-3 switches support the routing protocols that routers use to exchange information about routes between networks.
Layer-4 switching means hardware-based layer-3 switching technology that can also consider the type of network traffic (for example, distinguishing between UDP and TCP). Layer-4 switching provides additional datagram inspection by reading the port numbers found in the transport layer header to make routing decisions (i.e. ports used by HTTP, FTP and VoIP). These port numbers are found in RFC 1700 and reference the upper-layer protocol, program, or application.
Using layer-4 switching, the network administrator can configure a layer-4 switch to prioritize data traffic by application. Layer-4 information can also be used to help make routing decisions. For example, extended access lists can filter packets based on layer-4 port numbers. Another example is accounting information gathered by open standards using sFlow.
A layer-4 switch can use information in the transport-layer protocols to make forwarding decisions. Principally this refers to an ability to use source and destination port numbers in TCP and UDP communications to allow, block and prioritize communications. [4]
Some switches can use packet information up to OSI layer 7; these may be called layer 4–7 switches, content switches, content services switches, web switches or application switches.
Content switches are typically used for load balancing among groups of servers. Load balancing can be performed on HTTP, HTTPS, VPN, or any TCP/IP traffic using a specific port. Load balancing often involves destination network address translation so that the client of the load-balanced service is not fully aware of which server is handling its requests. Some layer 4–7 switches can perform Network address translation (NAT) at wire speed. Content switches can often be used to perform standard operations such as SSL encryption and decryption to reduce the load on the servers receiving the traffic, or to centralize the management of digital certificates. Layer-7 switching is a technology used in a content delivery network (CDN).
Some applications require that repeated requests from a client are directed at the same application server. Since the client isn't generally aware of which server it spoke to earlier, content switches define a notion of stickiness. For example, requests from the same source IP address are directed to the same application server each time. Stickiness can also be based on SSL IDs, and some content switches can use cookies to provide this functionality.
The router operates on the transport layer and makes decisions on where to send the packets. Modern load balancing routers can use different rules to make decisions on where to route traffic. This can be based on least load, or fastest response times, or simply balancing requests out to multiple destinations providing the same services. This is also a redundancy method, so if one machine is not up, the router will not send traffic to it.
The router may also have NAT capability with port and transaction awareness and performs a form of port translation for sending incoming packets to one or more machines that are hidden behind a single IP address.
Layer-7 switches may distribute the load based on uniform resource locators (URLs), or by using some installation-specific technique to recognize application-level transactions. A layer-7 switch may include a web cache and participate in a content-distribution network (CDN). [5] [ failed verification ]
Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints, the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.
Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.
A router is a computer and networking device that forwards data packets between computer networks, including internetworks such as the global Internet.
A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.
In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. Basically, a VLAN behaves like a virtual switch or network link that can share the same physical structure with other VLANs while staying logically separate from them. Between network devices, VLANs work by applying tags to network frames and handling these tags in networking systems –creating the appearance and functionality of network traffic that is physically on a single network but acts as if it were split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.
Differentiated services or DiffServ is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ can, for example, be used to provide low-latency to critical network traffic such as voice or streaming media while providing best-effort service to non-critical services such as web traffic or file transfers.
Networking hardware, also known as network equipment or computer networking devices, are electronic devices that are required for communication and interaction between devices on a computer network. Specifically, they mediate data transmission in a computer network. Units which are the last receiver or generate data are called hosts, end systems or data terminal equipment.
A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows multiple networks to communicate independently and yet remain separate, whereas bridging connects two separate networks as if they were a single network. In the OSI model, bridging is performed in the data link layer. If one or more segments of the bridged network are wireless, the device is known as a wireless bridge.
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) devices.
Voice over Internet Protocol (VoIP) recording is a subset of telephone recording or voice logging, first used by call centers and now being used by all types of businesses. There are many reasons for recording voice over IP call traffic such as: reducing company vulnerability to lawsuits by maintaining recorded evidence, complying with telephone call recording laws, increasing security, employee training and performance reviews, enhancing employee control and alignment, verifying data, sharing data as well as customer satisfaction and enhancing call center agent morale.
A forwarding information base (FIB), also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper output network interface controller to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from Ethernet hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.
Hierarchical VLAN (HVLAN) is a proposed Ethernet standard that extends the use of enterprise Ethernet VLAN (802.1Q) to carrier networks. A number of developments have emerged in recent years to help bring Ethernet, a flexible and cost-efficient packet transport technology, to carrier networks. These developments include Q-in-Q (802.1ad), PBB (802.1ah), PBT, and PBB-TE, which bring a set of features to traditional Ethernet to make it “carrier-grade”, adding to it high-availability, OA&M, and more.
In routing, the data plane, sometimes called the forwarding plane or user plane, defines the part of the router architecture that decides what to do with packets arriving on an inbound interface. Most commonly, it refers to a table in which the router looks up the destination address of the incoming packet and retrieves the information necessary to determine the path from the receiving element, through the internal forwarding fabric of the router, and to the proper outgoing interface(s).
Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given uplink. The restricted ports are called private ports. Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port connected to a router, firewall, server, provider network, or similar central resource.
Data center bridging (DCB) is a set of enhancements to the Ethernet local area network communication protocol for use in data center environments, in particular for use with clustering and storage area networks.
IEEE 802.1aq is an amendment to the IEEE 802.1Q networking standard which adds support for Shortest Path Bridging (SPB). This technology is intended to simplify the creation and configuration of Ethernet networks while enabling multipath routing.
TRILL is a networking protocol for optimizing bandwidth and resilience in Ethernet networks, implemented by devices called TRILL switches. TRILL combines techniques from bridging and routing, and is the application of link-state routing to the VLAN-aware customer-bridging problem. Routing bridges (RBridges) are compatible with, and can incrementally replace, previous IEEE 802.1 customer bridges. TRILL Switches are also compatible with IPv4 and IPv6, routers and end systems. They are invisible to current IP routers, and like conventional routers, RBridges terminate the broadcast, unknown-unicast and multicast traffic of DIX Ethernet and the frames of IEEE 802.2 LLC including the bridge protocol data units of the Spanning Tree Protocol.
In digital communications networks, packet processing refers to the wide variety of algorithms that are applied to a packet of data or information as it moves through the various network elements of a communications network. With the increased performance of network interfaces, there is a corresponding need for faster packet processing.