Network switch

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Typical SOHO network switch.

Back view of Atlantis network switch with Ethernet ports.

A network switch or switching hub is a computer networking device that connects network
segments.

The term commonly refers to a network bridge that processes and routes data at the data link
layer (layer 2) of the OSI model. Switches that additionally process data at the network layer
(layer 3 and above) are often referred to as Layer 3 switches or multilayer switches.

The term network switch does not generally encompass unintelligent or passive network
devices such as hubs and repeaters.

The first Ethernet switch was introduced by Kalpana in 1990.[1]

[edit] Function
The network switch, packet switch (or just switch) plays an integral part in most Ethernet
local area networks or LANs. Mid-to-large sized LANs contain a number of linked managed
switches. Small office/home office (SOHO) applications typically use a single switch, or an
all-purpose converged device such as a gateway access to small office/home broadband
services such as DSL router or cable Wi-Fi router. In most of these cases, the end-user device
contains a router and components that interface to the particular physical broadband
technology, as in Linksys 8-port and 48-port devices. User devices may also include a
telephone interface for VoIP.

A standard 10/100 Ethernet switch operates at the data-link layer of the OSI model to create a
different collision domain for each switch port. If you have 4 computers (e.g., A, B, C, and
D) on 4 switch ports, then A and B can transfer data back and forth, while C and D also do so
simultaneously, and the two "conversations" will not interfere with one another. In the case of
a "hub," they would all share the bandwidth and run in Half duplex, resulting in collisions,
which would then necessitate retransmissions. Using a switch is called microsegmentation.
This allows you to have dedicated bandwidth on point-to-point connections with every
computer and to therefore run in Full duplex with no collisions.

[edit] Role of switches in networks

Switches may operate at one or more OSI layers, including physical, data link, network, or
transport (i.e., end-to-end). A device that operates simultaneously at more than one of these
layers is known as a multilayer switch.

In switches intended for commercial use, built-in or modular interfaces make it possible to
connect different types of networks, including Ethernet, Fibre Channel, ATM, ITU-T G.hn
and 802.11. This connectivity can be at any of the layers mentioned. While Layer 2
functionality is adequate for bandwidth-shifting within one technology, interconnecting
technologies such as Ethernet and token ring are easier at Layer 3.

Interconnection of different Layer 3 networks is done by routers. If there are any features that
characterize "Layer-3 switches" as opposed to general-purpose routers, it tends to be that they
are optimized, in larger switches, for high-density Ethernet connectivity.

In some service provider and other environments where there is a need for a great deal of
analysis of network performance and security, switches may be connected between WAN
routers as places for analytic modules. Some vendors provide firewall,[2][3] network intrusion
detection,[4] and performance analysis modules that can plug into switch ports. Some of these
functions may be on combined modules.[5]

In other cases, the switch is used to create a mirror image of data that can go to an external
device. Since most switch port mirroring provides only one mirrored stream, network hubs
can be useful for fanning out data to several read-only analyzers, such as intrusion detection
systems and packet sniffers.

[edit] Layer-specific functionality

Main article: Multilayer switch
A modular network switch with three network modules (a total of 24 Ethernet and 14 Fast
Ethernet ports) and one power supply.

While switches may learn about topologies at many layers, and forward at one or more
layers, they do tend to have common features. Other than for high-performance applications,
modern commercial switches use primarily Ethernet interfaces, which can have different
input and output bandwidths of 10, 100, 1000 or 10,000 megabits per second. Switch ports
almost always default to Full duplex operation, unless there is a requirement for
interoperability with devices that are strictly Half duplex. Half duplex means that the device
can only send or receive at any given time, whereas Full duplex can send and receive at the
same time.

At any layer, a modern switch may implement power over Ethernet (PoE), which avoids the
need for attached devices, such as an IP telephone or wireless access point, to have a separate
power supply. Since switches can have redundant power circuits connected to uninterruptible
power supplies, the connected device can continue operating even when regular office power
fails.

[edit] Layer-1 hubs versus higher-layer switches

A network hub, or repeater, is a fairly unsophisticated network device. Hubs do not manage
any of the traffic that comes through them. Any packet entering a port is broadcast out or
"repeated" on every other port, except for the port of entry. Since every packet is repeated on
every other port, packet collisions result, which slows down the network.

There are specialized applications where a hub can be useful, such as copying traffic to
multiple network sensors. High end switches have a feature which does the same thing called
port mirroring. There is no longer any significant price difference between a hub and a low-
end switch.[6]

[edit] Layer 2

A network bridge, operating at the Media Access Control (MAC) sublayer of the data link
layer, may interconnect a small number of devices in a home or office. This is a trivial case of
bridging, in which the bridge learns the MAC address of each connected device. Single
bridges also can provide extremely high performance in specialized applications such as
storage area networks.

Classic bridges may also interconnect using a spanning tree protocol that disables links so
that the resulting local area network is a tree without loops. In contrast to routers, spanning
tree bridges must have topologies with only one active path between two points. The older
IEEE 802.1D spanning tree protocol could be quite slow, with forwarding stopping for 30
seconds while the spanning tree would reconverge. A Rapid Spanning Tree Protocol was
introduced as IEEE 802.1w, but the newest edition of IEEE 802.1D-2004, adopts the 802.1w
extensions as the base standard. The IETF is specifying the TRILL protocol, which is the
application of link-state routing technology to the layer-2 bridging problem. Devices which
implement TRILL, called RBridges, combine the best features of both routers and bridges.

While "layer 2 switch" remains more of a marketing term than a technical term,[citation needed] the
products that were introduced as "switches" tended to use microsegmentation and Full duplex
to prevent collisions among devices connected to Ethernets. By using an internal forwarding
plane much faster than any interface, they give the impression of simultaneous paths among
multiple devices.

Once a bridge learns the topology through a spanning tree protocol, it forwards data link layer
frames using a layer 2 forwarding method. There are four forwarding methods a bridge can
use, of which the second through fourth method were performance-increasing methods when
used on "switch" products with the same input and output port bandwidths:

1. Store and forward: The switch buffers and, typically, performs a checksum on each
frame before forwarding it.
2. Cut through: The switch reads only up to the frame's hardware address before starting
to forward it. There is no error checking with this method.
3. Fragment free: A method that attempts to retain the benefits of both "store and
forward" and "cut through". Fragment free checks the first 64 bytes of the frame,
where addressing information is stored. According to Ethernet specifications,
collisions should be detected during the first 64 bytes of the frame, so frames that are
in error because of a collision will not be forwarded. This way the frame will always
reach its intended destination. Error checking of the actual data in the packet is left for
the end device in Layer 3 or Layer 4 (OSI), typically a router.
4. Adaptive switching: A method of automatically switching between the other three
modes.

Cut-through switches have to fall back to store and forward if the outgoing port is busy at the
time the packet arrives. While there are specialized applications, such as storage area
networks, where the input and output interfaces are the same bandwidth, this is rarely the
case in general LAN applications. In LANs, a switch used for end user access typically
concentrates lower bandwidth (e.g., 10/100 Mbit/s) into a higher bandwidth (at least
1 Gbit/s). Alternatively, a switch that provides access to server ports usually connects to them
at a much higher bandwidth than is used by end user devices.

[edit] Layer 3
Within the confines of the Ethernet physical layer, a layer 3 switch can perform some or all of
the functions normally performed by a router. A true router is able to forward traffic from one
type of network connection (e.g., T1, DSL) to another (e.g., Ethernet, WiFi).

The most common layer-3 capability is awareness of IP multicast. With this awareness, a
layer-3 switch can increase efficiency by delivering the traffic of a multicast group only to
ports where the attached device has signaled that it wants to listen to that group. If a switch is
not aware of multicasting and broadcasting, frames are also forwarded on all ports of each
broadcast domain, but in the case of IP multicast this causes inefficient use of bandwidth. To
work around this problem some switches implement IGMP snooping.[7]

[edit] Layer 4

While the exact meaning of the term Layer-4 switch is vendor-dependent, it almost always
starts with a capability for network address translation, but then adds some type of load
distribution based on TCP sessions.[8]

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security
gateway.

[edit] Layer 7

Layer 7 switches may distribute loads based on URL or by some installation-specific

technique to recognize application-level transactions. A Layer-7 switch may include a web
cache and participate in a content delivery network.[9]

Rack-mounted 24-port 3Com switch

[edit] Types of switches

[edit] Form factor

 Desktop, not mounted in an enclosure, typically intended to be used in a home or

office environment outside of a wiring closet
 Rack mounted
 Chassis — with swappable "switch module" cards. e.g. Alcatel's OmniSwitch 9000;
Cisco Catalyst switch 4500 and 6500; 3Com 7700, 7900E, 8800.
  DIN rail mounted, normally seen in industrial environments or panels

[edit] Configuration options

 Unmanaged switches — These switches have no configuration interface or options.

They are plug and play. They are typically the least expensive switches, found in
home, SOHO, or small businesses. They can be desktop or rack mounted.
 Managed switches — These switches have one or more methods to modify the
operation of the switch. Common management methods include: a serial console or
command line interface (CLI for short) accessed via telnet or Secure Shell, an
embedded Simple Network Management Protocol (SNMP) agent allowing
management from a remote console or management station, or a web interface for
management from a web browser. Examples of configuration changes that one can do
from a managed switch include: enable features such as Spanning Tree Protocol, set
port bandwidth, create or modify Virtual LANs (VLANs), etc. Two sub-classes of
managed switches are marketed today:
o Smart (or intelligent) switches — These are managed switches with a limited
set of management features. Likewise "web-managed" switches are switches
which fall in a market niche between unmanaged and managed. For a price
much lower than a fully managed switch they provide a web interface (and
usually no CLI access) and allow configuration of basic settings, such as
VLANs, port-bandwidth and duplex.[10]
o Enterprise Managed (or fully managed) switches — These have a full set of
management features, including Command Line Interface, SNMP agent, and
web interface. They may have additional features to manipulate
configurations, such as the ability to display, modify, backup and restore
configurations. Compared with smart switches, enterprise switches have more
features that can be customized or optimized, and are generally more
expensive than "smart" switches. Enterprise switches are typically found in
networks with larger number of switches and connections, where centralized
management is a significant savings in administrative time and effort. A
stackable switch is a version of enterprise-managed switch.

[edit] Traffic monitoring on a switched network

Unless port mirroring or other methods such as RMON or SMON are implemented in a
switch,[11] it is difficult to monitor traffic that is bridged using a switch because all ports are
isolated until one transmits data, and even then only the sending and receiving ports can see
the traffic. These monitoring features rarely are present on consumer-grade switches.

Two popular methods that are specifically designed to allow a network analyst to monitor
traffic are:

 Port mirroring — the switch sends a copy of network packets to a monitoring network
connection.
 SMON — "Switch Monitoring" is described by RFC 2613 and is a protocol for
controlling facilities such as port mirroring.
Another method to monitor may be to connect a Layer-1 hub between the monitored device
and its switch port. This will induce minor delay, but will provide multiple interfaces that can
be used to monitor the individual switch port.

[edit] Typical switch management features

Linksys 48-port switch

A rack-mounted switch with network cables

 Turn some particular port range on or off

 Link bandwidth and duplex settings
 Priority settings for ports
 MAC filtering and other types of "port security" features which prevent MAC
flooding
 Use of Spanning Tree Protocol
 SNMP monitoring of device and link health
 Port mirroring (also known as: port monitoring, spanning port, SPAN port, roving
analysis port or link mode port)
 Link aggregation (also known as bonding, trunking or teaming)
 VLAN settings
 802.1X network access control
 IGMP snooping
Link aggregation allows the use of multiple ports for the same connection achieving higher
data transfer rates. Creating VLANs can serve security and performance goals by reducing
the size of the broadcast domain.

Router
From Wikipedia, the free encyclopedia
Jump to: navigation, search
This article may be confusing or unclear to readers. Please help clarify the article;
suggestions may be found on the talk page. (May 2009)
This article is about the computer networking device. For the rotating cutting tool, see Router
(woodworking). For the variety of network devices found in household network setups, see
residential gateway. For the software used in electronic design automation, see routing
(electronic design automation).

A Cisco ASM/2-32EM router deployed at CERN in 1987.

Juniper SRX210 service gateway router

A router is an electronic device that interconnects two or more computer networks, and
selectively interchanges packets of data between them. Each data packet contains address
information that a router can use to determine if the source and destination are on the same
network, or if the data packet must be transferred from one network to another. Where
multiple routers are used in a large collection of interconnected networks, the routers
exchange information about target system addresses, so that each router can build up a table
showing the preferred paths between any two systems on the interconnected networks.

A router is a networking device whose software and hardware are customized to the tasks of
routing and forwarding information. A router has two or more network interfaces, which may
be to different physical types of network (such as copper cables, fiber, or wireless) or
different network standards. Each network interface is a specialized device that converts
electric signals from one form to another.

Routers connect two or more logical subnets, which do not share a common network address.
The subnets in the router do not necessarily map one-to-one to the physical interfaces of the
router.[1] The term "layer 3 switching" is used often interchangeably with the term "routing".
The term switching is generally used to refer to data forwarding between two network
devices that share a common network address. This is also called layer 2 switching or LAN
switching.

Conceptually, a router operates in two operational planes (or sub-systems):[2]

 Control plane: where a router builds a table (called routing table) as how a packet
should be forwarded through which interface, by using either statically configured
statements (called static routes) or by exchanging information with other routers in the
network through a dynamical routing protocol;
 Forwarding plane: where the router actually forwards traffic (called packets in IP)
from ingress (incoming) interfaces to an egress (outgoing) interface that is appropriate
for the destination address that the packet carries with it, by following rules derived
from the routing table that has been built in the control plane.

Contents
[hide]

 1 Types of routers
o 1.1 Routers for Internet connectivity and internal use
 2 History
o 2.1 Enterprise routers
 2.1.1 Access
 2.1.2 Distribution
 2.1.3 Core
 3 Forwarding plane (a.k.a. data plane)
 4 Router Manufacturers
 5 References
 6 External links

[edit] Types of routers

A demonstration of a router forwarding information to many clients.

Routers may provide connectivity inside enterprises, between enterprises and the Internet,
and inside internet service providers (ISPs). The largest routers (for example the Cisco CRS-1
or Juniper T1600) interconnect ISPs, are used inside ISPs, or may be used in very large
enterprise networks. The smallest routers provide connectivity for small and home offices.

[edit] Routers for Internet connectivity and internal use

Routers intended for ISP and major enterprise connectivity almost invariably exchange
routing information using the Border Gateway Protocol (BGP). RFC 4098[3] defines several
types of BGP-speaking routers according to the routers' functions:

 Edge router (ER): An ER is placed at the edge of an ISP network. The router speaks
external BGP (EBGP) to a BGP speaker in another provider or large enterprise
Autonomous System(AS). This type of router is also called PE (Provider Edge)
routers.
 Subscriber edge router (SER): An SER is located at the edge of the subscriber's
network, it speaks EBGP to its provider's AS(s). It belongs to an end user (enterprise)
organization. This type of router is also called CE (Customer Edge) routers.
 Inter-provider border router: Interconnecting ISPs, this is a BGP-speaking router that
maintains BGP sessions with other BGP speaking routers in other providers' ASes.
 Core router: A core router is one that resides within an AS as back bone to carry
traffic between edge routers.

Within an ISP: Internal to the provider's AS, such a router speaks internal BGP
(IBGP) to that provider's edge routers, other intra-provider core routers, or the
provider's inter-provider border routers.
"Internet backbone:" The Internet does not have a clearly identifiable backbone, as did
its predecessors. See default-free zone (DFZ). Nevertheless, the major ISPs' routers
make up what many would consider the core. These ISPs operate all four types of the
BGP-speaking routers described here. In ISP usage, a "core" router is internal to an
ISP, and used to interconnect its edge and border routers. Core routers may also have
specialized functions in virtual private networks based on a combination of BGP and
Multi-Protocol Label Switching (MPLS).[4]

Routers are also used for port forwarding for private servers.

[edit] History
Leonard Kleinrock and the first IMP.

Avaya ERS 8600 (2010)

The very first device that had fundamentally the same functionality as a router does today, i.e
a packet switch, was the Interface Message Processor (IMP); IMPs were the devices that
made up the ARPANET, the first packet switching network. The idea for a router (although
they were called "gateways" at the time) initially came about through an international group
of computer networking researchers called the International Network Working Group
(INWG). Set up in 1972 as an informal group to consider the technical issues involved in
connecting different networks, later that year it became a subcommittee of the International
Federation for Information Processing.[5]

These devices were different from most previous packet switches in two ways. First, they
connected dissimilar kinds of networks, such as serial lines and local area networks. Second,
they were connectionless devices, which had no role in assuring that traffic was delivered
reliably, leaving that entirely to the hosts (although this particular idea had been previously
pioneered in the CYCLADES network).
The idea was explored in more detail, with the intention to produce a real prototype system,
as part of two contemporaneous programs. One was the initial DARPA-initiated program,
which created the TCP/IP architecture of today.[6] The other was a program at Xerox PARC to
explore new networking technologies, which produced the PARC Universal Packet system,
although due to corporate intellectual property concerns it received little attention outside
Xerox until years later.[7]

The earliest Xerox routers came into operation sometime after early 1974. The first true IP
router was developed by Virginia Strazisar at BBN, as part of that DARPA-initiated effort,
during 1975-1976. By the end of 1976, three PDP-11-based routers were in service in the
experimental prototype Internet.[8]

The first multiprotocol routers were independently created by staff researchers at MIT and
Stanford in 1981; the Stanford router was done by William Yeager, and the MIT one by Noel
Chiappa; both were also based on PDP-11s.[9][10][11][12]

As virtually all networking now uses IP at the network layer, multiprotocol routers are largely
obsolete, although they were important in the early stages of the growth of computer
networking, when several protocols other than TCP/IP were in widespread use. Routers that
handle both IPv4 and IPv6 arguably are multiprotocol, but in a far less variable sense than a
router that processed AppleTalk, DECnet, IP, and Xerox protocols.

In the original era of routing (from the mid-1970s through the 1980s), general-purpose mini-
computers served as routers. Although general-purpose computers can perform routing,
modern high-speed routers are highly specialized computers, generally with extra hardware
added to accelerate both common routing functions such as packet forwarding and specialised
functions such as IPsec encryption.

Still, there is substantial use of Linux and Unix machines, running open source routing code,
for routing research and selected other applications. While Cisco's operating system was
independently designed, other major router operating systems, such as those from Juniper
Networks and Extreme Networks, are extensively modified but still have Unix ancestry.

[edit] Enterprise routers

All sizes of routers may be found inside enterprises. The most powerful routers tend to be
found in ISPs and academic & research facilities. Large businesses may also need powerful
routers.

A three-layer model is in common use, not all of which need be present in smaller networks.
[13]

[edit] Access
Linksys by Cisco WRT54GL SoHo Router

A screenshot of the LuCI web interface used by OpenWrt. Here it is being used to configure
Dynamic DNS.

Access routers, including 'small office/home office' (SOHO) models, are located at customer
sites such as branch offices that do not need hierarchical routing of their own. Typically, they
are optimized for low cost. Some SOHO routers are capable of running alternative free
Linux-based firmwares like OpenWrt.

[edit] Distribution

Distribution routers aggregate traffic from multiple access routers, either at the same site, or
to collect the data streams from multiple sites to a major enterprise location. Distribution
routers often are responsible for enforcing quality of service across a WAN, so they may have
considerable memory, multiple WAN interfaces, and substantial processing intelligence.

They may also provide connectivity to groups of servers or to external networks. In the latter
application, the router's functionality must be carefully considered as part of the overall
security architecture. Separate from the router may be a firewall or VPN concentrator, or the
router may include these and other security functions.

[edit] Core

In enterprises, a core router may provide a "collapsed backbone" interconnecting the

distribution tier routers from multiple buildings of a campus, or large enterprise locations.
They tend to be optimized for high bandwidth.

When an enterprise is widely distributed with no central location(s), the function of core
routing may be subsumed by the WAN service to which the enterprise subscribes, and the
distribution routers become the highest tier.
[edit] Forwarding plane (a.k.a. data plane)
Main article: Forwarding plane

For pure Internet Protocol (IP) forwarding function, a router is designed to minimize the state
information on individual packets. A router does not look into the actual data contents that
the packet carries, but only at the layer 3 addresses to make a forwarding decision, plus
optionally other information in the header for hint on, for example, QoS. Once a packet is
forwarded, the router does not retain any historical information about the packet, but the
forwarding action can be collected into the statistical data, if so configured.

Forwarding decisions can involve decisions at layers other than the IP internetwork layer or
OSI layer 3. A function that forwards based on data link layer, or OSI layer 2, information, is
properly called a bridge or switch. This function is referred to as layer 2 switching, as the
addresses it uses to forward the traffic are layer 2 addresses in the OSI layer model.

Besides making decision as which interface a packet is forwarded to, which is handled
primarily via the routing table, a router also has to manage congestion, when packets arrive at
a rate higher than the router can process. Three policies commonly used in the Internet are
tail drop, random early detection, and weighted random early detection. Tail drop is the
simplest and most easily implemented; the router simply drops packets once the length of the
queue exceeds the size of the buffers in the router. Random early detection (RED)
probabilistically drops datagrams early when the queue is about to exceed a pre-configured
size of the queue. Weighted random early detection requires a weight on the average queue
size to act upon when the traffic is about to exceed the pre-configured size, so that short
bursts will not trigger random drops.

Another function a router performs is to decide which packet should be processed first when
multiple queues exist. This is managed through QoS (Quality of Service), which is critical
when VoIP (Voice over IP) is deployed, so that delays between packets do not exceed 150ms
to maintain the quality of voice conversations.

Yet another function a router performs is called "policy based routing" where special rules
are constructed to override the rules derived from the routing table when packet forwarding
decision is made.

These functions may be performed through the same internal paths that the packets travel
inside the router. Some of the functions may be performed through an application-specific
integrated circuit (ASIC) to avoid overhead caused by multiple CPU cycles, and others may
have to be performed through the CPU as these packets need special attention that cannot be
handled by an ASIC.