NETWORK SWITCH
A network switch or switching hub is a computer networking
device that links network segments or network devices. The term commonly refers
to a multi-port network bridge that processes and routes data at the data link
layer (layer 2) of the OSI model. Switches that additionally process data at
the network layer (layer 3) and above are often called layer-3 switches or
multilayer switches.
Switches exist for various types of networks including Fibre
Channel, Asynchronous Transfer Mode, InfiniBand, Ethernet and others. The first
Ethernet switch was introduced by Kalpana in 1990.[1]
A 19-inch rack used for switches at the DE-CIX in Frankfurt,
Germany
A switch is a telecommunication device that receives a
message from any device connected to it and then transmits the message only to
the device for which the message was meant. This makes the switch a more
intelligent device than a hub (which receives a message and then transmits it
to all the other devices on its network). The network switch plays an integral
part in most modern Ethernet local area networks (LANs). Mid-to-large sized
LANs contain a number of linked managed switches. Small office/home office
(SOHO) applications typically use a single switch, or an all-purpose converged
device such as a residential gateway to access small office/home broadband
services such as DSL or cable Internet. In most of these cases, the end-user
device contains a router and components that interface to the particular
physical broadband technology. User devices may also include a telephone
interface for VoIP.
An Ethernet switch operates at the data link layer of the OSI
model to create a separate collision domain for each switch port. With 4
computers (e.g., A, B, C, and D) on 4 switch ports, any pair (e.g. A and B) can
transfer data back and forth while the other pair (e.g. C and D) also do so
simultaneously, and the two conversations will not interfere with one another.
In full duplex mode, these pairs can also overlap (e.g. A transmits to B,
simultaneously B to C, and so on). In the case of a repeater hub, they would
all share the bandwidth and run in half duplex, resulting in collisions, which
would then necessitate retransmissions.
Microsegmentation[edit source]
Using a bridge or a switch (or a router) to split a larger
collision domain into smaller ones in order to reduce collision probability and
improve overall throughput is called segmentation. In the extreme of
microsegmentation, each device is located on a dedicated switch port. In
contrast to an Ethernet hub, there is a separate collision domain on each of
the switch ports. This allows computers to have dedicated bandwidth on
point-to-point connections to the network and also to run in full duplex
without collisions. Full duplex mode has only one transmitter and one receiver
per 'collision domain', making collisions impossible.
Role of switches in a network[edit source]
Switches may operate at one or more layers of the OSI model,
including data link and network. A device that operates simultaneously at more
than one of these layers is known as a multilayer switch.
In switches intended for commercial use, built-in or modular
interfaces make it possible to connect different types of networks, including
Ethernet, Fibre Channel, ATM, ITU-T G.hn and 802.11. This connectivity can be
at any of the layers mentioned. While layer-2 functionality is adequate for
bandwidth-shifting within one technology, interconnecting technologies such as
Ethernet and token ring is easier at layer 3.
Devices that interconnect at layer 3 are traditionally called
routers, so layer-3 switches can also be regarded as (relatively primitive)
routers.
Where there is a need for a great deal of analysis of network
performance and security, switches may be connected between WAN routers as
places for analytic modules. Some vendors provide firewall,[2][3] network
intrusion detection,[4] and performance analysis modules that can plug into
switch ports. Some of these functions may be on combined modules.[5]
In other cases, the switch is used to create a mirror image
of data that can go to an external device. Since most switch port mirroring
provides only one mirrored stream, network hubs can be useful for fanning out
data to several read-only analyzers, such as intrusion detection systems and
packet sniffers.
Layer-specific functionality[edit source]
Main article: Multilayer switch
A modular network
switch with three network modules (a total of 24 Ethernet and 14 Fast Ethernet
ports) and one power supply.
While switches may learn about topologies at many layers, and
forward at one or more layers, they do tend to have common features. Other than
for high-performance applications, modern commercial switches use primarily
Ethernet interfaces.
At any layer, a modern switch may implement power over
Ethernet (PoE), which avoids the need for attached devices, such as a VoIP
phone or wireless access point, to have a separate power supply. Since switches
can have redundant power circuits connected to uninterruptible power supplies,
the connected device can continue operating even when regular office power
fails.
Layer 1 (Hubs versus higher-layer switches)[edit source]
A network hub, or repeater, is a simple network device.
Repeater hubs do not manage any of the traffic that comes through them. Any
packet entering a port is flooded out or "repeated" on every other
port, except for the port of entry. Since every packet is repeated on every
other port, packet collisions affect the entire network, limiting its capacity.
A switch creates the – originally mandatory – Layer 1
end-to-end connection only virtually. Its bridge function selects which packets
are forwarded to which port(s) on the basis of information taken from layer 2
(or higher), removing the requirement that every node be presented with all
data. The connection lines are not "switched" literally, it only
appears like this on the packet level. "Bridging hub",
"switching hub", or "multiport bridge" would be more
appropriate terms.
There are specialized applications where a hub can be useful,
such as copying traffic to multiple network sensors. High end switches have a
feature which does the same thing called port mirroring.
By the early 2000s, there was little price difference between
a hub and a low-end switch.[6]
Layer 2[edit source]
A network bridge, operating at the data link layer, may
interconnect a small number of devices in a home or the office. This is a
trivial case of bridging, in which the bridge learns the MAC address of each
connected device.
Single bridges also can provide extremely high performance in
specialized applications such as storage area networks.
Classic bridges may also interconnect using a spanning tree
protocol that disables links so that the resulting local area network is a tree
without loops. In contrast to routers, spanning tree bridges must have
topologies with only one active path between two points. The older IEEE 802.1D
spanning tree protocol could be quite slow, with forwarding stopping for 30
seconds while the spanning tree reconverged. A Rapid Spanning Tree Protocol was
introduced as IEEE 802.1w. The newest standard Shortest path bridging (IEEE
802.1aq) is the next logical progression and incorporates all the older
Spanning Tree Protocols (IEEE 802.1D STP, IEEE 802.1w RSTP, IEEE 802.1s MSTP)
that blocked traffic on all but one alternative path. IEEE 802.1aq (Shortest
Path Bridging SPB) allows all paths to be active with multiple equal cost
paths, provides much larger layer 2 topologies (up to 16 million compared to
the 4096 VLANs limit),[7] faster convergence, and improves the use of the mesh
topologies through increase bandwidth and redundancy between all devices by
allowing traffic to load share across all paths of a mesh
network.[8][9][10][11]
While layer 2 switch remains more of a marketing term than a
technical term,[citation needed] the products that were introduced as
"switches" tended to use microsegmentation and Full duplex to prevent
collisions among devices connected to Ethernet. By using an internal forwarding
plane much faster than any interface, they give the impression of simultaneous
paths among multiple devices. 'Non-blocking' devices use a forwarding plane or
equivalent method fast enough to allow full duplex traffic for each port
simultaneously.
Once a bridge learns the addresses of its connected nodes, it
forwards data link layer frames using a layer 2 forwarding method. There are
four forwarding methods a bridge can use, of which the second through fourth
method were performance-increasing methods when used on "switch" products
with the same input and output port bandwidths:
Store and forward: The switch buffers and verifies each frame
before forwarding it.
Cut through: The switch reads only up to the frame's hardware
address before starting to forward it. Cut-through switches have to fall back
to store and forward if the outgoing port is busy at the time the packet
arrives. There is no error checking with this method.
Fragment free: A method that attempts to retain the benefits
of both store and forward and cut through. Fragment free checks the first 64
bytes of the frame, where addressing information is stored. According to
Ethernet specifications, collisions should be detected during the first 64
bytes of the frame, so frames that are in error because of a collision will not
be forwarded. This way the frame will always reach its intended destination.
Error checking of the actual data in the packet is left for the end device.
Adaptive switching: A method of automatically selecting
between the other three modes.
While there are specialized applications, such as storage
area networks, where the input and output interfaces are the same bandwidth,
this is not always the case in general LAN applications. In LANs, a switch used
for end user access typically concentrates lower bandwidth and uplinks into a
higher bandwidth.
Layer 3[edit source]
Within the confines of the Ethernet physical layer, a layer-3
switch can perform some or all of the functions normally performed by a router.
The most common layer-3 capability is awareness of IP multicast through IGMP
snooping. With this awareness, a layer-3 switch can increase efficiency by
delivering the traffic of a multicast group only to ports where the attached
device has signaled that it wants to listen to that group.
Layer 4[edit source]
While the exact meaning of the term layer-4 switch is
vendor-dependent, it almost always starts with a capability for network address
translation, but then adds some type of load distribution based on TCP
sessions.[12]
The device may include a stateful firewall, a VPN
concentrator, or be an IPSec security gateway.
Layer 7[edit source]
Layer-7 switches may distribute loads based on Uniform
Resource Locator URL or by some installation-specific technique to recognize
application-level transactions. A layer-7 switch may include a web cache and
participate in a content delivery network.[13]
Rack-mounted 24-port 3Com switch
Types of switches[edit source]
Form factor[edit source]
Desktop, not mounted in an enclosure, typically intended to
be used in a home or office environment outside of a wiring closet
Rack mounted - A switch that mounts in an equipment rack
Chassis - with swappable module cards
DIN rail mounted - normally seen in industrial environments
or panels
Configuration options[edit source]
Unmanaged switches — These switches have no configuration
interface or options. They are plug and play. They are typically the least
expensive switches, and therefore often used in a small office/home office
environment. Unmanaged switches can be desktop or rack mounted.
Managed switches — These switches have one or more methods to
modify the operation of the switch. Common management methods include: a
command-line interface (CLI) accessed via serial console, telnet or Secure
Shell, an embedded Simple Network Management Protocol (SNMP) agent allowing
management from a remote console or management station, or a web interface for
management from a web browser. Examples of configuration changes that one can
do from a managed switch include: enable features such as Spanning Tree
Protocol, set port bandwidth, create or modify Virtual LANs (VLANs), etc. Two
sub-classes of managed switches are marketed today:
Smart (or intelligent) switches — These are managed switches
with a limited set of management features. Likewise "web-managed"
switches are switches which fall into a market niche between unmanaged and
managed. For a price much lower than a fully managed switch they provide a web
interface (and usually no CLI access) and allow configuration of basic
settings, such as VLANs, port-bandwidth and duplex.[14]
Enterprise Managed (or fully managed) switches — These have a
full set of management features, including CLI, SNMP agent, and web interface.
They may have additional features to manipulate configurations, such as the
ability to display, modify, backup and restore configurations. Compared with
smart switches, enterprise switches have more features that can be customized
or optimized, and are generally more expensive than smart switches. Enterprise
switches are typically found in networks with larger number of switches and
connections, where centralized management is a significant savings in
administrative time and effort. A stackable switch is a version of
enterprise-managed switch.
Typical switch management features[edit source]
Linksys 48-port switch
HP Procurve
rack-mounted switches mounted in a standard Telco Rack 19-inch rack with
network cables
Turn particular port range on or off
Link bandwidth and duplex settings
Priority settings for ports
IP Management by IP Clustering.
MAC filtering and other types of "port security"
features which prevent MAC flooding
Use of Spanning Tree Protocol
SNMP monitoring of device and link health
Port mirroring (also known as: port monitoring, spanning
port, SPAN port, roving analysis port or link mode port)
Link aggregation (also known as bonding, trunking or teaming)
allows the use of multiple ports for the same connection achieving higher data
transfer rates
VLAN settings. Creating VLANs can serve security and
performance goals by reducing the size of the broadcast domain.
802.1X network access control
IGMP snooping
Traffic monitoring on a switched network[edit source]
Unless port mirroring or other methods such as RMON, SMON or
sFlow are implemented in a switch,[15] it is difficult to monitor traffic that
is bridged using a switch because only the sending and receiving ports can see
the traffic. These monitoring features are rarely present on consumer-grade
switches.
Two popular methods that are specifically designed to allow a
network analyst to monitor traffic are:
Port mirroring — the switch sends a copy of network packets
to a monitoring network connection.
SMON — "Switch Monitoring" is described by RFC 2613
and is a protocol for controlling facilities such as port mirroring.
Another method to monitor may be to connect a layer-1 hub
between the monitored device and its switch port. This will induce minor delay,
but will provide multiple interfaces that can be used to monitor the individual
switch port.
NETWORK SWITCH
A network switch or switching hub is a computer networking
device that links network segments or network devices. The term commonly refers
to a multi-port network bridge that processes and routes data at the data link
layer (layer 2) of the OSI model. Switches that additionally process data at
the network layer (layer 3) and above are often called layer-3 switches or
multilayer switches.
Switches exist for various types of networks including Fibre
Channel, Asynchronous Transfer Mode, InfiniBand, Ethernet and others. The first
Ethernet switch was introduced by Kalpana in 1990.[1]
A 19-inch rack used for switches at the DE-CIX in Frankfurt,
Germany
A switch is a telecommunication device that receives a
message from any device connected to it and then transmits the message only to
the device for which the message was meant. This makes the switch a more
intelligent device than a hub (which receives a message and then transmits it
to all the other devices on its network). The network switch plays an integral
part in most modern Ethernet local area networks (LANs). Mid-to-large sized
LANs contain a number of linked managed switches. Small office/home office
(SOHO) applications typically use a single switch, or an all-purpose converged
device such as a residential gateway to access small office/home broadband
services such as DSL or cable Internet. In most of these cases, the end-user
device contains a router and components that interface to the particular
physical broadband technology. User devices may also include a telephone
interface for VoIP.
An Ethernet switch operates at the data link layer of the OSI
model to create a separate collision domain for each switch port. With 4
computers (e.g., A, B, C, and D) on 4 switch ports, any pair (e.g. A and B) can
transfer data back and forth while the other pair (e.g. C and D) also do so
simultaneously, and the two conversations will not interfere with one another.
In full duplex mode, these pairs can also overlap (e.g. A transmits to B,
simultaneously B to C, and so on). In the case of a repeater hub, they would
all share the bandwidth and run in half duplex, resulting in collisions, which
would then necessitate retransmissions.
Microsegmentation[edit source]
Using a bridge or a switch (or a router) to split a larger
collision domain into smaller ones in order to reduce collision probability and
improve overall throughput is called segmentation. In the extreme of
microsegmentation, each device is located on a dedicated switch port. In
contrast to an Ethernet hub, there is a separate collision domain on each of
the switch ports. This allows computers to have dedicated bandwidth on
point-to-point connections to the network and also to run in full duplex
without collisions. Full duplex mode has only one transmitter and one receiver
per 'collision domain', making collisions impossible.
Role of switches in a network[edit source]
Switches may operate at one or more layers of the OSI model,
including data link and network. A device that operates simultaneously at more
than one of these layers is known as a multilayer switch.
In switches intended for commercial use, built-in or modular
interfaces make it possible to connect different types of networks, including
Ethernet, Fibre Channel, ATM, ITU-T G.hn and 802.11. This connectivity can be
at any of the layers mentioned. While layer-2 functionality is adequate for
bandwidth-shifting within one technology, interconnecting technologies such as
Ethernet and token ring is easier at layer 3.
Devices that interconnect at layer 3 are traditionally called
routers, so layer-3 switches can also be regarded as (relatively primitive)
routers.
Where there is a need for a great deal of analysis of network
performance and security, switches may be connected between WAN routers as
places for analytic modules. Some vendors provide firewall,[2][3] network
intrusion detection,[4] and performance analysis modules that can plug into
switch ports. Some of these functions may be on combined modules.[5]
In other cases, the switch is used to create a mirror image
of data that can go to an external device. Since most switch port mirroring
provides only one mirrored stream, network hubs can be useful for fanning out
data to several read-only analyzers, such as intrusion detection systems and
packet sniffers.
Layer-specific functionality[edit source]
Main article: Multilayer switch
A modular network
switch with three network modules (a total of 24 Ethernet and 14 Fast Ethernet
ports) and one power supply.
While switches may learn about topologies at many layers, and
forward at one or more layers, they do tend to have common features. Other than
for high-performance applications, modern commercial switches use primarily
Ethernet interfaces.
At any layer, a modern switch may implement power over
Ethernet (PoE), which avoids the need for attached devices, such as a VoIP
phone or wireless access point, to have a separate power supply. Since switches
can have redundant power circuits connected to uninterruptible power supplies,
the connected device can continue operating even when regular office power
fails.
Layer 1 (Hubs versus higher-layer switches)[edit source]
A network hub, or repeater, is a simple network device.
Repeater hubs do not manage any of the traffic that comes through them. Any
packet entering a port is flooded out or "repeated" on every other
port, except for the port of entry. Since every packet is repeated on every
other port, packet collisions affect the entire network, limiting its capacity.
A switch creates the – originally mandatory – Layer 1
end-to-end connection only virtually. Its bridge function selects which packets
are forwarded to which port(s) on the basis of information taken from layer 2
(or higher), removing the requirement that every node be presented with all
data. The connection lines are not "switched" literally, it only
appears like this on the packet level. "Bridging hub",
"switching hub", or "multiport bridge" would be more
appropriate terms.
There are specialized applications where a hub can be useful,
such as copying traffic to multiple network sensors. High end switches have a
feature which does the same thing called port mirroring.
By the early 2000s, there was little price difference between
a hub and a low-end switch.[6]
Layer 2[edit source]
A network bridge, operating at the data link layer, may
interconnect a small number of devices in a home or the office. This is a
trivial case of bridging, in which the bridge learns the MAC address of each
connected device.
Single bridges also can provide extremely high performance in
specialized applications such as storage area networks.
Classic bridges may also interconnect using a spanning tree
protocol that disables links so that the resulting local area network is a tree
without loops. In contrast to routers, spanning tree bridges must have
topologies with only one active path between two points. The older IEEE 802.1D
spanning tree protocol could be quite slow, with forwarding stopping for 30
seconds while the spanning tree reconverged. A Rapid Spanning Tree Protocol was
introduced as IEEE 802.1w. The newest standard Shortest path bridging (IEEE
802.1aq) is the next logical progression and incorporates all the older
Spanning Tree Protocols (IEEE 802.1D STP, IEEE 802.1w RSTP, IEEE 802.1s MSTP)
that blocked traffic on all but one alternative path. IEEE 802.1aq (Shortest
Path Bridging SPB) allows all paths to be active with multiple equal cost
paths, provides much larger layer 2 topologies (up to 16 million compared to
the 4096 VLANs limit),[7] faster convergence, and improves the use of the mesh
topologies through increase bandwidth and redundancy between all devices by
allowing traffic to load share across all paths of a mesh
network.[8][9][10][11]
While layer 2 switch remains more of a marketing term than a
technical term,[citation needed] the products that were introduced as
"switches" tended to use microsegmentation and Full duplex to prevent
collisions among devices connected to Ethernet. By using an internal forwarding
plane much faster than any interface, they give the impression of simultaneous
paths among multiple devices. 'Non-blocking' devices use a forwarding plane or
equivalent method fast enough to allow full duplex traffic for each port
simultaneously.
Once a bridge learns the addresses of its connected nodes, it
forwards data link layer frames using a layer 2 forwarding method. There are
four forwarding methods a bridge can use, of which the second through fourth
method were performance-increasing methods when used on "switch" products
with the same input and output port bandwidths:
Store and forward: The switch buffers and verifies each frame
before forwarding it.
Cut through: The switch reads only up to the frame's hardware
address before starting to forward it. Cut-through switches have to fall back
to store and forward if the outgoing port is busy at the time the packet
arrives. There is no error checking with this method.
Fragment free: A method that attempts to retain the benefits
of both store and forward and cut through. Fragment free checks the first 64
bytes of the frame, where addressing information is stored. According to
Ethernet specifications, collisions should be detected during the first 64
bytes of the frame, so frames that are in error because of a collision will not
be forwarded. This way the frame will always reach its intended destination.
Error checking of the actual data in the packet is left for the end device.
Adaptive switching: A method of automatically selecting
between the other three modes.
While there are specialized applications, such as storage
area networks, where the input and output interfaces are the same bandwidth,
this is not always the case in general LAN applications. In LANs, a switch used
for end user access typically concentrates lower bandwidth and uplinks into a
higher bandwidth.
Layer 3[edit source]
Within the confines of the Ethernet physical layer, a layer-3
switch can perform some or all of the functions normally performed by a router.
The most common layer-3 capability is awareness of IP multicast through IGMP
snooping. With this awareness, a layer-3 switch can increase efficiency by
delivering the traffic of a multicast group only to ports where the attached
device has signaled that it wants to listen to that group.
Layer 4[edit source]
While the exact meaning of the term layer-4 switch is
vendor-dependent, it almost always starts with a capability for network address
translation, but then adds some type of load distribution based on TCP
sessions.[12]
The device may include a stateful firewall, a VPN
concentrator, or be an IPSec security gateway.
Layer 7[edit source]
Layer-7 switches may distribute loads based on Uniform
Resource Locator URL or by some installation-specific technique to recognize
application-level transactions. A layer-7 switch may include a web cache and
participate in a content delivery network.[13]
Rack-mounted 24-port 3Com switch
Types of switches[edit source]
Form factor[edit source]
Desktop, not mounted in an enclosure, typically intended to
be used in a home or office environment outside of a wiring closet
Rack mounted - A switch that mounts in an equipment rack
Chassis - with swappable module cards
DIN rail mounted - normally seen in industrial environments
or panels
Configuration options[edit source]
Unmanaged switches — These switches have no configuration
interface or options. They are plug and play. They are typically the least
expensive switches, and therefore often used in a small office/home office
environment. Unmanaged switches can be desktop or rack mounted.
Managed switches — These switches have one or more methods to
modify the operation of the switch. Common management methods include: a
command-line interface (CLI) accessed via serial console, telnet or Secure
Shell, an embedded Simple Network Management Protocol (SNMP) agent allowing
management from a remote console or management station, or a web interface for
management from a web browser. Examples of configuration changes that one can
do from a managed switch include: enable features such as Spanning Tree
Protocol, set port bandwidth, create or modify Virtual LANs (VLANs), etc. Two
sub-classes of managed switches are marketed today:
Smart (or intelligent) switches — These are managed switches
with a limited set of management features. Likewise "web-managed"
switches are switches which fall into a market niche between unmanaged and
managed. For a price much lower than a fully managed switch they provide a web
interface (and usually no CLI access) and allow configuration of basic
settings, such as VLANs, port-bandwidth and duplex.[14]
Enterprise Managed (or fully managed) switches — These have a
full set of management features, including CLI, SNMP agent, and web interface.
They may have additional features to manipulate configurations, such as the
ability to display, modify, backup and restore configurations. Compared with
smart switches, enterprise switches have more features that can be customized
or optimized, and are generally more expensive than smart switches. Enterprise
switches are typically found in networks with larger number of switches and
connections, where centralized management is a significant savings in
administrative time and effort. A stackable switch is a version of
enterprise-managed switch.
Typical switch management features[edit source]
Linksys 48-port switch
HP Procurve
rack-mounted switches mounted in a standard Telco Rack 19-inch rack with
network cables
Turn particular port range on or off
Link bandwidth and duplex settings
Priority settings for ports
IP Management by IP Clustering.
MAC filtering and other types of "port security"
features which prevent MAC flooding
Use of Spanning Tree Protocol
SNMP monitoring of device and link health
Port mirroring (also known as: port monitoring, spanning
port, SPAN port, roving analysis port or link mode port)
Link aggregation (also known as bonding, trunking or teaming)
allows the use of multiple ports for the same connection achieving higher data
transfer rates
VLAN settings. Creating VLANs can serve security and
performance goals by reducing the size of the broadcast domain.
802.1X network access control
IGMP snooping
Traffic monitoring on a switched network[edit source]
Unless port mirroring or other methods such as RMON, SMON or
sFlow are implemented in a switch,[15] it is difficult to monitor traffic that
is bridged using a switch because only the sending and receiving ports can see
the traffic. These monitoring features are rarely present on consumer-grade
switches.
Two popular methods that are specifically designed to allow a
network analyst to monitor traffic are:
Port mirroring — the switch sends a copy of network packets
to a monitoring network connection.
SMON — "Switch Monitoring" is described by RFC 2613
and is a protocol for controlling facilities such as port mirroring.
Another method to monitor may be to connect a layer-1 hub
between the monitored device and its switch port. This will induce minor delay,
but will provide multiple interfaces that can be used to monitor the individual
switch port.
0 comments: