Network switch

From Wikipedia, the free encyclopedia

Jump to: navigation, search

A network switch is a computer networking device that connects network segments.

Linksys 8 port consumer-grade switch.
Linksys 8 port consumer-grade switch.
Linksys 48 port switch.
Linksys 48 port switch.

Low-end network switches appear nearly identical to network hubs, but a switch contains more "intelligence" (and a slightly higher price tag) than a network hub. Network switches are capable of inspecting data packets as they are received, determining the source and destination device of that packet, and forwarding it appropriately. By delivering each message only to the connected device it was intended for, a network switch conserves network bandwidth and offers generally better performance than a hub.

In the past, it was faster to use layer 2 techniques to switch, when only MAC addresses could be looked up in content addressable memory (CAM). With the advent of ternary CAM (TCAM), it was equally fast to look up an IP address or a MAC address. TCAM is expensive, but very appropriate for enterprise switches that use default routes plus a moderate number of other routes. For routers that need a full Internet routing table, TCAM may not be cost-effective.

Contents

[edit] Function

As with hubs, Ethernet implementations of network switches are the most common. Mainstream Ethernet network switches support either 10/100 Mbit/s or 10/100/1000 Mbit/s ports Ethernet standards. Large switches may have 10 Gbit/s ports.

The network switch, packet switch (or just switch) plays an integral part in most Ethernet local area networks or LANs. Mid-to-large sized LANs contain a number of linked managed switches. Small Office, Home Office (SOHO) applications typically use a single switch, or an all-purpose converged device such as gateway access to small office/home office broadband services such as DSL router or cable, WiFi Router. In most of these cases, the end user device contains a router and components that interface to the particular physical broadband technology, as in the Linksys 8 port and 48 port devices. User devices may also include a telephone interface to VoIP.

[edit] Role of Switches in Networks

Network switch is a marketing term rather than a technical one. Switches may operate at one or more OSI layers, including physical, data link, network, or transport (i.e., end-to-end). A device that operates simultaneously at more than one of these layers is called a multilayer switch, although use of the term is diminishing.

In switches intended for commercial use, built-in or modular interfaces makes it possible to connect different types of networks, for example Ethernet, Fibre Channel, ATM, and 802.11. This connectivity can be at any of the layers mentioned. While layer 2 functionality is adequate for speed-shifting within one technology, interconnecting technologies such as Ethernet and token ring are easier at layer 3.

Again, "switch" is principally a marketing term; interconnection of different layer 3 networks is done by routers. If there are any features that characterize "layer 3 switches" as opposed to general-purpose routers, it tends to be that they are optimized, in larger switches, for high-density Ethernet connectivity.

In some service provider and other environments where there is a need for much analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall[1] [2], network intrusion detection[3], and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules[4].

In other cases, the switch is used to create a "mirror" image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, Ethernet hubs can be useful for fanning out data to several read-only analyzers. This is especially popular when using open-source network analysis tools running over Linux, such as the Snort [5] intrusion detection system and the Wireshark (formerly ethereal) protocol analyzer [6]

[edit] Layer-specific functionality

A modular network switch with 3 network modules (a total of 24 Ethernet and 14 Fast Ethernet ports) and one power supply.
A modular network switch with 3 network modules (a total of 24 Ethernet and 14 Fast Ethernet ports) and one power supply.

While switches may learn about topologies at many layers, and forward at one or more layers, they do tend to have common features. Other than for computer-room very high performance applications, modern commercial switches use primarily Ethernet interfaces, which can have different input and output speeds of 10, 100, 1000 or 10000 megabits per second. Switch ports almost always default to full-duplex operation, unless there is a requirement for interoperability with devices that are strictly half duplex. Half-duplex means that the device can only send or receive at any given time, whereas full-duplex can send and receive at the same time.

At any layer, a modern switch may implement Power over Ethernet (PoE), which avoids the need for attached devices, such as an IP telephone or Wireless Access Point, to need a separate power supply. Since switches can have redundant power circuits connected to uninterruptible power supplies, the connected device can continue operating even when regular office power fails.

[edit] Layer 1 Hubs versus Higher Layer Switches

An Ethernet hub, or repeater, is a fairly unsophisticated broadcast device, and rapidly becoming obsolete. Hubs do not manage any of the traffic that comes through them. Any packet entering a port is broadcast out or "repeated" on every other port, save the port of entry. Since every packet is repeated on every other port, packet collisions result--which slows down the network.

Hubs have actually become hard to find, due to the widespread use of switches. There are specialized applications where a hub can be useful, such as copying traffic to multiple network sensors. There is no longer any significant price difference between a hub and a low-end switch.

[edit] Layer 2

A single LAN switch, operating at the MAC sublayer of the data link layer, may interconnect a small number of devices in a home or office. This is a trivial case of bridging, in which the switch learns the MAC address of each connected device. Compared to shared-medium LANs, a switch using microsegmentation prevents collisions on an Ethernet, and can provide effectively simultaneous paths among multiple devices. Single switches also can provide extremely high performance in specialized applications such as storage area networks

Switches may also interconnect using a spanning-tree protocol that allows the best path to be found within the constraint that it is a tree. In contrast to routers, bridges only can have topologies with one active path between two points. The older IEEE 802.1d spanning tree protocol could be quite slow, with forwarding stopping for 30-90 seconds while the spanning tree reconverged. A Rapid Spanning Tree Protocol was introduced as IEEE 802.1w, but the newest edition of IEEE 802.1d-2004, adopts the 802.1w extensions as the base standard.

Once a layer 2 switch learns the topology through a spanning tree protocol, it forwards data link layer frames using some variant of bridging. There are four forwarding methods a Layer 2 switch can use:

  • Store and forward - The switch buffers and, typically, performs a checksum on each frame before forwarding it on.
  • Cut through - The switch only reads up to the frame's hardware address before starting to forward it. There is no error checking with this method.
  • Fragment free - A method which attempts to retain the benefits of both "Store and Forward" and "Cut-through". Fragment Free checks the first 64 bytes of the frame, where addressing information is stored. This way the frame will always reach its intended destination. Error checking of the actual data in the packet is left for the end device in Layer 3 or Layer 4 (OSI), typically a router.
  • Adaptive switching - A method of automatically switching between the other three modes.

Note that "cut through" switches have to fall back to "store and forward" if the outgoing port is busy at the time the packet arrives.

Note that these forwarding methods are not controlled by the user and are configured only by the switch itself.

[edit] Layer 3

Router is a marketing term for a layer 3 switch, typically a router optimized for Ethernet interfaces. Like other switches, it connects devices to single ports for microsegmentation. The ports normally operate in full duplex.

Switches, even primarily layer 2 switches, can be aware of layer 3 multicast and increase efficiency by delivering the traffic of a multicast group only to ports where the attached device has signaled that it wants to listen to that group. In a switch not aware of multicasting and broadcasting, frames are also forwarded on all ports of each broadcast domain, but in the case of IP multicast this causes inefficient use of bandwidth. To work around this problem some switches implement IGMP snooping.[7]

[edit] Layer 4

While the exact meaning of the term layer 4 switch is vendor dependent, it almost always starts with a capability for network address translation, but then adds some type of load distribution based on TCP sessions [8].

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security gateway.

[edit] Layer 7

As with the other types of switches, layer 7 is a marketing term. They may distribute loads based on Web URL or by some installation-specific technique to recognize application-level transactions. A layer 7 switch may include a web cache and participate in a content delivery network [9].

[edit] Types of switches

[edit] Form factor

A rack-mounted switch with network cables
A rack-mounted switch with network cables

[edit] Configuration options

  • Unmanaged switches — These switches have no configuration interface or options. They are typically found in SOHO or home environments.
  • Managed switches — These are ones which allow access to one or more interfaces for the purpose of configuration or management of features such as Spanning Tree Protocol, Port Speed, VLANS, etc. High-end or "enterprise" switches, provide a serial console and command-line access via telnet and ssh, as well as management via SNMP. More recent devices also provide a web interface. Limited functions, such as a complete reset by pushing buttons on the switch are usually also provided. Managed switches are found in medium/large "enterprise" networks and though more expensive are of higher quality (e.g. with a backplane with higher transfer speeds). The task of managing usually requires understanding of Layer 2 networks (e.g. Ethernet).
    • Smart (or intelligent) switches — These are managed switches with a limited set of features. Likewise "web-managed" switches are switches which fall in a market niche between unmanaged and managed. For a price much lower than a fully managed switch they provide a web interface, (and usually no CLI access) and allow configuration of basic settings, such as VLANs, port-speed and duplex.[10]
    • Web-managed switches — Similar in functionality to a Smart switch. A Web-managed switch is configured through a browser instead of via a desktop utility.

[edit] Traffic Monitoring on a Switched Network

Unless port mirroring or other methods such as RMON[11] or SMON are implemented in a switch, is difficult to monitor traffic that is bridged using a switch, because all ports are isolated until one transmits data, and even then only the sending and receiving ports can see the traffic. These monitoring features rarely are present on consumer-grade switches.

Two popular methods that are specifically designed to allow a network analyst to monitor traffic are:

  • Port mirroring - the switch sends a copy of network packets to a monitoring network connection.
  • SMON - "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Another method to monitor may be to connect a layer 1 hub between the monitored device and its switch port. This will induce minor delay, but will provide multiple interfaces that can be used to monitor the individual switch port.

[edit] Typical Switch management features

(In order of basic to advanced):

Link aggregation allows you to use multiple ports for the same connection achieving higher data transfer speeds. Creating VLANs can serve security and performance goals by reducing the size of the Broadcast domain.

[edit] See also

[edit] External links

[edit] References

  1. ^ Cisco Catalyst 6500 Series Firewall Services Module,Cisco Systems,2007
  2. ^ Switch 8800 Firewall Module,3Com Corporation, 2006
  3. ^ Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module,Cisco Systems,2007
  4. ^ Getting Started with Check Point FireWall-1,Checkpoint Software Technologies Ltd., n.d.
  5. ^ Snort.org home page
  6. ^ Tethereal discussion,Freshports.org
  7. ^ Morten Jagd Christensen et.al IGMP Snooping
  8. ^ The Ins and Outs of Layer 4+ Switching,NANOG 15, S. Sathaye,January 1999
  9. ^ How worried is too worried? Plus, a Global Crossing Story.,NANOG mailing list archives, S. Gibbard,October 2001
  10. ^ Tech specs for a sample HP "web-managed" switch
  11. ^ Remote Network Monitoring Management Information Base,RFC 2819, S. Waldbusser,May 2000
Retrieved from "http://en.wikipedia.org/wiki/Network_switch"
Personal tools