Give me LAN! or Ethernet is not as scary as its specifications…. Local computing system switch

Average Organization LAN divided by active And passive equipment, as well as computers (and other terminal devices) of users. Active LAN equipment includes:

• network switches (hubs, switches)
• routers
• network cards for servers and personal computers
• WiFi hotspots
• routers (a device with the functionality of all the devices listed above)

Let's consider one of the components of active LAN equipment - switching equipment.

The task of designing a new or upgrading an existing local enterprise network is an important issue and requires a serious approach and an in-depth study of the details of the operation of the entire system.

Let's consider the main points on choosing switches to solve problems LAN networks enterprises. A switch (also known as a hub, also known as a switch) is a network device that connects several computers into a local area network (LAN). It is necessary to have a good understanding of the operating logic and select sets of parameters and functions that provide necessary and additional services to users, and also simplify LAN administration.

Organization of active LAN equipment

The upper level of switching is represented by network core switches - Core layer- high-performance devices with ultra-high data transfer rates up to 40Gb, as a rule, are used to exchange data between servers.

The middle level of the LAN is represented by aggregation switches - Distribution (Agregation) layer- provide network settings in terms of security policies, QoS, VLAN routing, broadcast domains.

And the lower level - workgroup switches or access (user) switches - Access layer- connecting end PCs, laptops and other users, marking QoS traffic, powering PoE devices.

Choosing the right switches will ensure reliable and correct work the entire organization. What points should you pay attention to when choosing a switch? Study carefully specifications and designations in the description specified by the manufacturer.

Functional characteristics of switches

The network designer's task is to find golden mean and for maximum functions and high reliability, pay an adequate price.

Main functions of switches:

• Basic data rate
• Number of ports.
• The nature of the work of users connected to it.
• Internal bandwidth.
• Auto-detection of MDI/MDI-X cable type.
• Availability of Uplink port.
• Stacking.
• Rack-mountable.
• Number of expansion slots
• Jumbo Frame - Power over Ethernet (PoE)
• MAC address table size.
• Flow Control
• Built-in lightning protection.

Enterprise LAN Router

Router - provides access to information flows between branch parts of the enterprise LAN and the Internet. At the L3 OSI network layer, processing of packet routes in the network is entrusted to routing aggregation switches (L3 switches). The second type of router is edge devices - their task is to build packet routes based on recipient and sender addresses and analyze packet routes by monitoring the load on data lines. Border routers provide protection against unauthorized access and network segments against broadcast DDOS attacks.

Enterprise LAN requirements

• speed is the most important characteristic of a local network;
• adaptability - the ability of a LAN to expand and install workstations where it is required;
• reliability - the property of a LAN to maintain full or partial operability, regardless of the failure of the final equipment or some nodes;
• productivity and efficiency;
• scalability - the ability to easily deploy any IP systems (for example, video surveillance over the current network);
• ease of management and operation;
• fault tolerance, flexibility for configuration and self-tuning during recovery;
• warranty service (maybe for the entire life of the endOFlife product - on average 5-7 years).

For uninterrupted efficient work A LAN whose switches require power consumption must provide guaranteed power and emergency power in accordance with the governing documents of your industry.

The AESTEL company presents only the best devices and solutions to its partners. Our specialists will help you decide on their choice, and if necessary, we will design the network topology of your enterprise, which will take into account all the requirements for data flows (load, speed, data transmission medium: optical-copper, as well as existing equipment) and wishes.

Calculation examples various options and LAN topologies, see the section.

Organization of passive LAN equipment

Passive network hardware – this is equipment that does not require electricity consumption and

without introducing changes to the signal at the information level. The main function of passive equipment is to ensure signal transmission - these are sockets, connectors, patch panels, cable, patch cords, cable ducts, as well as mounting cabinets, racks and telecommunication cabinets. All this equipment is called structured cabling systems (SCS) - has a clear hierarchy in structure, certification of international standardization systems and, accordingly, in types of use, depending on the requirements for objects and the quality of data transmission.

Building a corporate LAN: choosing Cisco access switches

Cisco offers a comprehensive portfolio of switching solutions for enterprise networks, data centers, and small businesses. These solutions are optimized for a wide range of industries, including telecom operators, financial institutions and the public sector. The variety of devices can sometimes make it difficult for a customer to choose exactly the device model that best suits their technical and business needs. In this article, we would like to help in this choice, covering only the access layer of the hierarchical model for constructing local area networks (LANs).

Traditional workplace(data and voice)

So, if your network infrastructure at the moment or in the planned future will be limited only to the transfer of information and voice data (data and voice traffic), then Cisco Catalyst 2960 devices are quite suitable for you (Fig. 1)

Fig.1. The lineup Cisco Catalyst 2960

At the same time, if speeds on access ports of 100 Mbit/s and uplink ports of 1 Gbit/s are sufficient for you, then the 2960-Plus series switches are quite suitable for you. They have basic L2 functionality, up to 48 access ports, support for IEEE 802.3af PoE (15.4 Watt) on access ports and combined (copper or optical) trunk ports. However, if user connection aggregation points require a large number of connections (over 48), from the point of view of simplifying configuration and device support, as well as to ensure fault tolerance, it is advisable to use stackable models of the 2960-SF series. In addition to stacking up to 4 devices into a single switching element, the 2960-SF switches offer more advanced L2 functionality and can provide IEEE 802.3at PoE (PoE+, 30 Watt) on access ports.

If you are planning to build a LAN with high-speed backbone channels of 10 Gbit/s and access ports of 1 Gbit/s (according to the recommended Cisco design for organizations corporate level), then you should consider the 2960-X series as a basic access switch. These models are characterized by high performance and L2 functionality, the ability to stack up to 8 devices in a stack, support for PoE/PoE+, a unique set of power saving features and functionality for collecting statistics on existing data flows.

Many corporate customers choose routed access (L3) as an alternative to dial-up access (L2), which, when choosing switches, imposes the requirement to support L3 level protocols and services. Such devices are the 2960-XR series switches. In addition, this platform has the ability to provide power redundancy through the use of two internal power supplies, unlike the 2960-Plus, 2960-SF and 2960-X models, which with a Lan Base license provide this functionality by connecting to external system backup power supply (RPS 2300).

Unified workplace (data, voice, video, BYOD, mobility)

However, if you want to keep up with latest trends inherent in today's corporate infrastructure, then you should turn your attention to switches recommended by Cisco specifically for building a unified workstation (Unified Workspace) (Fig. 2).

Fig.2. Model range Cisco Catalyst 3560-X, 3750-X, 3650, 3850, 4500-E.

Among these trends, I would like to note 3 main ones: video, BYOD (Bring your own device, bring your own device to the corporate network) and mobility.

The increasing share of video traffic is pushing companies to build LANs on faster channels (10 Gbit/s). For efficient and uninterrupted operation of the network infrastructure at such speeds, it becomes important to ensure high fault tolerance and a flexible system for providing appropriate quality of service to different services (QoS). These tasks are successfully implemented due to the correct architecture and functionality: high-speed and non-blocking switching matrix, fast switch stacking technology (64 Gbit/s - 3750-X, 160 Gbit/s - 3650, 480 Gbit/s - 3850), power redundancy due to 2 power supply units, technology for providing a public power pool for a group of switches (3750-X, 3850 - StackPower), various traffic routing functionality and ensuring minimal network convergence time (Flexlink, Cross-Stack EtherChannel), as well as extensive QoS functionality.

BYOD is a solution for creating optimal conditions work for users of various devices anytime and anywhere. It's clear that consumer wearable devices are a cost-effective and attractive way to improve productivity, but many organizations are afraid to connect them to corporate network, fearing problems with the security of corporate data and applications. However, the advanced security functionality of the Catalyst 3650-X/3750-X, 3650, 3850, 4500-E switches (ACL, Port Security, DAI, Source Guard, DHCP Snooping, 802.1X, etc.) and integration with centralized systems identification and access authorization (Cisco ISE) allows you to ensure security both in terms of access to the network and for the device itself. In addition to basic technologies Cisco security equipment, having unique functionality, allows you to ensure the confidentiality of data on a LAN through encryption (MACsec - IEEE 802.1AE) at the link (L2) level, both on user ports (user-switch) and on trunk ports (switch-switch ) (3650-X/3750-X, 4500-E, 3650/3850 - in future software versions), and also organize secure access based on access lists based on Secure Group Access List (SGACL) labels (3650-X/3750-X, 4500-E, 3650/3850 - in future software versions).

To ensure that employees who use their personal devices (smartphones, tablet computers etc.), solve business problems as efficiently as possible; they need to ensure maximum mobility, that is, not only provide wired communication anywhere, but also wireless connectivity to all corporate resources. Based on the Cisco Catalyst 3850 platform, you can provide mobile unified access for your employees through the built-in switch and wireless controller(based on 4500-E with Sup8-E processor - in future software versions).

Another unique feature of Cisco switches is the ability to provide 60 Watts of power at the access port (Universal Power Over Ethernet - UPOE). This functionality already allows you to connect personal systems Telepresence, VDI clients, access control devices and other various user devices that require power consumption in excess of 30 Watts without the use of separate power cables (3650-X/3750-X, 4500-E, 3850, 3650 - in the future).

GENNADY KARPOV

Everyone should know this

or Four Basic Principles

selecting a LAN switch

If you are planning to install a new local area network (LAN) or upgrade an old one, then you need to decide on the network technology and select the type of backbone future network, present the principle of constructing a server subsystem and select a manufacturer of network equipment.

Selecting the type of network technology

Even 5-6 years ago, this issue was very acute and could become fateful for the person making a decision on this issue. There were competing solutions: Ethernet, 100VG-AnyLAN, Token Ring, FDDI, ATM. In periodicals, supporters different technologies“broke spears”, proving the advantages of certain solutions. Today, life has put everything in its place: only Ethernet remains as the main network technology within the LAN. 100VG-AnyLAN has ceased to exist, Token Ring is being decommissioned everywhere. FDDI and ATM within a LAN are used as special means and are not typical network technologies. Now, when choosing a network technology, the question is different: which implementation of Ethernet equipment to choose: based on hubs or switches, or even more “subtle”: use traditional switches or connection-oriented switches. However, despite the narrowing of choice in network technologies, the capabilities of 100VG-AnyLAN and Token Ring will also be analyzed further. You need to know your history, because it always repeats itself.

To solve the problem of high latency in a computer network, it is usually enough to install switches instead of hubs, connecting one computer to each port of the latter. At the same time, no changes need to be made to the workstations, and changes to the network infrastructure are minimal. You just need to keep in mind that today the performance of even a dial-up Ethernet connection 10Base-T or Token Ring (16 Mbit/s) is not enough for many applications and is many times inferior to the capabilities of 100 Megabit channels available in FDDI, 100BaseT, 100VG-AnyLAN networks, ATM.

The transition to higher speed technologies will require inclusion in the network more changes than installing a switch. In this case, you will need not only to replace the hub, but also to install new adapters and drivers for them in each computer, it is possible to replace connectors, cables, topological restrictions, and this will lead to the need to re-arrange the cable, install intermediate converters (converters) and a whole series of similar problems.

You can approach LAN modernization gradually, spreading out the process of upgrading workstations over time. To do this, you need to use Ethernet 10/100Base-TX technology. In this case, workgroup switches and servers are first connected to the high-speed highways to transmit the main traffic, i.e. devices that require high speed, low latency or large volumes of information transfer. The transfer of workstations to high-speed channels is carried out as necessary.

It is very convenient to use two-speed adapters, because... Automatic speed detection mode allows the use of such adapters in both old and new parts of the network, provides value for money, and simplifies network configuration and support. The price difference between high-speed (100Base-TX) and universal adapters (10/100) is insignificant (usually it simply doesn’t exist), and for switches it rarely exceeds 10%, which, taking into account the costs of setting up and supporting the network, provides significant savings.

Conclusion No. 1

Currently, it is inappropriate to create a LAN using low-speed technologies and then transfer them to high-speed ones. In general, such a project turns out to be almost twice as expensive. It is much more expedient to use equipment that allows the use of channels with different capacities within the same chassis.

Selecting a network backbone

The need to increase the capacity of trunk channels is mainly related to two clearly visible trends in the architecture of local computer networks: the rapid increase in the productivity of workstations and the centralization of data, up to the creation of specialized premises - server rooms or centers.

The increase in the productivity of computer equipment (primarily disk subsystems, and not the clock frequency of the CPU of a personal computer) in the workplace leads to the fact that the channel for information entering a computer or server begins to become a bottleneck of the network complex. This is simply the result of the inevitability of technological progress and it is useless to fight this trend.

The removal of local servers from workgroups and data centralization is a technological aspect of the problem that affects the choice of the type of network backbone. Centralizing data significantly reduces management and support costs and increases the reliability of the network as a whole, but at the same time it leads to an increase in traffic between workgroups.

The most developed technologies for building trunk channels are FDDI and ATM. They, after all, were developed specifically for this sector of the network market. Fast Ethernet and Gigabit Ethernet used for these purposes historically, but 100VG-AnyLAN is not suitable for this at all. Before the advent of inexpensive routers with 10/100Base-TX ports, Ethernet was poorly suited for building geographically distributed backbones, but today it is a widely used solution in practice. Based on performance considerations, it is most advisable to use Gigabit Ethernet or ATM, and if for reliability reasons, FDDI is the most appropriate. However, all these technologies are not cheap, especially their implementation on a single mode optical cable, and in addition, when designing a building-scale LAN, it is very often possible to organize a backbone on the backbone of a central modular switch - to build a collapse backbone. In this case, the performance of the backbone will be higher and more reliable than options based on either Gigabit Ethernet or ATM technologies, as well as FDDI.

Understanding the main advantages of a particular network technology and its purpose in the computer network industry provides the opportunity the right choice solutions. For ease of perception, a summary of the main network technologies shown in Table 1.

Conclusion No. 2

It is advisable, if conditions allow, to use a collapsed highway as the fastest and most reliable option for constructing trunk connections.

Table 1. Comparison of high-speed technologies

How to create a productive server subsystem

Servers usually require a more powerful network interface compared to workstations, since they are designed to simultaneously serve a large number of network users. If the server performance is not enough, the network will not be able to function properly. If the server's performance exceeds the network's capabilities, the server will be idle some of the time. In this case, additional functions can be assigned to it.

Recently, there has been a clear increase in the number of network servers as specific network software products compared to a set of hardware platforms for their implementation. This includes traditional file services, printing, working with databases, e-mail, security software systems, etc., etc. As a result, the growth in performance requirements for communication channels serving servers often outstrips communication capabilities networks.

Conclusion No. 3

It is advisable to increase the number of servers in the network. It is not practical to install specific software products on one server. Servers must be connected to the hub using the fastest technologies. Server disk subsystems must be the most productive on the network. You cannot save on the amount of RAM for servers.

Auto-sensing switches

One of the main issues when upgrading a LAN is the simplicity and reliability of combining the introduced high-speed switches with the previously used low-speed switches. It is important to understand that the customer expects a significant increase in the performance of their network when switching to high-speed technologies immediately after replacing the root switch.

However, as a rule, when choosing a switch, they are guided mainly by financial considerations and for some reason do not take into account the features of two-speed networks: the presence of packets with at different speeds requires their buffering in switches. As a result, switch memory begins to play a critical role in ensuring the health of the network. And this is even in unloaded networks. For efficient and reliable non-blocking switching, the buffer size must be large enough.

Switches of the 10Base-T standard, equipped with 100 Megabit Up-link, do not provide the buffering required when connecting different-speed ports. They only allow you to connect LAN segments built at different speeds. It is very difficult to build a performance-balanced system based on such switches. This feature of switches must be remembered even when designing a high-speed network from scratch, because even in this case, very often it is necessary to use low-speed devices of the 10Base-T-print server class.

About how serious the volume is buffer memory affects the performance of the switch used, and therefore the performance of the LAN, can be gleaned from Table 2 below, showing the most popular switches at the end of the 1990s - the beginning of 2000 (and the comparison is given for switches of the same class).

Table 2. Comparative performance assessment of mid-class (workgroup class) switches

Conclusion No. 4

If we are not talking about a simple office network, it is necessary to use switches whose design includes the ability to operate at different speeds, as well as having large amounts of RAM for organizing internal buffers.

And finally, something that almost everyone always forgets

When everything has already been thought out, ordered and put into operation, it often turns out that the customer is not satisfied with the network performance. This usually happens in two types of networks:

1. A network of several machines assembled on one switch.
2. A large branched network with a centralized server subsystem assembled on one switch.

In the first case, the network usually includes one server. In this situation, indeed, replacing a hub with a switch provides virtually no gain in network performance for the reason that all clients are still connected to one connection - one network card port on the server, which in this case acts as a “bottleneck”. In such a topology, there is no separation of information flows. If in such networks there is no traffic between computers, as in a regular peer-to-peer network, then the use of a switch is not justified from a technical point of view.

In the second case, the customer often observes a completely different situation: the central switch clearly cannot cope with the flow of information, because Before the upgrade (usually in this case, local servers were dispersed among workgroups), applications on client machines ran faster. The reason for this is the circuit design of the switch. Typically a workgroup switch has one central processing unit. In this case, it is able to connect only 2 ports with each other at any given time; if the number of processors is 2, then 2 or 4 ports, etc. Well, in the limit (for a 24-port switch), if the number processors is 24, then the switch is able to simultaneously support a 12 to 12 connection. Unfortunately, information about the number of central processing units in specific switch implementations is very difficult to find. It is impossible to accurately calculate their number using characteristics such as Switch Bandwidth or Bus Capacity, but in principle it is possible to estimate. On the other hand, this task is practically unrelated to specific models specific manufacturers. Each manufacturer positions its equipment for a specific segment of the LAN market. The number of processors and the volume of the buffer are those characteristics that precisely determine the tactical and technical data of the equipment it produces, the segment of the potential market for which it (the manufacturer) can lay claim.

Main conclusion

Entrust the modernization of your network to professionals or spare no expense in training your own specialists, let them experiment better laboratory work at the training center, not with your money.

When the first devices appeared that made it possible to separate a network into several collision domains, they had two ports and were called bridges. As this type of equipment developed, they became multiport and were called switches. For some time, both concepts existed simultaneously, and later, instead of the term “bridge”, “switch” began to be used.

Typically, when designing a network, switches are used to connect several local network collision domains to each other. IN real life As a rule, collision domains are the floors of the building in which the network is created. There are usually more than 2 of them, and as a result, much more efficient traffic management is provided than that of the switch’s ancestor, the bridge. At the very least, it can support redundant connections between network nodes.

Due to the fact that switches can manage traffic based on the data link layer protocol (Layer 2) of the OSI model, it is able to control the MAC addresses of devices connected to it and even provide translation of packets from standard to standard (for example, Ethernet to FDDI and vice versa). The results of this feature are especially well presented in Layer 3 switches, i.e. devices whose capabilities approach those of routers.

A switch allows packets to be forwarded between multiple network segments. It is a learning device and operates using similar technology. Unlike bridges, a series of switches do not buffer all incoming packets. This only happens when transmission rates need to be negotiated, or the destination address is not contained in the address table, or when the port to which the packet should be sent is busy and switches packets on the fly. The switch only analyzes the destination address in the packet header and, after checking the address table, immediately (latency time about 30-40 microseconds) forwards this packet to the appropriate port. Thus, when the packet has not yet completely passed through the input port, its header is already transmitted through the output port. Unfortunately, typical switches operate on an "address aging" algorithm. This means that if after a certain period of time there have been no calls to this address, then it is removed from the address table.

Switches support full duplex mode when connecting to each other. In this mode, data is transmitted and received simultaneously, which is impossible in regular networks Ethenet. At the same time, the data transfer speed is doubled, and when connecting several switches, higher peak performance can be achieved.

The SmartSwutch series switches from Cabletron Systems stand somewhat apart. This series of switches supports SNS technology, which was previously called SFS. One of its features is that the switches that make up the network store a table of addresses “eternally” and exchange them with each other, and can upload them to a special server. This allows not only to reduce the time it takes for a packet to travel through the network, but also to solve a number of specific problems, especially those related to security.

Hub – HUB

Hub or hub– multiport network repeater with auto-segmentation. All hub ports are equal. Having received a signal from one of the stations connected to it, the hub broadcasts it to all its active ports. In this case, if a fault is detected on any of the ports, then this port is automatically disabled (segmented), and after it is eliminated, it becomes active again. Collision processing and ongoing monitoring of the state of communication channels is usually carried out by the concentrator itself. Hubs can be used as standalone devices or connected to each other, thereby increasing the size of the network and creating more complex topologies. In addition, it is possible to connect them with a backbone cable into a bus topology. Auto-segmentation is necessary to improve network reliability. After all, the Hub, which forces the use of a star cable topology in practice, is within the framework of the IEEE 802.3 standard and is thus required to provide a MONO CHANNEL connection.

Purpose of hubs– combining individual workstations into a work group within a local network. A working group is characterized by the following characteristics: a certain territorial concentration; a team of working group users solves similar problems, uses the same type software and general information bases; within the working group there are common requirements for ensuring safety and reliability, the same impact occurs external sources disturbances (climatic, electromagnetic, etc.); high-performance peripherals are shared; usually maintain their own local servers, often geographically located on the territory of the work group.

Router

Hubs that organize a work group, bridges that connect two network segments and localize traffic within each of them, as well as switches that allow you to connect several segments of a local area network - these are all devices designed to work in IEEE 802.3 networks or Ethernet. However, there is a special type of equipment called routers, which are used in networks with complex configurations to connect its sections to different network protocols(including for access to global (WAN) networks), as well as for more efficient traffic division and the use of alternative paths between network nodes. The main purpose of using routers is to combine heterogeneous networks and serve alternative paths.

Different types of routers differ in the number and types of their ports, which actually determines where they are used. Routers, for example, can be used in an Ethernet local network to effectively manage traffic in the presence of a large number of network segments, to connect an Ethernet type network with other types of networks, for example, Token Ring, FDDI, as well as to provide local networks with access to the global network.

Routers not only communicate between different types of networks and provide access to the global network, but they can also manage traffic based on the network layer protocol (the third in the OSI model), that is, at a higher level compared to switches. The need for such management arises when the network topology becomes more complex and the number of its nodes grows, if redundant paths appear in the network (with the support of the IEEE 802.1 Spanning Tie protocol), when it is necessary to solve the problem of the most efficient and fast delivery of a sent packet to its destination. At the same time, there are two main algorithms for determining the most advantageous path and method of data delivery: RIP and OSPF. When using the RIP routing protocol, the main criterion for choosing the most efficient path is the minimum number of “hops”, i.e. network devices between nodes. This protocol minimally loads the router processor and greatly simplifies the configuration process, but it does not efficiently manage traffic. When using OSPF, the best path is selected not only from the point of view of minimizing the number of hops, but also taking into account other criteria: network performance, packet transmission delay, etc. .d. Large networks, sensitive to traffic congestion and based on complex routing equipment, require the use of the OSPF protocol. Implementation of this protocol is only possible on routers with a sufficiently powerful processor, because its implementation requires significant processing costs.

Routing in networks is usually carried out using five popular network protocols - TCP/IP, Novell IPX, AppleTalk II, DECnet Phase IV and Xenox XNS. If the router comes across a packet of an unknown format, it begins to work with it as a learning bridge. In addition, a router provides a higher level of traffic localization than a bridge, providing the ability to filter broadcast packets, as well as packets with unknown destination addresses, because it can process the network address.

Modern routers have the following properties:

support Layer 3 switching, Layer 3 high-speed routing and Layer 4 switching;

support Hi-tech data communications such as Fast Ethernet, Gigabit Ethernet and ATM;

support ATM technologies using speeds up to 622 Mbit/s;

support simultaneously different types of cable connections (copper, optical and their varieties);

support WAN connections including support for PPP, Frame Relay, HSSI, SONET, etc.;

support Layer 4 Switching technology, which uses not only information about the sender and recipient addresses, but also information about the types of applications that network users work with;

provide the ability to use the Quality of Service (QoS) mechanism, which allows you to assign priorities to certain resources in the network and ensure the transmission of traffic in accordance with the priority scheme;

allow you to control the bandwidth for each type of traffic;

support basic routing protocols, such as IP RIP1, IP RIP2, OSPF, BGP-4, IPX RIP/SAP, as well as IGMP, DVMPR, PIM-DM, PIM-SM, RSVP protocols;

support multiple IP networks simultaneously;

support the SNMP, RMON and RMON 2 protocols, which makes it possible to manage the operation of devices, their configuration from the network management station, as well as collect and subsequently analyze statistics about both the operation of the device as a whole and its interface modules;

support both unicast and multicast traffic;

Today, the most “advanced” routers can be considered a series of equipment SmartSwitchRouter companies Cabletron Systems.

The topic of this review is devices designed for building a LAN large organizations. It's about First of all, about the new products on this market. Initially, switches were used in LANs to improve the performance of the latter, since they provided better performance compared to hubs and “coaxial”, which is familiar to specialists (10Base2). However, over time, switches began to be relied upon more and more complex tasks. The motto of modern LANs is to use switching wherever possible; routing - only when necessary. The time of servers with multiple network cards for routing between network segments is irrevocably a thing of the past. Classic switches operate at the second (link) level of the OSI model. They solve the following main tasks: buffering incoming traffic, building a table of physical (MAC) addresses of stations connected to their ports, issuing frames to ports in accordance with the table of MAC addresses

Such switches have high performance because they do not process IP packets, but only forward Ethernet frames from one port to another. They are capable of transmitting data at operating speeds physical interface(wire speed). If this mode is supported simultaneously on all ports, then the device is called non-blocking, since it does not drop frames under maximum load.
Particular attention should be paid to this property, since not every device, even among models of well-known brands, has such capabilities, and traffic on the network tends to steadily increase.
However, non-blocking switches are not able to rid the network of bottlenecks caused by the presence of routers on the LAN (with the exception of WAN access devices). Conventional software routers analyze each incoming IP data packet before determining the packet's destination and forwarding it along a specific path. The problem is that such routers can only process a few hundred thousand packets per second, and modern LANs based on Fast/Gigabit Ethernet require much higher performance.
Layer 3 switches can successfully replace routers that connect LAN segments. Thus, according to Avaya, its Cajun P550 switch, compared to traditional routers, increases the speed of data exchange between LAN segments by 10-100 times.
Thus, Layer 3 switches, as a rule, provide high (compared to traditional routers) routing speed for the IP/IPX protocols, low latency, and also allow the organization of virtual local area networks (VLANs). The following routing protocols are supported: RIP, RIPv2, OSPF (some manufacturers even provide support for BGP - Border Gateway Protocol), as well as multicast protocols - IGMP (Internet Group Management Protocol), PIM (Protocol Independent Multicast) and DVMRP (Distance Vector Multicast Routing Protocol).
Another advantage of Layer 3 switches is the ability to provide guaranteed quality of service (QoS) for various types of traffic (this feature is not possible with Layer 2 switching).
The most advanced Layer 3 switches allow simultaneous filtering of traffic for Layers 2, 3, 4 and even higher, and therefore guaranteed delivery of critical data.
Using Layer 4 features allows you to manage traffic. The advisability of combining the functions implemented at the fourth level with the functions of switching and routing (levels 2 and 3) is due to the fact that from the point of view of preventing congestion in the network, the ability of the system to analyze information from the transport and higher levels may be useful. Such an analysis makes it possible to distinguish between traffic from higher-level protocols: HTTP, FTP, SMTP. Classifying traffic by application and/or user requires moving to even higher levels.
Such switches can, for example, block streaming audio or video traffic (mp3/MPEG4) to ensure timely delivery of mission-critical application packets. A special place among switches upper levels
Leading switch manufacturers, such as 3Com, Cisco Sys-tems, Riverstone Networks (formed after the division of Cabletron Systems), Hewlett-Packard, IBM and Nortel Networks, followed an evolutionary path, adding Gigabit Ethernet ports and switching modules of the 3rd and 4th layers into level 2 switches. At the same time, new companies appeared on the market and immediately began producing Gigabit-Ethernet switches of levels 3-4, but they are still little known in our country.
Gigabit Ethernet Layer 3 switches are designed for use as enterprise backbone switches, as well as for connecting server farms (groups of servers located in the same room and interconnected to run common applications).
Next, we'll look at 48-port Fast Ethernet switches that support a range of Layer 3 and Layer 4 features (Table 1). It is interesting that devices of this class practically do not provide level 3 functions (for reasons of economy).

Indeed, in a 100 Mbps segment consisting of 48 nodes, routing is generally not necessary, but Layer 4 functions can provide the required quality of service for critical application traffic.
The products of this company, which recently experienced a difficult period in its history, now occupy, in our opinion, a strong position in the discussed sector of the Ukrainian market due to the relatively low cost of the devices.
At the end of last year, 3Com introduced a number of new SuperStack 3 4300/4400 series switches, which replaced the 3300 series. The main advantage of the new line is performance. The 4300/4400 series switches are completely non-blocking, which cannot be said about the 3300 - their performance has never been widely advertised by the manufacturer.
Each of these switches provides the ability to aggregate ports to create a single high-speed communication link with another switch or server. Supports virtual local networks based on the IEEE 802.1Q standard and redundant connections based on the “fast” Spanning Tree protocol (IEEE 802.1w), as well as the ability to install additional redundant power supplies.
Let's consider the device's capabilities for switching at the 4th level. Timely delivery of critical traffic is ensured thanks to support for Advanced Class of Service technology, the presence of four queues per port, and support for prioritization on link level(802.1р) and multi-level packet classification capabilities.
3Com Network Supervisor software allows you to configure SuperStack 3 Switch 4400 switches to automatically detect and prioritize critical traffic such as email or SAP software data within your corporate LAN. On the other hand, you can block unwanted traffic, such as streaming audio.
There is a monitoring and control system for SNMP based or Web interface, built-in RMON tools, as well as proprietary 3Com Transcend Network Supervisor software.
The Rapier line of routing switches from Allied Telesyn fits well into this category of devices.
The most interesting, in our opinion, is the Rapier 48i model. This switch has 48 Fast Ethernet ports with auto-sensing speed, as well as two slots for gigabit expansion modules. The switch comes with a full set of gigabit interfaces: 1000Base-SX for multimode fiber, 1000Base-LX for single-mode and a 1000Base-T copper module.
The switch has a built-in 200 MHz RISC processor and 2 MB of buffer memory. All layer 2 and 3 switching functions are performed on the ASIC, which allows for high performance at these levels - 10 million frames per second with a switch bus bandwidth of 19.2 Gbps.
Simple calculations show that the switch is completely non-blocking: maximum performance for 100 Mbps ports is 148,800 fps, and for gigabit ports - 1,488,000 fps. The device supports 8192 MAC addresses and 2048 IP addresses.
The switch provides a wide range of tools to ensure the required quality of service and optimize throughput: 802.1p traffic prioritization (four queues per port), 802.3x flow control, multicast traffic filtering (IGMP and PIM-DM/SM protocols). Up to 255 virtual LANs are supported (which is important for large networks) based on the 802.1Q standard, as well as connection reservation based on the spanning tree protocol (802.1D).
Other features include providing QoS on higher levels: IP TOS field processing, RSVP (Resource Reservation Protocol) support, TCP header analysis, etc. Supported routing protocols: RIP, OSPFv2, BGP4 (optional), VRRP ( Virtual Router Redundancy Protocol) and DVMRP, which optimizes the delivery of multimedia traffic. As additional features IPX and Apple-Talk protocol routing functions are available, as well as a firewall (!).
A distinctive feature of this switch is ample opportunities management: support for RMON, management via console, Telnet, SNMP, as well as via the Web interface. For safe remote control provided SSH server v. 2.0 (SSH - Secure Shall) and RADIUS-based authentication. The throughput of input ports varies from 64 Kbps to physical port speed, gigabit output ports - from 1 Mbps.
We also note the possibility of combining ports (802.3ad) to create high-speed communication channels with servers or the backbone and the port mirroring function: traffic from one port can be redirected to another, which is very convenient in terms of monitoring traffic and connecting various network analyzers.
As always, the proprietary LED port status indication is excellent. It is worth mentioning the possibility of installing an external backup power supply, as well as an internal one at -48 V.
The newly introduced Cisco Catalyst 2950 family of smart Ethernet switches includes all-in-one devices that can be installed in a fault-tolerant stack. Each of them has 24-48 Fast Ethernet ports and two slots for Gigabit Ethernet modules. Maximum performance of these devices is 10 million frames per second.
The switches are capable of performing intelligent functions, such as advanced support for quality of service, traffic classification (based on the following criteria: MAC/IP/TCP/UDP address or port, IP-TOS field, 802.1p tags), rate-limiting, filtering and managing multicast traffic (IGMP).
Cisco recommends using the Catalyst 2950 in combination with the Catalyst 3550 series switches to perform highly efficient routing of IP traffic in mid-sized networks. Cisco Catalyst 3550 Layer 3 Ethernet switches are stackable devices designed for enterprise networks, from 24 to 48 Fast Ethernet ports and two Gigabit Ethernet module slots, or only 10 Gigabit Ethernet ports and two module slots.
Catalyst 3550 with 48 Fast Ethernet ports handles up to 10.1 Mfps; version with 12 Gi-gabit Ethernet ports - 17 million frames/s. These switches, similar to the Cata-lyst 2950, ​​provide advanced support for quality of service, rate-limiting capabilities, support for Cisco RADIUS and 802.1x network access control solutions, multicast traffic management (IGMP), and high-performance routing of IP traffic (protocols RIPv1, RIPv2, OSPF, IGRP, (Interior Gateway Routing Protocol) EIGRP, PIM-SM/DM, DVMRP).
Cisco Catalyst 3550 software, Enhanced Multilayer Image (EMI), allows you to organize hardware unicast and multicast IP routing, inter-VLAN routing, traceable access control lists (RACLs), hot-swap routing (HSRP) in the corporate network - Hot Standby Router Protocol). Cisco Catalyst with Gigabit Ethernet ports comes with EMI preinstalled. Configurations without Gigabit Ethernet can be supplied with or without pre-installed EMI (subsequent installation of this software is possible).
The advanced Cisco Cluster Management Suite (CMS) software built into the Cisco Catalyst 2950 and 3550 series includes a series of configuration wizards that make it easy to implement federated applications and network services.
Enterasys is represented in this review by the recently released Vertical Horizon VH-2402-L3 series device. This is a 24-port 10/100 Mbps switch with two expansion modules; the L3 index indicates the capabilities of third-level switching.
The switch is built on a Toshiba TX3927 processor, has a 16 MB buffer and a MAC address table with 8 thousand entries. The internal bus performance is 9 Gbps, which results in a total performance of 6.6 million 64-byte frames/s. Thus, it is a completely non-blocking switch.
The device has 24 10/100 Mbps ports with automatic detection of speed (100Base-TX or 10Base-T), as well as duplex mode. All ports support IEEE 802.3x flow control and 802.1p traffic prioritization, for which a four-level queue is organized.
Gigabit Ethernet ports are available as additional modules, which can be installed in an open slot on the front panel of the switch. There are 1000Base-LX/SX/T optical ports. Up to four 100 Mbps or two Gigabit ports can be combined into a high-performance duplex trunk for switch-to-switch or server-to-switch connections. The switch supports IEEE 802.1Q VLAN.
IP traffic routing via RIP-1/RIP-2 protocols is supported, as well as IGMP multicast traffic filtering.
Hewlett-Packard's ProCurve line recently expanded with a new series of modular switches, the 4100gl. Let's consider the most interesting device This series is a 48-port modular switch 4148gl 10/100 Mbps.
The switch has two free slots for installing additional 24-port 10/100 Mbps modules, 1000Base-LX/SX/T modules or a stacking module, as well as 100Base-FX modules. The bus bandwidth is 18 Gbit/s, which provides processing of up to 35 million 64-byte frames per second. The “heart” of the switch is a Motorola PowerPC processor with a clock frequency of 200 MHz. The buffer memory capacity is 16 MB for gigabit modules and 512 KB for 10/100 modules, the size of the MAC address table is 8,000 entries.
To limit the transmission of multicast broadcast traffic (for example, video), the multicast protocol - IGMPv2 - is used.
The switch supports various types VLAN - based on ports, MAC addresses, as well as 802.1Q; In addition, authentication of users connected to the switch ports via the RADIUS protocol (IEEE 802.1x standard) is supported. Combining ports according to the 802.3ad standard and Cisco Fast EtherChannel allows you to increase the throughput of trunk communication lines. For reservations network connections uses a recently standardized spanning tree algorithm with fast convergence - IEEE 802.1w. Traffic prioritization is supported at the link level - based on the 802.1p standard. It is possible to control frame flows in duplex mode according to the 802.3x standard.
There are various ways to manage the switch: via SNMP, Web interface, console. In addition, monitoring is supported: four groups RMON, SMON (Switch Monitoring) and CDP (Cisco Discovery Protocol). For remote management, a secure connection via SSH is supported.
High availability of the switch is ensured by redundant power supplies and the ability to hot-swappable modules. Of particular note is the announced support for the new iSCSI protocol for SAN networks, as well as the IP routing capabilities between VLANs promised by the manufacturer, which should appear in the next switch software update.
In April of this year, Nortel Networks introduced a new series of modular stackable switches, the BayStack 470, which replaced the once very popular, but already outdated BayStack 450.
The BayStack 470-48T modular switch has 48 10/100 Mbps ports with auto-sensing speed of connected devices, two slots for installing gigabit interface modules (GBIC), and, unlike the 450 series, a built-in stacking module. You can stack up to 8 devices and thus get up to 384 Fast Ethernet ports.
The device can process up to 3.2 million 64-byte Ethernet frames per second; This is practically the only model in our review that supports up to 16 thousand MAC addresses.
A great feature of the BayStack 470 switches is the way they are stacked. Each stack module has two interfaces, one of which connects to the next device in the stack, and the other to the previous one. The top and bottom switches in the stack also have free ports connected, so that a kind of ring is formed (Fig. 1). This solution allows you to ensure the functionality of the stack even if one of the switches completely fails.
The switch provides extensive options for configuring virtual LANs. Up to 256 VLANs can be created based on ports or MAC addresses, and the 802.1Q standard is also supported. With support for quality of service (QoS) and multicast filtering (IGMP), voice, video and data can be integrated into a single network.
Let's take a closer look at the quality of service mechanisms implemented in BayStack 470. The switch can mark Erthernet frames in accordance with different classes of service depending on following parameters: value of the TOS field of the IP packet; Source/destination IP address or subnet; protocol type (TCP/UDP/IGMP); TCP/UDP address value; Ethernet frame type (IP/IPX); VLAN number. The mapping between the ToS field value of an IP packet and the label of an 802.1p Ethernet frame is performed in hardware based on custom microprocessors (ASICs).
QoS rules are set through a convenient graphical interface, which greatly simplifies this process compared to using the command line mode. You can limit the intensity of incoming traffic according to the QoS type; The trunk ports support the bandwidth management function - traffic shaping.
The developers of this model paid special attention to reliability and safety, taking a number of design measures for this purpose. Each device in the stack stores all the information about the overall configuration of the stack, so that the stack remains operational even if any of the components fail.
MultiLink Trunking technology allows you to connect switches to each other or a server to a stack using several physical lines, which from the point of view of the logical structure of the network represent one connection. For the spanning tree protocol, this is also one logical connection, so if the physical line within the connection is broken, there is no network reconfiguration. Thus, Multi-Link Trunking allows you to organize highly reliable connections between switches and servers with low recovery time (less than a second). To organize one MultiLink Trunking connection, ports of different switches installed in one stack can be used. Therefore, even if one of the switches in the stack fails, the operation of critical network applications will not be disrupted.
To redundant connections and distribute load on the LAN, several copies of the spanning tree protocol (up to 8) are supported. In addition, you can install a redundant power supply with automatic switching in the switch.
The switch supports user authentication using the RADIUS protocol (802.1x standard), as well as the latest, third version of the SNMP protocol, which provides a high level of security.
Bay-Stack 470 switches are managed using the Optivity platform developed by Nortel Networks. The SNMP protocol is used for management, and monitoring and analysis of network traffic is provided by supporting the RMON protocol (4 groups on each port: Alarms, Events, History and Statistics). The device implements Web-based management, which allows the network administrator to obtain information from the switch using an Internet browser.
The undoubted advantages of the device include the presence of 1000Base-XD/ZX optical modules, providing a communication range of up to 40 and 80 km, respectively. But the lack of 1000Base-T modules is a minus; Let's hope they appear in the near future.

Where to stop?

When purchasing a Layer 3-4 switch, first check whether the product you select meets the requirements below or at least, most of them.
The switch must have at least a “gentleman’s set” of functions, standard for devices of this class: auto-detection of port speeds, 802.3x flow control, 802.1p traffic prioritization, 802.1Q virtual LAN support. If many of these opportunities are missing, then there is only one excuse - very low price.
Choose switches that provide the performance you require. A modern switch should support at least several Gigabit Ethernet ports. Find out if the switch is non-blocking at full load on all ports.
IP switching and routing are not the only functions that Layer 3 switches perform. Latest models may also support Novell IPX and AppleTalk protocols. As for Layer 4 capabilities, the switch must at least support IP TOS field analysis, which makes it possible to provide the so-called extended quality of service on the LAN. Protocol support IGMP, PIM and DVMPR will significantly reduce the amount of broadcast traffic on the network when transmitting multimedia data, such as streaming video.
Spanning Tree Protocol (IEEE 802.1D) prevents the occurrence of cyclic routes in the network and makes possible creation redundant network connections. The latest switch models support advanced spanning tree technology with much faster convergence times - 802.1w.
By combining several (usually up to 4) ports (802.3ad, Fast EtherChannel, Gigabit EtherChannel), high-performance backbone channels are created, which allows you to organize connections with a throughput of more than 1 Gbit/s. Another application of this technology is the redundancy of backbone connections and server connections to a LAN. In this case, the data that was transmitted over the failed channel is automatically redirected to other connection channels.
An important factor in ensuring network reliability is the possibility of installing a backup power source. It is available in switches from Nortel Networks, 3Com, and others.
The switch must have a wide range of Gigabit Ethernet interfaces (1000Base-SX/LX/T) for connecting to backbone switches and servers. 1000Base-SX interfaces are designed for use with multimode fiber optic cable; the maximum communication range does not exceed 800 m, however, for a LAN that does not extend beyond the building, this is sufficient.
If you need to combine several remote friend from other objects, for example, geographically separated buildings, you need to use single-mode fiber and 1000Base-LX interfaces. It should be noted that this is not the limit: a number of manufacturers, such as Cisco and Nortel, produce modules for single-mode optical cable with a communication range of up to 100 km.
To connect servers and switches located at a distance of up to 100 m, it is most advantageous to use 1000Base-T interfaces, in this moment available in switches from almost all manufacturers.
As for management, most devices in this class support SNMP, a Web interface and an RMON probe. For example, Nortel Networks' BayStack 450 supports four RMON groups on each port.

You should also pay attention to the amount and nature of information displayed on the front panel. A good indication of errors and port status will help you cope with a variety of problems.
Depending on the expected size of the network, you must select the type of switches - single or stacked. Stacked devices provide more options for network expansion. The number of ports in one stack can reach 100, and this will allow you to postpone for some time the purchase of a gigabit switch to combine LAN segments. Note that almost all devices discussed in the review provide stacking.
Based on the long service life of switches, you should purchase those that have a maximum warranty period.
We took the liberty of rating the switches based on the above criteria. By the “design” criterion we meant the possibility of stacking, installation of redundant power supplies, “copper” ports and their redundancy, the possibility of redundancy of the stack itself, etc. We evaluated devices on a five-point scale (Table 2).
Among switches that support Layer 2 and Layer 4 features, the 3Com SuperStack 3 4400c took first place. Its big lead over its competitors was ensured by its low price per port, almost two times lower than that of other participants. In second place is Cisco Catalyst 2950, ​​in third place is BayStack 470-48T. If the main criterion is not price, but functionality, then the Catalyst 2950 is our Editors' Choice in this category.
Among the routing switches, the places were distributed as follows: the first place was shared by the Cisco Catalyst 3550 and the Allied Telesyn Rapier 48i with a very small difference in the points received, the second place was taken by the HP ProCurve Switch 4100gl, and the third place of honor was taken by the Enterasys VH-2402-L3 switch.
A few words should be said about the Allied Telesyn company: previously it looked like a kind of modest middle peasant that produced inexpensive, proven solutions. Now the company has presented a product that is almost in no way inferior to the Cisco Catalyst 3550 (unfortunately, just as expensive).
In conclusion, we note that the price per port of layer 2-4 routing switches is now $95-110. This is approximately three times the cost of a typical Layer 2 switch port. However, just a couple of years ago such figures seemed simply unattainable, so today the use of such devices in corporate LANs can be considered completely justified.