Network switch

From Wikipedia, the free encyclopedia

For other uses, see Switch (disambiguation).


Avaya ERS 2550T-PWR 50-port network switch
A network switch (sometimes known as a switching hub) is a computer networking device that
is used to connect devices together on acomputer network by performing a form of packet
switching. A switch is considered more advanced than a hub because a switch will only send a
message to the device that needs or requests it, rather than broadcasting the same message out
of each of its ports.
[1]

A switch is a multi-port network bridge that processes and forwards data at the data link
layer (layer 2) of the OSI model. Some switches have additional features, including the ability
to route packets. These switches are commonly known as layer-3 or multilayer
switches.Switches exist for various types of networks including Fibre Channel, Asynchronous
Transfer Mode, InfiniBand, Ethernet and others. The first Ethernet switch was introduced
by Kalpana in 1990.
[2]

Contents
[hide]
1 Overview
o 1.1 Network design
o 1.2 Applications
o 1.3 Microsegmentation
2 Role of switches in a network
3 Layer-specific functionality
o 3.1 Layer 1 (Hubs versus higher-layer switches)
o 3.2 Layer 2
o 3.3 Layer 3
o 3.4 Layer 4
o 3.5 Layer 7
4 Types of switches
o 4.1 Form factor
o 4.2 Configuration options
4.2.1 Typical switch management features
5 Traffic monitoring on a switched network
6 See also
7 References
8 External links
Overview[edit]


Cisco small business SG300-28 28-port Gigabit Ethernet rackmount switch and its internals
A switch is a device used on a computer network to physically connect devices together. Multiple
cables can be connected to a switch to enable networked devices to communicate with each
other. Switches manage the flow of data across a network by only transmitting a received
message to the device for which the message was intended. Each networked device connected
to a switch can be identified using a MAC address, allowing the switch to regulate the flow of
traffic. This maximises security and efficiency of the network.
Because of these features, a switch is often considered more "intelligent" than a network hub.
Hubs neither provide security, or identification of connected devices. This means that messages
have to be transmitted out of every port of the hub, greatly degrading the efficiency of the
network.
Network design[edit]
An Ethernet switch operates at the data link layer of the OSI model to create a separate collision
domain for each switch port. With four computers (e.g., A, B, C and D) on four switch ports, any
pair (e.g. A and B) can transfer data back and forth while the other pair (e.g. C and D) also do so
simultaneously, and the two conversations will not interfere with one another. In full duplex mode,
these pairs can also overlap (e.g. A transmits to B, simultaneously B to C, and so on). In the
case of using a repeater hub, they would all share the bandwidth and run in half duplex, resulting
in collisions which would require retransmissions.
Applications[edit]
The network switch plays an integral part in most modern Ethernet local area networks (LANs).
Mid-to-large sized LANs contain a number of linked managed switches. Small office/home
office (SOHO) applications typically use a single switch, or an all-purpose converged device such
as a residential gateway to access small office/home broadband services such as DSL or cable
Internet. In most of these cases, the end-user device contains a router and components that
interface to the particular physical broadband technology. User devices may also include a
telephone interface for VoIP.
Microsegmentation[edit]
Segmentation is the use of a bridge or a switch (or a router) to split a larger collision domain into
smaller ones in order to reduce collision probability and improve overall throughput. In the
extreme, i. e. microsegmentation, each device is located on a dedicated switch port. In contrast
to an Ethernet hub, there is a separate collision domain on each of the switch ports. This allows
computers to have dedicated bandwidth on point-to-point connections to the network and also to
run in full-duplex without collisions. Full-duplex mode has only one transmitter and one receiver
per 'collision domain', making collisions impossible.
Role of switches in a network[edit]
Switches may operate at one or more layers of the OSI model, including the data link and
network layers. A device that operates simultaneously at more than one of these layers is known
as a multilayer switch.
In switches intended for commercial use, built-in or modular interfaces make it possible to
connect different types of networks, including Ethernet, Fibre Channel, ATM, ITU-
T G.hnand 802.11. This connectivity can be at any of the layers mentioned. While layer-2
functionality is adequate for bandwidth-shifting within one technology, interconnecting
technologies such as Ethernet and token ring is easier at layer 3.
Devices that interconnect at layer 3 are traditionally called routers, so layer-3 switches can also
be regarded as (relatively primitive) routers.
Where there is a need for a great deal of analysis of network performance and security, switches
may be connected between WAN routers as places for analytic modules. Some vendors
provide firewall,
[3][4]
network intrusion detection,
[5]
and performance analysis modules that can
plug into switch ports. Some of these functions may be on combined modules.
[6]

In other cases, the switch is used to create a mirror image of data that can go to an external
device. Since most switch port mirroring provides only one mirrored stream, network hubs can be
useful for fanning out data to several read-only analyzers, such as intrusion detection
systems and packet sniffers.
Layer-specific functionality[edit]
Main article: Multilayer switch


A modular network switch with three network modules (a total of 24 Ethernet and 14 Fast Ethernet ports) and one
power supply.
While switches may learn about topologies at many layers, and forward at one or more layers,
they do tend to have common features. Other than for high-performance applications, modern
commercial switches use primarily Ethernet interfaces.
At any layer, a modern switch may implement power over Ethernet (PoE), which avoids the need
for attached devices, such as a VoIP phone or wireless access point, to have a separate power
supply. Since switches can have redundant power circuits connected touninterruptible power
supplies, the connected device can continue operating even when regular office power fails.
Layer 1 (Hubs versus higher-layer switches)[edit]
A network hub, or repeater, is a simple network device. Repeater hubs do not manage any of the
traffic that comes through them. Any packet entering a port is flooded out or "repeated" on every
other port, except for the port of entry. Since every packet is repeated on every other port,
packet collisions affect the entire network, limiting its capacity.
A switch creates the originally mandatory Layer 1 end-to-end connection only virtually. Its
bridge function selects which packets are forwarded to which port(s) on the basis of information
taken from layer 2 (or higher), removing the requirement that every node be presented with all
data. The connection lines are not "switched" literally, it only appears like this on the packet level.
"Bridging hub", "switching hub", or "multiport bridge" would be more appropriate terms.
There are specialized applications where a hub can be useful, such as copying traffic to multiple
network sensors. High end switches have a feature which does the same thing called port
mirroring.
By the early 2000s, there was little price difference between a hub and a low-end switch.
[7]

Layer 2[edit]
A network bridge, operating at the data link layer, may interconnect a small number of devices in
a home or the office. This is a trivial case of bridging, in which the bridge learns the MAC
address of each connected device.
Single bridges also can provide extremely high performance in specialized applications such
as storage area networks.
Classic bridges may also interconnect using a spanning tree protocol that disables links so that
the resulting local area network is a tree without loops. In contrast to routers, spanning tree
bridges must have topologies with only one active path between two points. The older IEEE
802.1D spanning tree protocol could be quite slow, with forwarding stopping for 30 seconds while
the spanning tree reconverged. A Rapid Spanning Tree Protocol was introduced as
IEEE 802.1w. The newest standard Shortest path bridging (IEEE 802.1aq) is the next logical
progression and incorporates all the older Spanning Tree Protocols (IEEE 802.1D STP, IEEE
802.1w RSTP, IEEE 802.1s MSTP) that blocked traffic on all but one alternative path. IEEE
802.1aq (Shortest Path Bridging SPB) allows all paths to be active with multiple equal cost paths,
provides much larger layer 2 topologies (up to 16 million compared to the 4096 VLANs
limit),
[8]
faster convergence, and improves the use of the mesh topologies through increase
bandwidth and redundancy between all devices by allowing traffic to load share across all paths
of a mesh network.
[9][10][11][12]

While layer 2 switch remains more of a marketing term than a technical term,
[citation needed]
the
products that were introduced as "switches" tended to use microsegmentation andFull duplex to
prevent collisions among devices connected to Ethernet. By using an internal forwarding
plane much faster than any interface, they give the impression of simultaneous paths among
multiple devices. 'Non-blocking' devices use a forwarding plane or equivalent method fast
enough to allow full duplex traffic for each port simultaneously.
Once a bridge learns the addresses of its connected nodes, it forwards data link layer frames
using a layer 2 forwarding method. There are four forwarding methods a bridge can use, of which
the second through fourth method were performance-increasing methods when used on "switch"
products with the same input and output port bandwidths:
1. Store and forward: The switch buffers and verifies each frame before forwarding it.
2. Cut through: The switch reads only up to the frame's hardware address before starting to
forward it. Cut-through switches have to fall back to store and forward if the outgoing port
is busy at the time the packet arrives. There is no error checking with this method.
3. Fragment free: A method that attempts to retain the benefits of both store and forward
and cut through. Fragment free checks the first 64 bytes of the frame,
whereaddressing information is stored. According to Ethernet specifications, collisions
should be detected during the first 64 bytes of the frame, so frames that are in error
because of a collision will not be forwarded. This way the frame will always reach its
intended destination. Error checking of the actual data in the packet is left for the end
device.
4. Adaptive switching: A method of automatically selecting between the other three modes.
While there are specialized applications, such as storage area networks, where the input and
output interfaces are the same bandwidth, this is not always the case in general LAN
applications. In LANs, a switch used for end user access typically concentrates lower bandwidth
and uplinks into a higher bandwidth.
Layer 3[edit]
Within the confines of the Ethernet physical layer, a layer-3 switch can perform some or all of the
functions normally performed by a router. The most common layer-3 capability is awareness
of IP multicast through IGMP snooping. With this awareness, a layer-3 switch can increase
efficiency by delivering the traffic of a multicast group only to ports where the attached device
has signaled that it wants to listen to that group.
Layer 4[edit]
While the exact meaning of the term layer-4 switch is vendor-dependent, it almost always starts
with a capability for network address translation, but then adds some type of load
distribution based on TCP sessions.
[13]

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security gateway.
Layer 7[edit]
Layer-7 switches may distribute loads based on Uniform Resource Locator URL or by some
installation-specific technique to recognize application-level transactions. A layer-7 switch may
include a web cache and participate in a content delivery network.
[14]



Rack-mounted 24-port 3Com switch
Types of switches[edit]
Form factor[edit]
Desktop, not mounted in an enclosure, typically intended to be used in a home or office
environment outside of a wiring closet.
Rack-mounted, a switch that mounts in an equipment rack.
Chassis, with swappable module cards.
DIN railmounted, normally seen in industrial environments.
Configuration options[edit]
Unmanaged switches these switches have no configuration interface or options. They
are plug and play. They are typically the least expensive switches, and therefore often used
in a small office/home office environment. Unmanaged switches can be desktop or rack
mounted.
Managed switches these switches have one or more methods to modify the operation of
the switch. Common management methods include: a command-line interface (CLI)
accessed via serial console, telnet or Secure Shell, an embedded Simple Network
Management Protocol (SNMP) agent allowing management from a remote console or
management station, or a web interface for management from a web browser. Examples of
configuration changes that one can do from a managed switch include: enabling features
such as Spanning Tree Protocol or port mirroring, setting port bandwidth, creating or
modifying Virtual LANs (VLANs), etc. Two sub-classes of managed switches are marketed
today:
Smart (or intelligent) switches these are managed switches with a limited set of
management features. Likewise "web-managed" switches are switches which fall into a
market niche between unmanaged and managed. For a price much lower than a fully
managed switch they provide a web interface (and usually no CLI access) and allow
configuration of basic settings, such as VLANs, port-bandwidth and duplex.
[15]

Enterprise Managed (or fully managed) switches these have a full set of management
features, including CLI, SNMP agent, and web interface. They may have additional
features to manipulate configurations, such as the ability to display, modify, backup and
restore configurations. Compared with smart switches, enterprise switches have more
features that can be customized or optimized, and are generally more expensive than
smart switches. Enterprise switches are typically found in networks with larger number of
switches and connections, where centralized management is a significant savings in
administrative time and effort. A stackable switch is a version of enterprise-managed
switch.
Typical switch management features[edit]


Linksys 48-port switch


HP Procurve rack-mounted switches mounted in a standard Telco Rack 19-inch rack with network cables
Turn particular port range on or off
Link bandwidth and duplex settings
Priority settings for ports
IP Management by IP Clustering
MAC filtering and other types of "port security" features which prevent MAC flooding
Use of Spanning Tree Protocol
SNMP monitoring of device and link health
Port mirroring (also known as: port monitoring, spanning port, SPAN port, roving analysis
port or link mode port)
Link aggregation (also known as bonding, trunking or teaming) allows the use of multiple
ports for the same connection achieving higher data transfer rates
VLAN settings. Creating VLANs can serve security and performance goals by reducing the
size of the broadcast domain
802.1X network access control
IGMP snooping
Traffic monitoring on a switched network[edit]
Unless port mirroring or other methods such as RMON, SMON or sFlow are implemented in a
switch,
[16]
it is difficult to monitor traffic that is bridged using a switch because only the sending
and receiving ports can see the traffic. These monitoring features are rarely present on
consumer-grade switches.
Two popular methods that are specifically designed to allow a network analyst to monitor traffic
are:
Port mirroring the switch sends a copy of network packets to a monitoring network
connection.
SMON "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling
facilities such as port mirroring.
Another method to monitor may be to connect a layer-1 hub between the monitored device and
its switch port. This will induce minor delay, but will provide multiple interfaces that can be used
to monitor the individual switch port.