In the traditional campus network model, network interconnection is generally a structure in which one or more backbone switches are connected to multi-stage switches, and the switches communicate through routers. The traditional router works at the network layer of the OSI model and performs routing calculations and packet forwarding based on software. With the expansion of the campus network scale and the increase of users, and the rapid development of various IP protocol-based applications (such as video conferencing and distance education), traditional routing has become a bottleneck problem in the security management and traffic control of campus networks, while traditional switches have the ability to process quickly. But it is essentially a multi-port bridge, which inevitably produces broadcasts and cannot realize routing. In order to resolve this contradiction, network manufacturers have proposed the idea of third layer exchange.
Working principles and functions of the third layer exchange technology
Traditional routers work in the network layer of the OSI layer seven model. When it receives any data packet (including broadcast packets) in the network, it removes the information of the second layer (data link layer) of the packet and checks the information of the third layer. Then determine the routing of the packet based on the routing table, encapsulate the second layer of information, and finally forward the packet. The bottleneck of a router is manifested in that it is a connectionless device, and its working mechanism makes it a forwarding and forgotten network device. Even all packets sent by the same source address to the same destination address must be repeated the same routing process, which makes it impossible for the router to have a high throughput. In addition, the router's complex processing and powerful functions are mainly implemented by software, which inevitably makes it a network bottleneck.
While the routing technology is developing, switching technology, as one of the solutions to network transmission bandwidth, has developed rapidly. The switching network is a network system centered on switches. Network switches are very similar to multi-port bridges because they all work at the data link layer, and network switches are also based on the destination MAC address of the data packet when passing data between different ports. The implementation of switches is usually implemented using a full hardware structure, which is fast, but like a bridge, it does not have the ability to isolate broadcast packets.
L3 Switching Technology (LAYER3SWITCHING) is an emerging network interconnection technology that combines the advantages of the above two technologies to leverage strengths and avoid weaknesses, also known as the third layer switching technology. If only IP is considered, it is called IP switching technology. The third-layer switched router adopts ASIC chips that integrate routing processing functions on the basis of specialized processing packet forwarding functions, combining the high-speed forwarding of traditional layer two switches with the router's routing functions to realize line-speed routing, solving the bottleneck problem of routers. There are generally two types of solutions for L3 switching technology: core-based model and edge-based multi-layer hybrid switching model. The former represents cisco's netflow switch and tagswitching switch, emphasizing the speed of the switch core layer, and completely using ASIC hardware to realize routing and switching at line speed. The latter represents 3com's fast ip and cabletron's virtual fast secure network. The method used is to route once at the third layer and then exchange end-to-end network streaming data packets at the second layer. This is the "one routing, then exchange" strategy.
The powerful functions of the third layer switched router are reflected in:
(1) Calculate the route according to the L3 protocol, and its supported routing protocols include: RIPV1, V2 and OSPF.
(2) Support various commonly used IP multicast protocols such as IGMP and DVMRP. When the switched router receives the multicast message, it first forwards the message to the VLAN containing the multicast group members, and then forwards the message to the port of the multicast group member.
(3) Quality of service QoS, assign messages to specific priority, and send messages of different priority levels to different queues in sequence.
(4) Supports standard SNMP network management protocol and supports traditional command line interface (CLI).
(5) Various division strategies for virtual networks, especially it not only supports traditional port-based VLAN division, but also supports VLAN division based on IP addresses, subnet numbers and protocol types, which brings great convenience to the management of campus networks.
Therefore, the new third-layer switched router is typically used in the local area network of campuses and buildings. It is used as the backbone device. In addition to providing high bandwidth for message forwarding and the functions described above, it also provides security, monitoring, management and configuration services.
Application of Layer 3 switch router in virtual network planning
1. VLAN and planning strategies
Virtual Local Area Network (VLAN) is also known as virtual network. It is defined as a location-independent local area network broadcast domain from network management. VLAN technology emerged with the emergence of switching technology. It has the following benefits to divide several virtual subnets in a campus network:
1. Quarantine broadcast. After dividing the virtual subnet, all broadcasts will be limited to this VLAN subnet, thus effectively improving the overall effective bandwidth of the network and isolating the broadcast storm of the network.
2. Convenient work group division and management. After dividing the virtual network, the division of the working groups is no longer limited to their physical location, but can be divided according to their functions, thereby achieving the inconsistency between the physical structure of the network and the virtual subnet.
3. Enhance network security. Due to the logical independence of each VLAN subnet, security policies can be defined for each virtual network according to actual conditions, effectively avoid illegal intrusions and improve the security of each virtual network.
Before the launch of Layer 3 switches, there were only two ways to divide VLANs provided by switches. The first is based on ports. That is, it provides a method to divide machines on one or several ports into a VLAN. This is similar to the physical network segment and cannot implement location-independent virtual network configuration. The second is based on the MAC address. That is, the subnet is divided by MAC addresses, and this strategy implements a location-independent virtual network. However, adding and deleting nodes in the subnet is very inconvenient.
Layer 3 switching technology provides a new VLAN division method:
VLAN based on IP and policy. That is, no matter which physical network segment the node is located in, we can divide the network based on their IP addresses or according to different packet protocols, which makes network management and application more convenient.
Second, the application of third-layer exchange in campus network VLAN planning
The third layer exchange is based on IP policy when dividing virtual networks, which means that the physical network segments on the same port can be divided into different logical subnets; the nodes of different physical network segments are divided into the same logical subnets, and the subnet subpoint information traffic does not require routing. Make full use of various VLAN division methods provided by the third layer clearinghouse, which can achieve twice the result with half the effort on network management personnel. Specifically in the division of campus virtual networks:
This makes the division of campus network easy to be consistent with the division of various departments in the school. Although a certain department on campus is distributed in different physical locations, the demarcation of a molecular network based on the IP address can enable the nodes of the same department in different physical network segments to be set as the same logical subnet to achieve inconsistency with the physical location.
For network centers, key departments such as finance departments can adopt VLAN division technology based on traditional MAC addresses to prevent the occurrence of unauthorized nodes in the subnet.
For places such as student dormitories, where there are more dispersed physical subnets and more difficult to effectively manage, hybrid strategies can be adopted, such as subdividing different logical virtual subnets on the same port or dividing networks based on MAC addresses to minimize IP address theft and other security issues.
Conclusion
The third layer switching technology is a relatively new technology. Its architecture not only has a significant impact on improving the performance of the park's internal network, but also affects the design ideas of future park network routing. The new virtual network planning strategy it provides will greatly facilitate users' management and application of the network.
Article entry: csh Editor in charge: csh