Why do you need a switch in a local network? Building a home network. What's smart about smart network switches? How the switch works

In the vast majority of home local networks, only a wireless router is used as active equipment. However, if you need more than four wired connections, you will need to add a network switch (although today there are routers with seven to eight ports for clients). The second common reason for purchasing this equipment is more convenient network wiring. For example, you can install a switch near the TV, connect one cable from the router to it, and connect the TV itself, media player, game console and other equipment to other ports.

The simplest models of network switches have just a couple of key characteristics - the number of ports and their speed. And taking into account modern requirements and the development of the element base, we can say that if the goal of saving at any cost or some specific requirements is not the goal, it is worth buying models with gigabit ports. FastEthernet networks with a speed of 100 Mbps are of course used today, but it is unlikely that their users will encounter the problem of a lack of ports on the router. Although, of course, this is also possible, if you recall the products of some well-known manufacturers with one or two ports for a local network. Moreover, it would be appropriate to use a gigabit switch here to increase the performance of the entire wired local network.

In addition, when choosing, you can also take into account the brand, material and design of the case, the implementation of the power supply (external or internal), the presence and location of indicators and other parameters. Surprisingly, the characteristic of operating speed, which is familiar to many other devices, in this case makes virtually no sense, as was recently published. In data transfer tests, models of completely different categories and prices show the same results.

In this article, we decided to briefly talk about what can be interesting and useful in “real” Level 2 switches. Of course, this material does not pretend to be the most detailed and in-depth presentation of the topic, but, hopefully, it will be useful to those who are faced with more serious tasks or requirements when building their local network in an apartment, house or office than installing a router and setting up Wi-Fi. Fi. In addition, many topics will be presented in a simplified format, reflecting only the main points in the interesting and varied topic of network packet switching.

Previous articles in the “Building a Home Network” series are available at the following links:

In addition, useful information about building networks is available in this subsection.

Theory

First, let's remember how a “regular” network switch works.

This “box” is small in size, has several RJ45 ports for connecting network cables, a set of indicators and a power input. It works according to algorithms programmed by the manufacturer and does not have any user-accessible settings. The principle of “connect the cables - turn on the power - works” is used. Each device (more precisely, its network adapter) on the local network has a unique address - MAC address. It consists of six bytes and is written in the format "AA:BB:CC:DD:EE:FF" with hexadecimal digits. You can find it out programmatically or by looking at the information plate. Formally, this address is considered to be issued by the manufacturer at the production stage and is unique. But in some cases this is not the case (uniqueness is required only within the local network segment, and changing the address can be easily done in many operating systems). By the way, the first three bytes can sometimes reveal the name of the creator of the chip or even the entire device.

If for a global network (in particular the Internet), addressing devices and processing packets is carried out at the IP address level, then in each individual local network segment MAC addresses are used for this. All devices on the same local network must have different MAC addresses. If this is not the case, there will be problems with the delivery of network packets and network operation. Moreover, this low level of information exchange is implemented within the operating system network stacks and the user does not need to interact with it. Perhaps, in reality there are literally a couple of common situations where a MAC address can be used. For example, when replacing a router on a new device, specify the same MAC address of the WAN port that was on the old one. The second option is to enable MAC address filters on the router to block access to the Internet or Wi-Fi.

A regular network switch allows you to combine several clients to exchange network traffic between them. Moreover, not only one computer or other client device can be connected to each port, but also another switch with its own clients. Roughly, the switch’s operation diagram looks like this: when a packet arrives at a port, it remembers the sender’s MAC and writes it into the “clients on this physical port” table, the recipient’s address is checked against other similar tables, and if it is in one of them, the packet is sent to corresponding physical port. Additionally, algorithms are provided for eliminating loops, searching for new devices, checking whether a device has changed a port, and others. To implement this scheme, no complex logic is required; everything works on fairly simple and inexpensive processors, so, as we said above, even low-end models are able to show maximum speeds.

Managed or sometimes called “smart” switches are much more complex. They are able to use more information from network packets to implement more complex algorithms for processing them. Some of these technologies may also be useful for “high-end” or more demanding home users, as well as for solving some special tasks.

Second-level switches (Level 2, data link layer) are capable of taking into account, when switching packets, information contained within certain fields of network packets, in particular VLAN, QoS, multicast and some others. This is the option we will talk about in this article. More complex models of the third level (Level 3) can already be considered routers, since they operate with IP addresses and work with third-level protocols (in particular RIP and OSPF).

Please note that there is no single universal and standard set of capabilities for managed switches. Each manufacturer creates its own product lines based on its understanding of consumer requirements. So in each case it is worth paying attention to the specifications of a particular product and their compliance with the tasks set. Of course, there is no talk of any “alternative” firmware with wider capabilities here.

As an example, we use the Zyxel GS2200-8HP device. This model has been on the market for a long time, but is quite suitable for this article. Modern products in this segment from Zyxel generally provide similar capabilities. In particular, the current device of the same configuration is offered under the article number GS2210-8HP.

The Zyxel GS2200-8HP is an eight-port (24-port version available in the series) Level 2 managed gigabit switch that also includes PoE support and RJ45/SFP combo ports, as well as some higher-level switching features.

In terms of its format, it can be called a desktop model, but the package includes additional mounting hardware for installation in a standard 19″ rack. The body is made of metal. On the right side we see a ventilation grille, and on the opposite side there are two small fans. At the back there is only a network cable input for the built-in power supply.

All connections, traditionally for such equipment, are made from the front side for ease of use in racks with patch panels. On the left there is an insert with the manufacturer's logo and the illuminated name of the device. Next are the indicators - power, system, alarm, status/activity and power LEDs for each port.

Next, the main eight network connectors are installed, and after them two RJ45 and two SFPs that duplicate them with their own indicators. Such solutions are another characteristic feature of such devices. Typically, SFP is used to connect optical communication lines. Their main difference from the usual twisted pair is the ability to work over significantly longer distances - up to tens of kilometers.

Due to the fact that different types of physical lines can be used here, SFP standard ports are installed directly in the switch, into which special transceiver modules must be additionally installed, and optical cables are already connected to them. At the same time, the resulting ports do not differ in their capabilities from the others, of course, except for the lack of PoE support. They can also be used in port trunking mode, scenarios with VLANs and other technologies.

The console serial port completes the description. It is used for servicing and other operations. In particular, we note that there is no reset button, which is typical for home equipment. In severe cases of loss of control, you will have to connect via the serial port and reload the entire configuration file in debug mode.

The solution supports administration via the Web and command line, firmware updates, 802.1x protocol to protect against unauthorized connections, SNMP for integration into monitoring systems, packets with a size of up to 9216 bytes (Jumbo Frames) to increase network performance, second-layer switching services, stacking capabilities for ease of administration.

Of the eight main ports, half support PoE+ with up to 30 W per port, and the remaining four support PoE with 15.4 W. The maximum power consumption is 230 W, of which up to 180 W can be supplied via PoE.

The electronic version of the user manual has more than three hundred pages. So the functions described in this article represent only a small part of the capabilities of this device.

Management and control

Unlike simple network switches, “smart” ones have tools for remote configuration. Their role is most often played by the familiar Web interface, and for “real administrators” access to the command line with its own interface via telnet or ssh is provided. A similar command line can be obtained through a connection to the serial port on the switch. In addition to habit, working with the command line has the advantage of convenient automation using scripts. There is also support for the FTP protocol, which allows you to quickly download new firmware files and manage configurations.

For example, you can check the status of connections, manage ports and modes, allow or deny access, and so on. In addition, this option is less demanding on bandwidth (requires less traffic) and the equipment used for access. But in the screenshots, of course, the Web interface looks more beautiful, so in this article we will use it for illustrations. Security is provided by a traditional administrator username/password, there is support for HTTPS, and you can also configure additional restrictions on access to switch management.

Note that, unlike many home devices, the interface has an explicit button for saving the current switch configuration to its non-volatile memory. Also on many pages you can use the Help button to call up contextual help.

Another option for monitoring the operation of the switch is to use the SNMP protocol. Using specialized programs, you can obtain information about the hardware status of the device, such as temperature or loss of a link on a port. For large projects, it will be useful to implement a special mode for managing several switches (a cluster of switches) from a single interface - Cluster Management.

The minimum initial steps to start up the device typically include updating the firmware, changing the administrator password, and configuring the switch's own IP address.

In addition, it is usually worth paying attention to options such as network name, synchronization of the built-in clock, sending the event log to an external server (for example, Syslog).

When planning the network layout and switch settings, it is recommended to calculate and think through all the points in advance, since the device does not have built-in controls for blocking and contradictions. For example, if you “forget” that you previously configured port aggregation, then VLANs with their participation may behave completely differently than required. Not to mention the possibility of losing connection with the switch, which is especially unpleasant when connecting remotely.

One of the basic “smart” functions of switches is support for network port aggregation technologies. Also used for this technology are terms such as trunking, bonding, and teaming. In this case, clients or other switches are connected to this switch not with one cable, but with several at once. Of course, this requires having several network cards on your computer. Network cards can be either separate or made in the form of a single expansion card with several ports. Typically in this scenario we are talking about two or four links. The main tasks solved in this way are increasing the speed of the network connection and increasing its reliability (duplication). A switch can support several such connections at once, depending on its hardware configuration, in particular, the number of physical ports and processor power. One option is to connect a pair of switches in this way, which will increase the overall network performance and eliminate bottlenecks.

To implement the scheme, it is advisable to use network cards that explicitly support this technology. But in general, the implementation of port aggregation can be done at the software level. This technology is most often implemented through the open LACP/802.3ad protocol, which is used to monitor the status of links and manage them. But there are also private options from individual vendors.

At the client operating system level, after appropriate configuration, a new standard network interface usually simply appears, which has its own MAC and IP addresses, so that all applications can work with it without any special actions.

Fault tolerance is ensured by having multiple physical connections between devices. If the connection fails, traffic is automatically redirected along the remaining links. Once the line is restored, it will start working again.

As for increasing speed, the situation here is a little more complicated. Formally, we can assume that productivity is multiplied according to the number of lines used. However, the actual increase in data transmission and reception speed depends on specific tasks and applications. In particular, if we are talking about such a simple and common task as reading files from a network storage device on a computer, then it will not gain anything from combining ports, even if both devices are connected to the switch by several links. But if port trunking is configured on a network storage device and several “regular” clients access it simultaneously, then this option will already receive a significant gain in overall performance.

Some examples of use and test results are given in the article. Thus, we can say that the use of port aggregation technologies at home will be useful only if there are several fast clients and servers, as well as a sufficiently high load on the network.

Setting up port aggregation on a switch is usually straightforward. In particular, on the Zyxel GS2200-8HP the necessary parameters are located in the Advanced Application - Link Aggregation menu. In total, this model supports up to eight groups. There are no restrictions on the composition of groups - you can use any physical port in any group. The switch supports both static port trunking and LACP.

On the status page you can check the current assignments by group.

On the settings page, active groups and their type are indicated (used to select the packet distribution scheme across physical links), as well as the assignment of ports to the required groups.

If necessary, enable LACP for the required groups on the third page.

Next, you need to configure similar settings on the device on the other side of the link. In particular, on a QNAP network drive this is done as follows - go to the network settings, select ports and the type of their connection.

After this, you can check the status of the ports on the switch and evaluate the effectiveness of the solution in your tasks.

VLAN

In a typical local network configuration, network packets “walking” through it use a common physical environment, like flows of people at subway transfer stations. Of course, switches, in a certain sense, prevent “foreign” packets from reaching the interface of your network card, but some packets, such as broadcast packets, can penetrate any corner of the network. Despite the simplicity and high speed of this scheme, there are situations when, for some reason, you need to separate certain types of traffic. This may be due to security requirements or the need to meet performance or prioritization requirements.

Of course, these issues can be resolved by creating a separate segment of the physical network - with its own switches and cables. But this is not always possible to implement. This is where VLAN (Virtual Local Area Network) technology—a logical or virtual local computer network—may come in handy. It may also be referred to as 802.1q.

To a rough approximation, the operation of this technology can be described as the use of additional “tags” for each network packet when it is processed in the switch and on the end device. In this case, data exchange only works within a group of devices with the same VLAN. Since not all equipment uses VLAN, the scheme also uses operations such as adding and removing tags of a network packet as it passes through the switch. Accordingly, it is added when a packet is received from a “regular” physical port for sending through the VLAN network, and removed when it is necessary to transmit a packet from the VLAN network to a “regular” port.

As an example of the use of this technology, we can recall multi-service connections of operators - when you get access to the Internet, IPTV and telephony via one cable. This was previously found in ADSL connections, and today is used in GPON.

The switch in question supports the simplified “Port-based VLAN” mode, when the division into virtual networks is carried out at the level of physical ports. This scheme is less flexible than 802.1q, but may be suitable in some configurations. Note that this mode is mutually exclusive with 802.1q, and for selection there is a corresponding item in the Web interface.

To create a VLAN according to the 802.1q standard, on the Advanced Applications - VLAN - Static VLAN page, you need to specify the name of the virtual network, its identifier, and then select the ports involved in the operation and their parameters. For example, when connecting regular clients, it is worth removing VLAN tags from the packets sent to them.

Depending on whether this is a client connection or a switch connection, you need to configure the required options on the Advanced Applications - VLAN - VLAN Port Settings page. In particular, this concerns adding tags to packets arriving at the port input, allowing packets without tags or with other identifiers to be broadcast through the port, and isolating the virtual network.

Access control and authentication

Ethernet technology initially did not support access control to the physical medium. It was enough to plug the device into the switch port - and it began to work as part of the local network. In many cases, this is sufficient because the security is provided by the complexity of a direct physical connection to the network. But today, the requirements for the network infrastructure have changed significantly and the implementation of the 802.1x protocol is increasingly found in network equipment.

In this scenario, when connecting to a switch port, the client provides its authentication data and without confirmation from the access control server, no information is exchanged with the network. Most often, the scheme involves the presence of an external server, such as RADIUS or TACACS+. The use of 802.1x also provides additional capabilities for monitoring network operation. If in the standard scheme you can “bind” only to the client’s hardware parameter (MAC address), for example, to issue an IP, set speed limits and access rights, then working with user accounts will be more convenient in large networks, since it allows for client mobility and other top level features.

A RADIUS server on a QNAP NAS was used for testing. It is designed as a separately installed package and has its own user base. It is quite suitable for this task, although in general it has few capabilities.

The client was a computer with Windows 8.1. To use 802.1x on it, you need to enable one service and after that a new tab appears in the properties of the network card.

Note that in this case we are talking exclusively about controlling access to the physical port of the switch. In addition, do not forget that it is necessary to ensure constant and reliable access of the switch to the RADIUS server.

To implement this feature, the switch has two functions. The first, the simplest, allows you to limit incoming and outgoing traffic on a specified physical port.

This switch also allows you to use prioritization for physical ports. In this case, there are no hard limits for speed, but you can select devices whose traffic will be processed first.

The second is part of a more general scheme with the classification of switched traffic according to various criteria and is only one of the options for its use.

First, on the Classifier page, you need to define traffic classification rules. They apply Level 2 criteria - in particular MAC addresses, and in this model Level 3 rules can also be applied - including protocol type, IP addresses and port numbers.

Next, on the Policy Rule page, you specify the necessary actions with the traffic “selected” according to the selected rules. The following operations are provided here: setting a VLAN tag, limiting the speed, outputting a packet to a given port, setting a priority field, dropping a packet. These functions allow, for example, to limit data exchange rates for client data or services.

More complex schemes may use 802.1p priority fields in network packets. For example, you can tell the switch to handle telephony traffic first and give browser browsing the lowest priority.

PoE

Another possibility that is not directly related to the packet switching process is to provide power to client devices via a network cable. This is often used to connect IP cameras, telephones and wireless access points, which reduces the number of wires and simplifies switching. When choosing such a model, it is important to consider several parameters, the main one of which is the standard used by the client equipment. The fact is that some manufacturers use their own implementations, which are incompatible with other solutions and can even lead to breakdown of “foreign” equipment. It is also worth highlighting “passive PoE”, when power is transmitted at a relatively low voltage without feedback and control of the recipient.

A more correct, convenient and universal option would be to use “active PoE”, operating according to the 802.3af or 802.3at standards and capable of transmitting up to 30 W (higher values are also found in new versions of the standards). In this scheme, the transmitter and receiver exchange information with each other and agree on the necessary power parameters, in particular power consumption.

To test this, we connected an Axis 802.3af PoE compatible camera to the switch. On the front panel of the switch, the corresponding power indicator for this port lights up. Then, through the Web interface, we will be able to monitor the consumption status by port.

Also interesting is the ability to control the power supply to the ports. Because if the camera is connected with one cable and is located in a hard-to-reach place, to reboot it, if necessary, you will need to disconnect this cable either on the camera side or in the wiring closet. And here you can log into the switch remotely in any available way and simply uncheck the “supply power” checkbox, and then put it back. In addition, in the PoE settings, you can configure the priority system for providing power.

As we wrote earlier, the key field of network packets in this equipment is the MAC address. Managed switches often have a set of services designed to use this information.

For example, the model under consideration supports static assignment of MAC addresses to a port (usually this operation occurs automatically), filtering (blocking) of packets by source or recipient MAC addresses.

In addition, you can limit the number of client MAC address registrations on a switch port, which can also be considered an additional security option.

Most layer 3 network packets are usually unidirectional - they go from one addressee to one recipient. But some services use multicast technology, when one package has several recipients at once. The most famous example is IPTV. Using multicast here can significantly reduce bandwidth requirements when it is necessary to deliver information to a large number of clients. For example, multicast of 100 TV channels with a flow of 1 Mbit/s will require 100 Mbit/s for any number of clients. If we use standard technology, then 1000 clients would require 1000 Mbit/s.

We will not go into the details of how IGMP works; we will only note the ability to fine-tune the switch for efficient operation under heavy loads of this type.

Complex networks may use special protocols to control the path of network packets. In particular, they make it possible to eliminate topological loops (“looping” of packets). The switch in question supports STP, RSTP and MSTP and has flexible settings for their operation.

Another feature in demand in large networks is protection against situations such as “broadcast storm”. This concept characterizes a significant increase in broadcast packets in the network, blocking the passage of “normal” useful traffic. The simplest way to combat this is to set limits on the switch ports to process a certain number of packets per second.

Additionally, the device has an Error Disable function. It allows the switch to shut down ports if it detects excessive service traffic. This allows you to maintain productivity and ensure automatic recovery when the problem is fixed.

Another task, more related to security requirements, is monitoring all traffic. In normal mode, the switch implements a scheme to send packets only directly to their recipients. It is impossible to “catch” a “foreign” packet on another port. To implement this task, port mirroring technology is used - control equipment is connected to selected switch ports and all traffic from specified other ports is configured to be sent to this port.

The IP Source Guard and DHCP Snooping ARP Inspection functions are also aimed at increasing security. The first allows you to configure filters involving MAC, IP, VLAN and port number through which all packets will pass. The second protects the DHCP protocol, the third automatically blocks unauthorized clients.

Conclusion

Of course, the capabilities described above represent only a fraction of the network switching technologies available on the market today. And even from this small list, not all of them can find real use among home users. Perhaps the most common are PoE (for example, to power network video cameras), port aggregation (in the case of a large network and the need for fast traffic exchange), traffic control (to ensure the operation of streaming applications under high load on the channel).

Of course, it is not at all necessary to use business-level devices to solve these problems. For example, in stores you can find a regular switch with PoE, port aggregation is also found in some top-end routers, prioritization is also starting to be found in some models with fast processors and high-quality software. But, in our opinion, the option of purchasing more professional equipment, including on the secondary market, can also be considered for home networks with increased requirements for performance, security and manageability.

By the way, there is actually another option. As we said above, in all “smart” switches there can be a different amount of “mind” directly. And many manufacturers have a series of products that fit well into the home budget and at the same time are able to provide many of the features described above. As an example, we can mention the Zyxel GS1900-8HP.

This model has a compact metal case and an external power supply, it has eight Gigabit ports with PoE, and a Web interface is provided for configuration and management.

The device firmware supports port aggregation with LACP, VLAN, port rate limiting, 802.1x, port mirroring and other functions. But unlike the “real managed switch” described above, all this is configured exclusively through the Web interface and, if necessary, even using an assistant.

Of course, we are not talking about the similarity of this model to the device described above in terms of its capabilities as a whole (in particular, there are no traffic classification tools and Level 3 functions here). Rather, it is simply a more suitable option for the home user. Similar models can be found in the catalogs of other manufacturers.

The switch is one of the most important devices used in building a local network. In this article we will talk about what switches are and focus on the important characteristics that need to be taken into account when choosing a local network switch.

First, let's look at the general block diagram to understand what place the switch occupies in the enterprise local network.

The figure above shows the most common block diagram of a small local network. As a rule, access switches are used in such local networks.

Access switches are directly connected to end users, providing them with access to local network resources.

However, in large local networks, switches perform the following functions:

Network access level. As mentioned above, access switches provide connection points for end-user devices. In large local networks, access switch frames do not communicate with each other, but are transmitted through distribution switches.

Distribution level. Switches at this layer forward traffic between access switches, but do not interact with end users.

System kernel level. Devices of this type combine data transmission channels from distribution level switches in large territorial local networks and provide very high speed switching of data flows.

Switches are:

Unmanaged switches. These are ordinary stand-alone devices on a local network that manage data transfer independently and do not have the possibility of additional configuration. Due to ease of installation and low price, they are widely used for installation at home and in small businesses.

Managed Switches. More advanced and expensive devices. They allow the network administrator to independently configure them for specified tasks.

Managed switches can be configured in one of the following ways:

Via console port Via WEB interface

Through Telnet Via SNMP protocol

Via SSH

Switch levels

All switches can be divided into model levels OSI . The higher this level, the greater the capabilities the switch has, however, its cost will be significantly higher.

Layer 1 switches. This level includes hubs, repeaters and other devices operating at the physical level. These devices were at the dawn of the development of the Internet and are currently not used on the local network. Having received a signal, a device of this type simply transmits it further to all ports except the sender port

Layer 2 switches2) . This level includes unmanaged and some managed switches ( switch ) working at the link level of the model OSI . Second-level switches work with frames - frames: a stream of data divided into portions. Having received the frame, the layer 2 switch reads the sender's address from the frame and enters it into its table MAC addresses, matching this address to the port on which it received this frame. Thanks to this approach, Layer 2 switches forward data only to the destination port, without creating excess traffic on other ports. Layer 2 switches don't understand IP addresses located at the third network level of the model OSI and work only at the link level.

Layer 2 switches support the most common protocols such as:

IEEE 802.1 q or VLAN virtual local networks. This protocol allows you to create separate logical networks within the same physical network.

For example, devices connected to the same switch, but located in different VLAN will not see each other and will be able to transmit data only in their own broadcast domain (devices from the same VLAN). Between themselves, the computers in the figure above will be able to transmit data using a device operating at the third level with IP addresses: router.

IEEE 802.1p (Priority tags ). This protocol is natively present in the protocol IEEE 802.1q and is a 3-bit field from 0 to 7. This protocol allows you to mark and sort all traffic by importance by setting priorities (maximum priority 7). Frames with higher priority will be forwarded first.

IEEE 802.1d Spanning tree protocol (STP).This protocol builds a local network in the form of a tree structure to avoid network loops and prevent the formation of a network storm.

Let's say the local network is installed in the form of a ring to increase the fault tolerance of the system. The switch with the highest priority in the network is selected as the root switch.In the example above, SW3 is the root. Without delving into protocol execution algorithms, switches calculate the path with the maximum cost and block it. For example, in our case, the shortest path from SW3 to SW1 and SW2 will be through its own dedicated interfaces (DP) Fa 0/1 and Fa 0/2. In this case, the default path price for the 100 Mbit/s interface will be 19. Interface Fa 0/1 of the local network switch SW1 is blocked because the total path price will be the sum of two transitions between 100 Mbit/s interfaces 19+19=38.

If the working route is damaged, the switches will recalculate the path and unblock this port

IEEE 802.1w Rapid spanning tree protocol (RSTP).Enhanced 802.1 standard d , which has higher stability and shorter recovery time of the communication line.

IEEE 802.1s Multiple spanning tree protocol.The latest version, taking into account all the shortcomings of the protocols STP and RSTP.

IEEE 802.3ad Link aggregation for parallel link.This protocol allows you to combine ports into groups. The total speed of a given aggregation port will be the sum of the speeds of each port in it.The maximum speed is determined by the IEEE 802.3ad standard and is 8 Gbit/s.

Layer 3 switches3) . These devices are also called multiswitches since they combine the capabilities of switches operating at the second level and routers operating with IP packages at the third level.Layer 3 switches fully support all the features and standards of Layer 2 switches. Network devices can be accessed using IP addresses. A layer 3 switch supports the establishment of various connections: l 2 tp, pptp, pppoe, vpn, etc.

Layer 4 switches 4) . L4 level devices operating at the transport layer model OSI . Responsible for ensuring the reliability of data transmission. These switches can, based on information from packet headers, understand that traffic belongs to different applications and make decisions about redirecting such traffic based on this information. The name of such devices is not settled; sometimes they are called smart switches, or L4 switches.

Main characteristics of switches

Number of ports. Currently, there are switches with the number of ports from 5 to 48. The number of network devices that can be connected to a given switch depends on this parameter.

For example, when building a small local network of 15 computers, we will need a switch with 16 ports: 15 for connecting end devices and one for installing and connecting a router to access the Internet.

Data transfer rate. This is the speed at which each switch port operates. Typically speeds are specified as follows: 10/100/1000 Mbit/s. The speed of the port is determined during auto negotiation with the end device. On managed switches, this parameter can be configured manually.

For example : A PC client device with a 1 Gbps network card is connected to a switch port with an operating speed of 10/100 Mbps c . As a result of auto-negotiation, devices agree to use the maximum possible speed of 100 Mbps.

Auto port negotiation between Full – duplex and half – duplex. Full – duplex: Data transfer is carried out simultaneously in two directions. Half-duplex Data transmission is carried out first in one direction, then in the other direction sequentially.

Internal fabric bandwidth. This parameter shows the overall speed at which the switch can process data from all ports.

For example: on a local network there is a switch with 5 ports operating at a speed of 10/100 Mbit/s. In the technical specifications, the switching matrix parameter is 1 Gbit/ c . This means that each port is in Full-duplex can operate at a speed of 200 Mbit/ c (100 Mbit/s reception and 100 Mbit/s transmission). Let's assume that the parameter of this switching matrix is less than the specified one. This means that during peak loads, the ports will not be able to operate at the declared speed of 100 Mbit/s.

Auto MDI/MDI-X cable type negotiation. This function allows you to determine which of the two methods the EIA/TIA-568A or EIA/TIA-568B twisted pair was crimped. When installing local networks, the EIA/TIA-568B scheme is most widely used.

Stacking is the combination of several switches into one single logical device. Different switch manufacturers use their own stacking technologies, e.g. c isco uses Stack Wise stacking technology with a 32 Gbps bus between switches and Stack Wise Plus with a 64 Gbps bus between switches.

For example, this technology is relevant in large local networks, where it is necessary to connect more than 48 ports on the basis of one device.

Mounting for 19" rack. In home environments and small local networks, switches are often installed on flat surfaces or mounted on the wall, but the presence of so-called “ears” is necessary in larger local networks where active equipment is located in server cabinets.

MAC table sizeaddresses. A switch is a device operating at level 2 of the model OSI . Unlike a hub, which simply redirects the received frame to all ports except the sender port, the switch learns: remembers MAC address of the sender's device, entering it, port number and lifetime of the entry into the table. Using this table, the switch does not forward the frame to all ports, but only to the recipient port. If the number of network devices in the local network is significant and the table size is full, the switch begins to overwrite older entries in the table and writes new ones, which significantly reduces the speed of the switch.

Jumboframe . This feature allows the switch to handle larger packet sizes than those defined by the Ethernet standard. After each packet is received, some time is spent processing it. When using an increased packet size using Jumbo Frame technology, you can save on packet processing time in networks that use data transfer rates of 1 Gb/sec and higher. At a lower speed there is no big gain

Switching modes.In order to understand the principle of operation of switching modes, first consider the structure of the frame transmitted at the data link level between the network device and the switch on the local network:

As can be seen from the picture:

First comes the preamble signaling the start of frame transmission,
Then MAC destination address ( DA) and MAC sender's address ( S.A.)
Third level ID: IPv 4 or IPv 6 is used
And at the end the checksum FCS: A 4 byte CRC value used to detect transmission errors. Calculated by the sending party, and placed in the FCS field. The receiving party calculates this value independently and compares it with the received value.

Now let's look at the switching modes:

Store - and - forward. This switching mode saves the entire frame to a buffer and checks the field FCS , which is at the very end of the frame and if the checksum of this field does not match, discards the entire frame. As a result, the likelihood of network congestion is reduced, since it is possible to discard frames with errors and delay the transmission time of the packet. This technology is present in more expensive switches.

Cut-through. Simpler technology. In this case, frames can be processed faster, since they are not completely saved to the buffer. For analysis, data from the beginning of the frame to the destination MAC address (DA), inclusive, is stored in a buffer. The switch reads this MAC address and forwards it to the destination. The disadvantage of this technology is that the switch in this case forwards both dwarf packets with a length of less than 512 bit intervals and damaged packets, increasing the load on the local network.

PoE technology support

Pover over ethernet technology allows you to power a network device over the same cable. This solution allows you to reduce the cost of additional installation of supply lines.

The following PoE standards exist:

PoE 802.3af supports equipment up to 15.4 W

PoE 802.3at supports equipment up to 30W

Passive PoE

PoE 802.3 af/at have intelligent control circuits for supplying voltage to the device: before supplying power to the PoE device, the af/at standard source negotiates with it to avoid damage to the device. Passiv PoE is much cheaper than the first two standards; power is directly supplied to the device via free pairs of the network cable without any coordination.

Characteristics of standards

The PoE 802.3af standard is supported by most low-cost IP cameras, IP phones and access points.

The PoE 802.3at standard is present in more expensive models of IP video surveillance cameras, where it is not possible to meet 15.4 W. In this case, both the IP video camera and the PoE source (switch) must support this standard.

Expansion slots. Switches may have additional expansion slots. The most common are SFP modules (Small Form-factor Pluggable). Modular, compact transceivers used for data transmission in a telecommunications environment.

SFP modules are inserted into a free SFP port of a router, switch, multiplexer or media converter. Although SFP Ethernet modules exist, the most commonFiber optic modules are used to connect the main channel when transmitting data over long distances beyond the reach of the Ethernet standard. SFP modules are selected depending on distance and data transfer speed. The most common are dual-fiber SFP modules, which use one fiber for receiving and the other for transmitting data. However, WDM technology allows data transmission at different wavelengths over a single optical cable.

SFP modules are:

SX - 850 nm used with multimode optical cable over distances up to 550m
LX - 1310 nm is used with both types of optical cable (SM and MM) at a distance of up to 10 km
BX - 1310/1550 nm is used with both types of optical cable (SM and MM) at a distance of up to 10 km
XD - 1550 nm is used with single mode cable up to 40 km, ZX up to 80 km, EZ or EZX up to 120 km and DWDM

The SFP standard itself provides for data transmission at a speed of 1 Gbit/s, or at a speed of 100 Mbit/s. For faster data transfer, SFP+ modules were developed:

SFP+ data transfer at 10 Gbps
XFP data transfer at 10 Gbps
QSFP+ data transfer at 40 Gbps
CFP data transfer at 100 Gbps

However, at higher speeds, signals are processed at high frequencies. This requires greater heat dissipation and, accordingly, larger dimensions. Therefore, in fact, the SFP form factor is still preserved only in SFP+ modules.

Conclusion

Many readers have probably come across unmanaged switches and low-cost managed layer 2 switches in small local networks. However, the choice of switches for building larger and more technically complex local networks is best left to professionals.

Safe Kuban uses switches of the following brands when installing local networks:

Professional Solution:

Cisco

Qtech

Budget solution

D-Link

Tp-Link

Tenda

Safe Kuban carries out installation, commissioning and maintenance of local networks in Krasnodar and the South of Russia.

The logical topology of an Ethernet network is a multi-access bus in which all devices share access to the same communication medium. This logical topology determines how nodes on a network view and process frames sent and received on that network. However, virtually all Ethernet networks today use a star or extended star physical topology. This means that in most Ethernet networks, end devices are typically connected to a Layer 2 LAN switch in a point-to-point fashion.

A Layer 2 LAN switch performs switching and filtering based only on the OSI link layer MAC address. The switch is completely transparent to network protocols and user applications. The Layer 2 switch creates a table of MAC addresses, which it then uses to make packet forwarding decisions. Layer 2 switches rely on routers to transfer data between independent IP subnets.

Switches use MAC addresses to transmit data across the network through their switch fabric to the appropriate port towards the destination host. The switch fabric provides integrated channels and complementary machine programming tools to control the path of data through the switch. For a switch to know which port to use to transmit a unicast frame, it first needs to know what hosts are on each of its ports.

The switch determines how to process incoming frames using its own MAC address table. It creates its own MAC address table by adding the MAC addresses of hosts that are connected to each of its ports. After entering the MAC address for a particular host connected to a specific port, the switch will be able to send traffic intended for that host through the port that is associated with the host for subsequent transmissions.

If the switch receives a data frame for which there is no destination MAC address in the table, it forwards the frame on all ports except the one on which the frame was received. If a response is received from the destination host, the switch enters the host's MAC address into the address table using data from the frame's source address field. In networks with multiple connected switches, the MAC address tables contain multiple MAC addresses of the ports connecting the switches, which reflect elements outside the node. Typically, switch ports used to connect two switches have multiple MAC addresses entered into the corresponding table.

In the past, switches used one of the following forwarding methods to switch data between network ports:

Buffered switching

Switching without buffering

In buffered switching, when the switch receives a frame, it stores the data in a buffer until the entire frame is received. During storage, the switch analyzes the frame to obtain information about its destination. The switch also checks for errors using the tail of the Ethernet cyclic redundancy check (CRC) frame.

When using unbuffered switching, the switch processes data as it arrives, even if the transfer has not yet completed. The switch buffers just enough frames to read the destination MAC address so it can determine which port to forward the data to. The destination MAC address is specified in 6 bytes of the frame after the preamble. The switch looks up the destination MAC address in its switch table, determines the outgoing interface port, and routes the frame to its destination node through the switch's dedicated port. The switch does not check the frame for any errors. Because the switch does not have to wait for the entire frame to be buffered and does not perform error checking, switching without buffering is faster than switching with buffering. However, because the switch does not check for errors, it forwards corrupt frames throughout the network. During forwarding, damaged frames reduce throughput. Ultimately, the destination NIC rejects the corrupted frames.

Modular switches offer greater configuration flexibility. They typically come with varying chassis sizes to allow for multiple modular line cards to be installed. The ports are actually located on line cards. The line card is inserted into the switch chassis, similar to expansion cards installed in a PC. The larger the chassis, the more modules it supports. As shown in the picture, there are many different chassis sizes to choose from. If you purchased a modular switch with a 24-port line card, you can easily install another of the same card, increasing the total number of ports to 48.

If previously the network cable through which data was transferred was simply connected directly to the computer, now the situation has changed. In one residential apartment, office or large company, there is often a need to create a computer network.

For this purpose, devices that are included in the “computer equipment” category are used. Such devices also include a switch that allows . So what is a switch, and how to use it to build a computer network?

What are switch devices used for?

Literally translated from English, the computer term “switch” means a device that is used to create a local network by connecting several computers. A synonym for the word switch is switch or switch.

A switch is a kind of bridge with many ports through which packet data is transmitted to specific recipients. The switch helps optimize the operation of the network, reduces the load on it, increases the level of security, and records individual MAC addresses, which allows you to quickly and efficiently transfer data.

Such switches were able to displace hubs, which were previously used to build computer networks. A switch is a smart device that can process received information about connected devices and then redirect the data to a specific address. As a result, network performance increases several times and Internet speeds up.

Types of equipment

Switch devices are divided into different types according to the following criteria:

Type of ports.
Number of ports.
Port speeds are 10 Mbit/s, 100 Mbit/s and 1000 Sbit/s.
Managed and unmanaged devices.
Manufacturers.
Functions.
Technical specifications.

By the number of ports, switch switches are divided into:

8-port.
16-port.
24-port.
48-port.

For home and small office, a switch with 8 or 16 ports that operate at a speed of 100 Mbit/second is suitable.

For large enterprises, companies and firms, ports with an operating speed of 1000 Mbit per second are needed. Such devices are needed to connect servers and large communications equipment.

Unmanaged switches are the simplest of equipment. Complex switches are managed at the network or third layer of the OSI model - Layer 3 Switch.

Management is also carried out through methods such as:

Web interface.
Command line interface.
SNMP and RMON protocols.

Complex or managed switches allow VLAN, QoS, mirroring, and aggregation features. Also, such switches are combined into one device called a stack. It is designed to increase the number of ports. Other ports are used for stacking.

What do providers use?

When creating a computer network, provider companies create one of its levels:

Access level.
Aggregation level.
Kernel level.

Levels are needed to make it easier to handle the network: scale, configure, introduce redundancy, design the network.

At the switch device access level, end users must be connected to a 100 Mbit/s port. Other requirements for the device include:

Connection via SFP to an aggregation level switch, where information is transferred at a speed of 1 gigabyte per second.
Support VLAN, acl, port security.
Support for security features.

According to this scheme, three layers of the network are created from the Internet provider. First, the network is formed at the level of a residential building (multi-story, private).

Then the network is “scattered” over the microdistrict, when several residential buildings, offices, and companies join the network. At the last stage, a core-level network is created, when entire neighborhoods are connected to the network.

Internet providers form a network using Ethernet technology, which allows subscribers to connect to the network.

How does the switch work?

Thus, when a data packet that is intended only for one PC arrives at one or another equipment port, the information is transmitted addressed to the specified port. When the MAC address has not yet been determined, the information is transmitted to the remaining interfaces. Traffic localization occurs during the operation of the switch device, when the MAC table is filled with the necessary addresses.

Features of setting device parameters

Making appropriate changes to the switch device parameters is the same for each model. Setting up the equipment requires step-by-step actions:

Create two VLAN ports - for clients and for managing switches. VLANs must be designated in the settings as switch ports.
Configure port security, prohibiting receiving more than one MAC address per port. This will avoid transmitting information to another port. Sometimes the Broadcast domain of your home network may merge with the domain of your provider.
Disable STP on the client port to prevent other users from polluting the provider's network with various BPDU packets.
Configure the loopback detection parameter. This will allow you to reject incorrect, defective network cards, and not interfere with the work of users connected to the port.
Create and configure an acl parameter to prohibit non-PPPoE packets from entering the user's network. To do this, in the settings you need to block unnecessary protocols such as DCHP, ARP, IP. Such protocols are designed to allow users to communicate directly, bypassing PPPoE protocols.
Create an acl that denies PPPoE RADO packets coming from client ports.
Enable Storm Control, which will allow you to fight multicast and broadcast floods. This parameter should block non-PPPoE traffic.

If something goes wrong, then it is worth checking PPPoE, which can be attacked by viruses or fake data packets. Due to inexperience and ignorance, users may incorrectly configure the last parameter, and then they need to contact their Internet service provider for help.

How to connect the switch?

Creating a local network of computers or laptops requires the use of a network switch - a switch. Before setting up the equipment and creating the desired network configuration, the process of physically deploying the network occurs. This means that a connection is created between the switch and the computer. To do this, you should use a network cable.

Connections between network nodes are made using a patch cord - a special type of network communication cable made on the basis of twisted pair. It is recommended to purchase a network cable from a specialized store so that the connection process goes smoothly.

You can configure the switch in two ways:

Via the console port, which is intended for making initial switch settings.
Via a universal Ethernet port.

The choice of connection method depends on the equipment interface. Connecting through the console port does not consume any switch bandwidth. This is one of the advantages of this connection method.

You need to launch the VT 100 terminal emulator, then select connection parameters in accordance with the designations in the documentation. When the connection occurs, the user or employee of the Internet company enters a login and password.

To connect via the Ethernet port, you will need an IP address, which is indicated in the documents for the device or requested from your provider.

Once the settings have been made and a computer network has been created using the switch, users should be able to access the Internet from their PCs or laptops without any problems.

When choosing a device to create a network, you need to consider how many computers will be connected to it, what the speed of the ports is, and how they work. Modern providers use Ethernet technology for connection, which allows you to get a high-speed network using a single cable.

03/18/1997 Dmitry Ganzha

Switches occupy a central place in modern local area networks. TYPES OF SWITCHING SWITCHING HUBS METHODS OF PACKET PROCESSING RISC AND ASIC ARCHITECTURE OF HIGH-CLASS SWITCHES BUILDING VIRTUAL NETWORKS THIRD LEVEL SWITCHING CONCLUSION Switching is one of the most popular modern technologies.

Switches occupy a central place in modern local area networks.

Switching is one of the most popular modern technologies. Switches are displacing bridges and routers to the periphery of local networks, leaving behind them the role of organizing communications through the global network. This popularity of switches is primarily due to the fact that they allow, through microsegmentation, to increase network performance compared to shared networks with the same nominal bandwidth. In addition to dividing the network into small segments, switches make it possible to organize connected devices into logical networks and easily regroup them when necessary; in other words, they allow you to create virtual networks.

What is a switch? According to the IDC definition, “a switch is a device designed in the form of a hub and acting as a high-speed multiport bridge; the built-in switching mechanism allows segmentation of the local network and allocation of bandwidth to end stations in the network” (see M. Kulgin’s article “Build a network, plant a tree..." in the February issue LAN). However, this definition applies primarily to frame switches.

TYPES OF SWITCHING

Switching usually refers to four different technologies - configuration switching, frame switching, cell switching, and frame-to-cell conversion.

Configuration switching is also known as port switching, where a specific port on a smart hub module is assigned to one of the internal Ethernet segments (or Token Ring). This assignment is made remotely through software network management when users and resources join or move on the network. Unlike other switching technologies, this method does not improve the performance of the shared LAN.

Frame switching, or LAN switching, uses standard Ethernet (or Token Ring) frame formats. Each frame is processed by the nearest switch and transmitted further across the network directly to the recipient. As a result, the network turns into a set of parallel high-speed direct channels. We will look at how frame switching is carried out inside a switch below using the example of a switching hub.

Cell switching is used in ATM. The use of small fixed-length cells makes it possible to create low-cost, high-speed switching structures at the hardware level. Both frame switches and mesh switches can support multiple independent workgroups regardless of their physical connection (see the section "Building virtual networks").

The conversion between frames and cells allows, for example, a station with an Ethernet card to communicate directly with devices on an ATM network. This technology is used to emulate a local network.

In this lesson we will be primarily interested in frame switching.

SWITCHING HUBS

The first switching hub, called EtherSwictch, was introduced by Kalpana. This hub made it possible to reduce network contention by reducing the number of nodes in a logical segment using microsegmentation technology. Essentially, the number of stations in one segment was reduced to two: the station initiating the request and the station responding to the request. No other station sees the information transmitted between them. Packets are transmitted as if through a bridge, but without the delay inherent in a bridge.

In a switched Ethernet network, each member of a group of multiple users can be simultaneously guaranteed 10 Mbps throughput. The best way to understand how such a hub works is to use an analogy with a regular old telephone switch, in which the participants in the dialogue are connected by a coaxial cable. When a subscriber called “eternal” 07 and asked to be connected to such and such a number, the operator first of all checked whether the line was available; if so, he connected the participants directly using a piece of cable. No one else (with the exception of the intelligence services, of course) could hear their conversation. After the call ended, the operator disconnected the cable from both ports and waited for the next call.

Switching hubs operate in a similar way (see Figure 1): they forward packets from an input port to an output port through the switch fabric. When a packet arrives at an input port, the switch reads its MAC address (i.e., layer 2 address) and it is immediately forwarded to the port associated with that address. If the port is busy, the packet is queued. Essentially, a queue is a buffer on an input port where packets wait for the desired port to become free. However, the buffering methods are slightly different.

Figure 1.
Switching hubs function similarly to older telephone switches: they connect an input port directly to an output port through a switch fabric.

PACKET PROCESSING METHODS

In end-to-end switching (also called in-flight switching and bufferless switching), the switch reads only the address of the incoming packet. The packet is transmitted further regardless of the absence or presence of errors in it. This can significantly reduce packet processing time, since only the first few bytes are read. Therefore, it is up to the receiving party to identify defective packets and request their retransmission. However, modern cable systems are reliable enough that the need for retransmission on many networks is minimal. However, no one is immune to errors in the event of a damaged cable, faulty network card, or interference from an external electromagnetic source.

When switching with intermediate buffering, the switch, receiving a packet, does not transmit it further until it reads it completely, or at least reads all the information it needs. It not only determines the recipient's address, but also checks the checksum, i.e. it can cut off defective packets. This allows you to isolate the error-producing segment. Thus, buffer-and-forward switching emphasizes reliability rather than speed.

Apart from the above two, some switches use a hybrid method. Under normal conditions, they provide end-to-end switching, but monitor the number of errors by checking checksums. If the number of errors reaches a specified threshold, they enter switching mode with forward buffering. When the number of errors decreases to an acceptable level, they return to end-to-end switching mode. This type of switching is called threshold or adaptive switching.

RISC AND ASIC

Often, buffer-forward switches are implemented using standard RISC processors. One advantage of this approach is that it is relatively inexpensive compared to ASIC switches, but it is not very good for specialized applications. Switching in such devices is carried out using software, so their functionality can be changed by upgrading the installed software. Their disadvantage is that they are slower than ASIC-based switches.

Switches with ASIC integrated circuits are designed to perform specialized tasks: all their functionality is “hardwired” into the hardware. There is also a drawback to this approach: when modernization is necessary, the manufacturer is forced to rework the circuit. ASICs typically provide end-to-end switching. The switch fabric ASIC creates dedicated physical paths between an input and output port, as shown in .

ARCHITECTURE OF HIGH-CLASS SWITCHES

High-end switches are typically modular in design and can perform both packet and cell switching. The modules of such a switch perform switching between networks of different types, including Ethernet, Fast Ethernet, Token Ring, FDDI and ATM. In this case, the main switching mechanism in such devices is the ATM switching structure. We will look at the architecture of such devices using the Bay Networks Centillion 100 as an example.

Switching is accomplished using the following three hardware components (see Figure 2):

ATM backplane for ultra-high-speed cell transfer between modules;

a CellManager special-purpose integrated circuit on each module to control cell transfer across the backplane;

a special-purpose SAR integrated circuit on each module to convert frames to cells and vice versa.

(1x1)

Figure 2.
Cell switching is increasingly being used in high-end switches due to its high speed and ease of migration to ATM.

Each switch module has I/O ports, buffer memory, and a CellManager ASIC. In addition, each LAN module also has a RISC processor to perform frame switching between local ports and a packet assembler/disassembler to convert frames and cells into each other. All modules can independently switch between their ports, so that only traffic destined for other modules is sent through the backplane.

Each module maintains its own table of addresses, and the main control processor combines them into one common table, so that an individual module can see the network as a whole. If, for example, an Ethernet module receives a packet, it determines who the packet is addressed to. If the address is in the local address table, then the RISC processor switches the packet between local ports. If the destination is on another module, then the assembler/disassembler converts the packet into cells. The CellManager specifies a destination mask to identify the module(s) and port(s) to which the cells payload is destined. Any module whose board mask bit is specified in the destination mask copies the cell to local memory and transmits the data to the corresponding output port in accordance with the specified port mask bits.

BUILDING VIRTUAL NETWORKS

In addition to increasing productivity, switches allow you to create virtual networks. One of the methods for creating a virtual network is to create a broadcast domain through a logical connection of ports within the physical infrastructure of a communication device (this can be either a smart hub - configuration switching or a switch - frame switching). For example, the odd ports of an eight-port device are assigned to one virtual network, and the even ports are assigned to another. As a result, a station in one virtual network becomes isolated from stations in another. The disadvantage of this method of organizing a virtual network is that all stations connected to the same port must belong to the same virtual network.

Another method for creating a virtual network is based on the MAC addresses of connected devices. With this method of organizing a virtual network, any employee can connect, for example, his laptop computer to any switch port, and it will automatically determine whether his user belongs to a particular virtual network based on the MAC address. This method also allows users connected to the same switch port to belong to different virtual networks. For more information about virtual networks, see the article by A. Avduevsky “Such real virtual networks” in the March issue of LAN for this year.

LEVEL 3 SWITCHING

For all their advantages, switches have one significant drawback: they are unable to protect the network from avalanches of broadcast packets, and this leads to unproductive network load and increased response time. Routers can monitor and filter unnecessary broadcast traffic, but they are orders of magnitude slower. Thus, according to Case Technologies documentation, the typical performance of a router is 10,000 packets per second, and this cannot be compared with the same indicator of a switch - 600,000 packets per second.

As a result, many manufacturers have begun to build routing capabilities into switches. To prevent the switch from being significantly slowed down, various techniques are used: for example, both Layer 2 switching and Layer 3 switching are implemented directly in hardware (ASICs). Different manufacturers call this technology differently, but the goal is the same: the routing switch must perform Layer 3 functions at the same speed as Layer 2 functions. An important factor is the price of such a device per port: it should also be low, like that of switches (see article by Nick Lippis in the next issue of LAN magazine).

CONCLUSION

Switches are both structurally and functionally very diverse; It is impossible to cover all their aspects in one short article. In the next tutorial, we'll take a closer look at ATM switches.

Dmitry Ganzha is the executive editor of LAN. He can be contacted at: [email protected].

Switches in the local network