The issues of building local networks seem very difficult to non-specialist users due to the extensive terminological dictionary. Hubs and switches are drawn in the imagination by complex equipment, reminiscent of telephone exchanges, and the creation of a local home network becomes a reason for contacting specialists. In fact, the switch is not as terrible as its name: both devices are elementary network nodes with minimal functionality, do not require knowledge of installation and operation and are quite accessible to everyone.
Definition
Hub - a network hub designed to unite computers into a single local network by connecting Ethernet cables.
Switch (switch - switch) - a network switch designed to combine several computers into a local network via an Ethernet interface.
Comparison
As you can see from the definition, the difference between a hub and a switch is related to the type of device: a hub and a switch. Despite one problem - organizing a local network via Ethernet - the devices approach it in different ways. A hub is a simple splitter that provides a direct connection between network clients. A switch is a smarter device that distributes data packets between clients in accordance with the request.
A hub, receiving a signal from one node, transmits it to all connected devices, and the reception depends entirely on the addressee: the computer must itself recognize whether the packet is intended for it. Naturally, the answer assumes the same pattern. The signal pokes into all network segments until it finds one that will receive it. This circumstance reduces the network bandwidth (and the data exchange rate, respectively). The switch, receiving a data packet from the computer, sends it to the exact address specified by the sender, relieving the network of the load. A network organized through a switch is considered more secure: traffic is exchanged directly between two clients, and others cannot process a signal that is not intended for them. Unlike a hub, a switch provides a high throughput of the created network.
Logitec LAN-SW / PS Hub
The switch requires the correct configuration of the network card of the client computer: the IP address and subnet mask must match each other (the subnet mask specifies part of the IP address as the network address, and the other part as the client address). The hub does not require settings, because it works at the physical layer of the OSI network model, broadcasting a signal. The switch works at the channel level, exchanging data packets. Another feature of the hub is the equalization of nodes in relation to the data transfer rate, focusing on the lowest rates.
COMPEX PS2208B switch Conclusions site
- Hub - hub, switch - switch.
- The hub device is the simplest, the switch is more “intelligent”.
- The hub transmits the signal to all clients of the network, the switch - only to the addressee.
- The performance of a network organized through a switch is higher.
- The switch provides a higher level of data transmission security.
- The hub works at the physical layer of the OSI network model, the switch works at the channel one.
- The switch requires the correct configuration of the network cards of the network clients.
In the vast majority of home LANs, only a wireless router is used from active equipment. However, if you need more than four wired connections, you will need to add a network switch (although today there are routers for seven to eight ports for clients). The second common reason for purchasing this equipment is for better network wiring. For example, you can install the switch near a TV, connect one cable from the router to it, and the TV itself, a media player, a game console and other equipment to the other ports.
The simplest models of network switches have just a couple of key characteristics - the number of ports and their speed. And given the modern requirements and the development of the element base, we can say that if the goal of saving at any cost or any specific requirements is not worth buying, it is worth buying models with gigabit ports. FastEthernet networks with a speed of 100 Mbit / s are of course used today, but it is unlikely that their users will face the problem of a lack of ports on the router. Although, of course, this is possible, if we recall the products of some well-known manufacturers for one or two ports for a local network. Moreover, it would be appropriate to use a gigabit switch here to increase the performance of the entire wired LAN.
In addition, when choosing, you can also take into account the brand, material and design of the case, the option of implementing the power supply (external or internal), the presence and location of indicators and other parameters. Surprisingly, the characteristic of the speed of work, which is familiar to many other devices, in this case practically does not make sense, which was recently published. In data transfer tests, models of completely different categories and costs show the same results.
In this article, we decided to briefly talk about what can be interesting and useful in "real" switches of the second level (Level 2). Of course, this material does not pretend to be the most detailed and in-depth presentation of the topic, but, hopefully, it will be useful to those who have met more serious tasks or requirements when building their local network in an apartment, house or office than to put a router and set up Wi- Fi. In addition, many topics will be presented in a simplified format that reflects only the highlights in an interesting and varied network packet switching topic.
Past articles in the series "Building a Home Network" are available here:
In addition, useful information on networking is available in this subsection.
Theory
First, let's remember how a "regular" network switch works.
This "box" is small in size, several RJ45 ports for connecting network cables, a set of indicators and a power input. It works according to the algorithms programmed by the manufacturer and does not have any settings available to the user. The principle "plugged in cables - turned on the power - works" is used. Each device (more precisely, its network adapter) in the local network has a unique address - the MAC address. It consists of six bytes and is written in the format "AA: BB: CC: DD: EE: FF" with hexadecimal digits. You can find out it programmatically or spy on the information plate. It is formally considered that this address was issued by the manufacturer at the production stage and is unique. But in some cases this is not the case (uniqueness is required only within the local network segment, and you can easily change the address in many operating systems). By the way, the first three bytes sometimes give the name of the creator of the chip or even the entire device.
If for the global network (in particular the Internet), device addressing and packet processing are performed at the level of IP addresses, then MAC addresses are used for this in each individual local network segment. All devices on the same local network must have different MAC addresses. If this is not the case, there will be problems with the delivery of network packets and network operation. Moreover, this low level of information exchange is implemented within the network stacks of operating systems and the user does not need to interact with it. Perhaps, in reality, there are literally a couple of situations where a MAC address can be used. For example, when replacing a router on a new device, specify the same MAC address of the WAN port as on the old one. The second option is to enable MAC address filters on the router to block access to the Internet or Wi-Fi.
A conventional network switch allows you to combine several clients to exchange network traffic between them. Moreover, each port can be connected not only to one computer or other client device, but also to another switch with its clients. A rough diagram of the switch's operation is as follows: when a packet arrives at a port, it remembers the sender's MAC and writes it to the "clients on this physical port" table, the recipient's address is checked against other similar tables, and when it is in one of them, the packet is sent to the corresponding physical port. Additionally, algorithms are provided for eliminating loops, searching for new devices, checking if a device has changed a port, and others. To implement this scheme, no complex logic is required, everything works on fairly simple and inexpensive processors, so, as we said above, even the lowest models are capable of showing maximum speeds.
Managed or sometimes called “smart” switches are much more complex. They are able to use more information from network packets to implement more complex algorithms for their processing. Some of these technologies can be useful for home users of "high level" or with increased requirements, as well as for solving some special problems.
Switches of the second level (Level 2, the level of the data channel) are able to take into account, when switching packets, information inside some fields of network packets, in particular VLAN, QoS, multicast and some others. We will talk about this option in this article. More sophisticated models of the third level (Level 3) can be considered as routers, since they operate with IP addresses and work with the third level protocols (in particular RIP and OSPF).
Please note that there is no single universal and standard set of features for managed switches. Each manufacturer creates its own product lines based on its own understanding of consumer requirements. So in each case it is worth paying attention to the specifications of a specific product and their compliance with the tasks set. Of course, there is no question of any "alternative" firmware with wider possibilities.
As an example, we are using a Zyxel GS2200-8HP device. This model has been on the market for a long time, but it is quite suitable for this article. Zyxel's current products in this segment generally provide similar capabilities. In particular, the current device of the same configuration is offered under the article number GS2210-8HP.
The Zyxel GS2200-8HP is an 8-port (24-port version in the series) Managed Gigabit Switch Level 2, which also has PoE support and combo RJ45 / SFP ports, as well as some features of higher switching levels.
By its format, it can be called a desktop model, but the delivery set includes additional fasteners for installation in a standard 19 ″ rack. The body is made of metal. On the right side we see a ventilation grill, and on the opposite side there are two small fans. At the back there is only a network cable input for the built-in power supply.
All connections are traditionally made for such equipment from the front side for ease of use in racks with patch panels. On the left is an insert with the manufacturer's logo and a highlighted device name. Next are the indicators - power, system, alarm, status / activity and power LEDs for each port.
Next, the main eight network connectors are installed, and after them two RJ45 and two SFP duplicating them with their own indicators. Such solutions are another characteristic feature of such devices. Usually SFP is used to connect optical communication lines. Their main difference from the usual twisted pair is the ability to work at significantly greater distances - up to tens of kilometers.
Due to the fact that different types of physical lines can be used here, SFP ports are installed directly in the switch, into which special transceiver modules must be installed, and optical cables are already connected to them. At the same time, the ports received do not differ in their capabilities from the rest, of course, except for the lack of PoE support. They can also be used in port trunking mode, VLAN scenarios, and other technologies.
The console serial port completes the description. It is used for service and other operations. In particular, we note that there is no reset button familiar to home equipment. In difficult cases of loss of control, you will have to connect through the serial port and reload the entire configuration file in debug mode.
The solution supports Web and command line administration, firmware upgrade, 802.1x protocol to protect against unauthorized connections, SNMP for integration into monitoring systems, packets up to 9216 bytes (Jumbo Frames) to increase network performance, L2 switching services, stacking capability for ease of administration.
Of the eight primary ports, half support PoE + with up to 30W per port, and the other four support PoE with 15.4W. The maximum power consumption is 230 W, of which up to 180 W can be supplied via PoE.
The electronic version of the user manual is over three hundred pages long. So the features described in this article represent only a small part of the capabilities of this device.
Management and control
Unlike simple network switches, smart switches have tools for remote configuration. Their role is often played by the familiar Web interface, and for "real admins" access to the command line with their own interface via telnet or ssh is provided. A similar command line can be obtained through a serial port connection on the switch. In addition to habit, working with the command line has the advantage of convenient scripting automation. There is also support for the FTP protocol, which allows you to quickly upload new firmware files and manage configurations.
For example, you can check the status of connections, manage ports and modes, allow or deny access, and so on. In addition, this option is less bandwidth-hungry (requires less traffic) and equipment used for access. But in the screenshots, of course, the Web interface looks more beautiful, so in this article we will use it for illustrations. Security is provided by the traditional administrator username / password, HTTPS support, and additional restrictions on switch management access can be configured.
Note that unlike many home devices, the interface has an explicit button to save the current switch configuration to its nonvolatile memory. Also on many pages you can use the Help button to bring up contextual help.
Another option for monitoring the operation of the switch is using the SNMP protocol. With the use of specialized programs, you can get information about the hardware state of the device, such as temperature or loss of a link on a port. For large projects, it will be useful to implement a special mode for managing multiple switches (a cluster of switches) from a single interface - Cluster Management.
The minimum initial steps for starting up the device usually include updating the firmware, changing the administrator password, and setting the switch's own IP address.
In addition, it is usually worth paying attention to options such as network name, synchronization of the built-in clock, sending an event log to an external server (for example, Syslog).
When planning the network diagram and switch settings, it is recommended to calculate and think over all the points in advance, since the device does not have built-in controls for blocking and contradictions. For example, if you "forget" that you previously configured port aggregation, then VLANs with their participation may not behave at all as required. Not to mention the possibility of losing communication with the switch, which is especially unpleasant when connecting remotely.
One of the basic "smart" functions of switches is to support network port aggregation (trunking) technologies. Also for this technology, such terms are used as trunking, bonding, teaming. In this case, clients or other switches are connected to this switch not with one cable, but with several cables at once. Of course, this also requires several network cards on the computer. Network cards can be either separate or made as a single expansion card with multiple ports. Typically in this scenario, we are talking about two or four links. The main tasks solved in this way are increasing the speed of the network connection and increasing its reliability (duplication). A switch can support several such connections at once, depending on its hardware configuration, in particular, the number of physical ports and processor power. One option is to connect a pair of switches in this manner, which will increase overall network performance and eliminate bottlenecks.
To implement the scheme, it is desirable to use network cards that explicitly support this technology. But in general, the implementation of port aggregation can be done at the software level. This technology is most often implemented through the open protocol LACP / 802.3ad, which is used to monitor the status of links and manage them. But there are also private versions of individual vendors.
At the level of the client operating system, after the appropriate configuration, a new standard network interface usually appears, which has its own MAC and IP addresses, so that all applications can work with it without any special actions.
Fault tolerance is provided by the presence of multiple physical connections between devices. If the connection fails, the traffic is automatically redirected along the remaining links. After the line is restored, it will start working again.
As for increasing the speed, the situation is a little more complicated here. Formally, we can assume that productivity is multiplied according to the number of lines used. However, the real growth in the data transfer rate depends on specific tasks and applications. In particular, if we are talking about such a simple and widespread task as reading files from a network drive on a computer, then it will not benefit from port bundling, even if both devices are connected to the switch with several links. However, if port trunking is configured on the NAS and multiple "regular" clients access it at the same time, then this option will already receive a significant gain in overall performance.
Some examples of use and test results are given in the article. Thus, we can say that the use of port trunking technologies at home will be useful only if there are several fast clients and servers, as well as a sufficiently high load on the network.
Configuring port aggregation on a switch is usually straightforward. In particular, on the Zyxel GS2200-8HP, the required parameters are found in the Advanced Application - Link Aggregation menu. In total, this model supports up to eight groups. At the same time, there are no restrictions on the composition of groups - you can use any physical port in any group. The switch supports both static port trunking and LACP.
On the status page, you can check the current assignments by group.
On the settings page, active groups and their type are indicated (used to select a scheme for distributing packets over physical links), as well as assigning ports to the required groups.
If necessary, enable LACP for the required groups on the third page.
Next, you need to configure similar parameters on the device on the other side of the link. In particular, on the QNAP NAS, this is done as follows - go to the network settings, select the ports and the type of their association.
After that, you can check the status of the ports on the switch and evaluate the effectiveness of the solution in your tasks.
VLAN
In the usual configuration of a local network, network packets "walking" along it use a common physical environment, like the streams of people at metro transfer stations. Of course, switches in a certain sense exclude "foreign" packets from getting to the interface of your network card, but some packets, for example broadcast, can penetrate any corner of the network. Despite the simplicity and high speed of this scheme, there are situations when, for some reason, you need to separate certain types of traffic. This may be due to security requirements or the need to meet performance or prioritization requirements.
Of course, these issues can be solved by creating a separate segment of the physical network - with its own switches and cables. But this is not always possible to implement. This is where VLAN (Virtual Local Area Network) technology can come in handy - a logical or virtual local area network. It can also be referred to as 802.1q.
In a rough approximation, the operation of this technology can be described as the use of additional "labels" for each network packet when processing it in the switch and on the end device. In this case, data exchange works only within a group of devices with the same VLAN. Since not all equipment uses VLAN, the scheme also uses such operations as adding and removing tags of a network packet as they pass through the switch. Accordingly, it is added when a packet is received from the "normal" physical port for sending through the VLAN, and removed when it is necessary to transfer the packet from the VLAN to the "normal" port.
As an example of using this technology, we can recall the multiservice connections of operators - when you get access to the Internet, IPTV and telephony via one cable. This was previously encountered in ADSL connections, and today it is used in GPON.
The considered switch supports the simplified "Port-based VLAN" mode, when the division into virtual networks is carried out at the level of physical ports. This scheme is less flexible than 802.1q, but may be useful in some configurations. Note that this mode is mutually exclusive with 802.1q, and a corresponding item in the Web interface is provided for selection.
To create a VLAN according to the 802.1q standard, on the Advanced Applications - VLAN - Static VLAN page, specify the name of the virtual network, its identifier, and then select the ports involved in the operation and their parameters. For example, when connecting regular clients, it is worth removing VLAN tags from packets sent to them.
Depending on whether it is a client connection or a switch connection, you need to configure the required options on the Advanced Applications - VLAN - VLAN Port Settings page. In particular, this concerns adding labels to incoming packets at the port input, allowing broadcast through the port of packets without tags or with other identifiers and isolation of the virtual network.
Access control and authentication
Ethernet technology originally did not support physical media access control. It was enough to plug the device into the switch port - and it began to work as part of the local network. In many cases, this is sufficient because protection is provided by the complexity of the direct physical connection to the network. But today the requirements for the network infrastructure have changed significantly and the implementation of the 802.1x protocol is increasingly found in network equipment.
In this scenario, when connecting to a switch port, the client provides its authentication data and without confirmation from the access control server, no information is exchanged with the network. Most often, the scheme assumes the presence of an external server such as RADIUS or TACACS +. The use of 802.1x also provides additional control over networking. If in the standard scheme it is possible to "bind" only to the client's hardware parameter (MAC-address), for example, for issuing IP, setting speed limits and access rights, then working with user accounts will be more convenient in large networks, since it allows for the mobility of clients and other top-level capabilities.
The test used a RADIUS server on a QNAP NAS. It is designed as a separately installable package and has its own user base. It is quite suitable for this task, although in general it has few possibilities.
The client was a Windows 8.1 computer. To use 802.1x, you need to enable one service on it and after that a new tab appears in the properties of the network card.
Note that in this case we are talking exclusively about controlling access to the physical port of the switch. Also, do not forget to ensure that the switch always has reliable access to the RADIUS server.
The switch has two functions to implement this feature. The first, the simplest one, allows you to restrict incoming and outgoing traffic on a specified physical port.
This switch also enables prioritization of physical ports. In this case, there are no hard boundaries for speed, but you can select devices whose traffic will be processed first.
The second is included in a more general scheme with the classification of switched traffic according to various criteria and is only one of the options for its use.
First, on the Classifier page, you need to define the traffic classification rules. They apply Level 2 criteria - in particular, MAC addresses, and in this model, Level 3 rules - including protocol type, IP addresses and port numbers - can be applied.
Next, on the Policy Rule page, you specify the necessary actions with the traffic “selected” according to the selected rules. The following operations are provided here: setting a VLAN tag, limiting the rate, outputting a packet to a specified port, setting a priority field, dropping a packet. These functions allow, for example, to limit the data exchange rates for customer data or services.
More complex schemes can use 802.1p priority fields in network packets. For example, you can tell the switch to handle telephony traffic first and set browsers to the lowest priority.
PoE
Another feature that is not directly related to the packet switching process is to provide power to client devices through a network cable. This is often used to connect IP cameras, telephones, and wireless access points to reduce the number of wires and simplify wiring. When choosing such a model, it is important to take into account several parameters, the main of which is the standard used by the client equipment. The fact is that some manufacturers use their own implementations, which are incompatible with other solutions and may even lead to breakdown of "someone else's" equipment. It is also worth highlighting "passive PoE" when power is transmitted with a relatively low voltage without feedback and control of the recipient.
A more correct, convenient and versatile option would be to use "active PoE", working according to 802.3af or 802.3at standards and capable of transmitting up to 30 W (higher values \u200b\u200bare also found in new versions of the standards). In this scheme, the transmitter and the receiver exchange information with each other and agree on the necessary power parameters, in particular the power consumption.
For verification, we connected a PoE 802.3af compatible Axis camera to the switch. The corresponding LED on the front panel of the switch illuminates that power is being supplied to that port. Further, through the Web interface, we will be able to monitor the status of consumption by ports.
Also interesting is the ability to control the power supply to the ports. Since if the camera is connected with one cable and is in a hard-to-reach place, to reboot it, if necessary, you will need to disconnect this cable either on the camera side or in the wiring closet. And here you can remotely log into the switch in any available way and simply uncheck the "supply power" checkbox, and then put it back. In addition, the PoE settings can be configured to prioritize power supply.
As we wrote earlier, the key field of network packets in this equipment is the MAC address. Managed switches often have a set of services focused on using this information.
For example, the model under consideration supports static assignment of MAC addresses to a port (usually this operation occurs automatically), filtering (blocking) of packets by the MAC addresses of the sender or recipient.
In addition, you can limit the number of client MAC address registrations on the switch port, which can also be considered an additional security enhancement option.
Most Layer 3 network packets are usually unidirectional - they go from one destination to one recipient. But some services use multicast technology, when one package has several recipients at once. The most famous example is IPTV. Using multicast here can significantly reduce bandwidth requirements when it is necessary to deliver information to a large number of clients. For example, multicast 100 TV channels with a stream of 1 Mbit / s will require 100 Mbit / s for any number of clients. Using standard technology, 1000 clients would require 1000 Mbps.
We will not go into the details of IGMP, we will only note the ability to fine-tune the switch for efficient operation under a heavy load of this type.
In complex networks, special protocols can be used to control the path of network packets. In particular, they eliminate topological loops (packet looping). The considered switch supports STP, RSTP and MSTP and has flexible settings for their operation.
Another function that is in demand in large networks is protection against situations such as "broadcast storm". This concept characterizes a significant increase in broadcast packets in the network, blocking the passage of "normal" payload traffic. The easiest way to combat this is to set limits on the processing of a certain number of packets per second for the switch ports.
Additionally, the device has an Error Disable function. It allows the switch to disable ports if excessive service traffic is detected on them. This allows you to maintain performance and automatically recovers when the problem is corrected.
Another more security-related task is monitoring all traffic. In normal mode, the switch implements the scheme of sending packets only directly to their recipients. It is impossible to "catch" a "foreign" packet on another port. To accomplish this task, the port mirroring technology is used - control equipment is connected to the selected switch port and all traffic from the specified other ports is configured to be sent to this port.
IP Source Guard, DHCP Snooping ARP Inspection are also focused on improving security. The first allows you to configure filters with MAC, IP, VLAN and port numbers through which all packets will pass. The second protects the DHCP protocol, the third automatically blocks unauthorized clients.
Conclusion
Of course, the capabilities described above are only a fraction of the network switching technologies available on the market today. And even from this small list, not all of them can find real use among home users. Perhaps the most common are PoE (for example, for powering network cameras), port trunking (in the case of a large network and the need for fast traffic exchange), traffic control (to ensure the operation of streaming applications with a high load on the channel).
Of course, it is not at all necessary to use business-grade devices to solve these problems. For example, in stores you can find a regular switch with PoE, port trunking is also found in some top routers, prioritization is also beginning to be found in some models with fast processors and high-quality software. But, in our opinion, the option of purchasing more professional equipment, including in the secondary market, can be considered for home networks with increased requirements for performance, security and manageability.
By the way, there is actually another option. As we said above, in all "smart" switches of the "mind" itself, there can be a different amount. And many manufacturers have a series of products that fit well into a home budget while still providing many of the features described above. The Zyxel GS1900-8HP can be mentioned as an example.
This model has a compact metal case, external power supply, eight Gigabit PoE ports, and a Web interface for configuration and management.
The device firmware supports port aggregation with LACP, VLAN, port rate limiting, 802.1x, port mirroring and other functions. But unlike the "real managed switch" described above, all this is configured exclusively through the Web interface and, if necessary, even using the assistant.
Of course, we are not talking about the proximity of this model to the device described above in terms of its capabilities in general (in particular, there are no traffic classification tools and Level 3 functions). Rather, it is simply a more suitable option for a home user. Similar models can be found in catalogs from other manufacturers.
The logical topology of an Ethernet network is a multi-access bus in which all devices share the same communication medium. This logical topology defines how nodes on a network view and process frames that are sent and received on that network. However, virtually all Ethernet networks today use a physical star or extended star topology. This means that in most Ethernet networks, endpoints are typically connected to a Layer 2 LAN switch in a point-to-point manner.
A Layer 2 LAN switch performs switching and filtering only based on the MAC address of the OSI link layer. The switch is completely transparent to network protocols and user applications. The Layer 2 switch creates a MAC address table, which it later uses to make packet forwarding decisions. Layer 2 switches rely on routers to transfer data between independent IP subnets.
Switches use MAC addresses to transmit data over the network through their fabric to the corresponding port towards the destination host. A switch fabric is an integrated channel and complementary machine programming tool that controls the path of data through the switch. In order for the switch to understand which port to use to transmit a unicast frame, it first needs to know what hosts are on each of its ports.
The switch determines how to handle incoming frames using its own MAC address table. It creates its own MAC address table, adding to it the MAC addresses of the nodes that are connected to each of its ports. After entering the MAC address for a particular node connected to a specific port, the switch will be able to send traffic intended for this node through the port that is associated with the node for subsequent transmissions.
If the switch receives a data frame for which there is no destination MAC address in the table, it forwards that frame on all ports except the one on which the frame was received. If a response is received from the destination host, the switch populates the host's MAC address in the address table using the data in the source address field of the frame. In networks with multiple connected switches, the MAC address tables are populated with multiple MAC addresses for the ports connecting the switches, which reflect off-site elements. Typically, switch ports used to connect two switches have multiple MAC addresses listed in the corresponding table.
In the past, switches have used one of the following forwarding methods to switch data between network ports:
Buffered switching
Unbuffered switching
In buffered switching, when the switch receives a frame, it stores the data in a buffer until the entire frame is received. During storage, the switch analyzes the frame to obtain information about its destination. In doing so, the switch also performs error checking using the tail of the Ethernet cyclic redundancy check (CRC) frame.
With unbuffered switching, the switch processes data as it arrives, even if the transfer is still pending. The switch buffers just as many frames as it takes to read the destination MAC address so it can determine which port to forward data to. The destination MAC address is specified in 6 bytes of the frame after the preamble. The switch looks for the destination MAC address in its switch table, determines the outgoing interface port, and forwards the frame to its destination host through the dedicated switch port. The switch does not check the frame for any errors. Because the switch does not need to wait for the entire frame to be buffered, nor does it perform error checking, unbuffered switching is faster than buffered switching. However, since the switch does not check for errors, it forwards the damaged frames across the entire network. Damaged frames reduce bandwidth when in transit. Ultimately, the destination NIC rejects the corrupted frames.
Modular switches offer great configuration flexibility. They are typically shipped with a variety of chassis sizes to accommodate multiple modular line cards. The ports are actually located on line cards. The line card plugs into the switch chassis similar to expansion cards installed in a PC. The larger the chassis, the more modules it supports. There are many different chassis sizes to choose from, as shown in the illustration. If you purchased a modular switch with a 24-port line card, you can easily add another one of the same card, bringing the total number of ports to 48.
Connecting the Internet to an apartment or a private house always raises many questions. To begin with, we choose an Internet provider if there is a lot to choose from. After that we look closely at the tariffs, and only then we try to find out how the switch differs from the router.
Equipment
Both devices belong to They are designed for the functioning of computer networks. These include not only a switch and a router, but also a hub, patch panel, etc. Anyone can be assigned to one of the groups: active or passive. You need to understand what is the difference between them.
Active
These devices are built on electronic circuits that receive electrical power. Such equipment is designed to amplify and convert the signal. The main characteristic is the use of special algorithms for processing. What does it mean?
The Internet works with batch sending of files. Each such set has its own technical parameters: this includes materials about its sources, purposes, data integrity, etc. These indicators make it possible to transfer packets to the desired address.
An active device not only finds a signal, but also processes these technical parameters. It directs them downstream according to built-in algorithms. This skill enables the apparatus to be called such.
Passive
This group is not receiving the required power from the mains. Works with distributing and reducing signal levels. Such devices can safely include cables, plug and socket, balun, patch panel. Some attribute it to telecommunication cabinets, cable trays, etc.
Variety
Since the network is active mainly due to the first group of devices, we will talk about it. This includes ten different types of devices. For example, a network adapter that is located in the computer itself. Network equipment of this type is now found in all PCs and helps to connect to the LAN.
The repeater should also be included here. The device has two ports and works with signal duplication. Thus, it helps to increase the size of the network segment. A hub is also an active piece of equipment, sometimes referred to as a hub. It operates with 4-32 channels and serves for the interaction of all participants in the network.
And finally, we got to the question of how a switch differs from a router. Although besides them, there is also a repeater, a media converter, a bridge and a network transceiver.
Router
So let's start with this device. People simply call it a router. It serves to forward packets between different network segments. It is guided by the rules and routing tables. The device connects networks with different architectures. In order to correctly complete the process, it studies the typology, determines the rules set by the administrator.
To understand the question of how a switch differs from a router, it is important to understand the principles of operation of one and the second device. So, the router first examines the information about the recipient: it looks at his address and the name of the set. Then it goes to and identifies the path for transferring files. If the tables do not contain the required information, the data packets are discarded.
Sometimes other methods can be used to select the desired path. For example, the sender's address, upper-layer protocols and all the data hidden behind the set name are examined.
Routers interact with address translation, filter transit streams according to the prescribed rules, encrypt or decrypt transmitted files.
Switch
A network switch or switch is a device that interacts with the connection of several PC network nodes. The whole process does not go beyond several or one part of the network.
This equipment also belongs to the active group. It operates at the OSI data link layer. Since the switch was originally configured to work with bridging parameters, it can be considered as a multiport bridge. To combine several lines at the network level, a router is used.
The switch has no control over the distribution of traffic from one gadget to the rest. It only transfers information to the right person. The process has good performance and keeps the internet safe.
The switch's job is to store the switching table and, using it, determine the correspondence between MAC addresses. When the equipment is connected, the table is empty and is filled in as the device learns itself.
Files that go to one of the ports are immediately sent through other channels. The device begins to examine the frames and, after determining the sender's addresses, temporarily adds the information to the archive. When a port receives a frame, the address of which has already been recorded, it will be transmitted along the path specified in the configuration.
Difference
How is a switch different from a router? At first glance, it is definitely worth saying that the main differences between these devices lie in the principles of operation. There is a rather interesting analogy that easily explains the difference.
Let's say we have a corporate mail server. The employee has sent the file, which must reach the recipient through an internal or local delivery system. In this case, the switch is the mail server, and the router is local.
What we have? The switch does not analyze mail content and type. It keeps a list of all employees of the company, the addresses of their offices. Therefore, its main task is to send mail to a specific addressee.
In this whole story, the router works as a postman to deliver information to people outside the company. He checks the content and can independently change the delivery rules if any additional information is found in the letter.
The disadvantage of a router compared to a switch lies in the complex and costly administration. Specialists who work with this equipment must own a huge number of parameters. In this case, the configuration must always be consistent with another configuration in the network.
conclusions
Most companies are trying to modernize their network, so they are replacing outdated equipment with a switch between routers and networks. New devices help improve productivity, and their legacy counterparts continue to work on security.
Configuring a router and switch is not easy. It is generally better for an ordinary user not to go here. When setting up a home network, specialists come to install this equipment and configure it in parallel. This process is not easy. It is individual for each provider and specific network.
If there are any failures, then you need to contact your Internet provider, because if there are problems with the configuration, then you cannot cope without it.
The switch is one of the most important devices used in building a local network. In this article, we will talk about what switches are and dwell on the important characteristics that you need to consider when choosing a LAN switch.
First, let's look at a general block diagram in order to understand what place the switch occupies in the local network of an enterprise.
The figure above shows the most common block diagram of a small local area network. As a rule, access switches are used in such local networks.
Access switches are directly connected to end users, giving them access to local network resources.
However, in large local area networks, switches perform the following functions:
Network access level... As mentioned above, access switches provide connection points for end-user devices. In large local area networks, the frames of the access switches do not interact with each other, but are transmitted through the distribution switches.
Distribution level... Switches of this layer forward traffic between access switches, but do not interact with end users.
System kernel level... Devices of this type combine data transmission channels from distribution level switches in large local area networks and provide a very high speed of switching data streams.
Switches are:
Unmanaged switches. These are ordinary stand-alone devices in the local network that manage the data transfer on their own and do not have the possibility of additional configuration. Due to the ease of installation and low price, they are widely used for installation at home and small businesses.
Managed switches... More advanced and expensive devices. Allows the network administrator to independently configure them for specified tasks.
Managed switches can be configured in one of the following ways:
Through the console portVia WEB interface
Across Telnet Via SNMP
Through SSH
Switch levels
All switches can be divided into model levelsOSI ... The higher this level is, the more capabilities the switch has, however, its cost will be much higher.
Layer 1 switches... This level includes hubs, repeaters and other devices operating at the physical level. These devices were at the dawn of the development of the Internet and are currently not used on the local network. Having received a signal, a device of this type simply transmits it further, to all ports, except for the sender's port
Layer 2 switches (layaer 2). This level includes unmanaged and some managed switches (switch ) working at the link level of the modelOSI ... Layer 2 switches work with frames - frames: a stream of data divided into chunks. Having received the frame, the Layer 2 switch subtracts the sender's address from the frame and enters it into its tableMAC addresses, matching this address to the port on which he received this frame. Thanks to this approach, Layer 2 switches forward data only to the destination port, without creating excessive traffic on the remaining ports. Layer 2 switches don't understandIP addresses located on the third network level of the modelOSI and work only at the link level.
Layer 2 switches support the most common protocols such as:
IEEE 802.1 qor VLAN virtual local area networks. This protocol allows creating separate logical networks within one physical network.
For example, devices connected to the same switch, but located in differentVLAN will not see each other and will be able to transmit data only in their broadcast domain (to devices from the same VLAN). Computers in the figure above will be able to transfer data between themselves using a device operating at the third level withIP addresses: router.
IEEE 802.1p (Priority tags ). This protocol is initially present in the protocolIEEE 802.1q and is a 3-bit field from 0 to 7. This protocol allows you to mark and sort all traffic by priority by setting priorities (maximum priority 7). Frames with higher priority will be forwarded first.
IEEE 802.1d Spanning tree protocol (STP).This protocol builds a local network in a tree structure to avoid network loopbacks and prevent network storms from forming.
Let's say the installation of a local network is made in the form of a ring to increase the fault tolerance of the system. The switch with the highest priority on the network is selected as the Root.In the example above, SW3 is the root. Without going deep into the algorithms for executing the protocol, the switches calculate the path with the maximum cost and block it. For example, in our case, the shortest path from SW3 to SW1 and SW2 will be through its own dedicated interfaces (DP) Fa 0/1 and Fa 0/2. In this case, the default path cost for the 100 Mbit / s interface will be 19. The Fa 0/1 interface of the local network switch SW1 is blocked because the total path cost will be the sum of two hops between 100 Mbit / s interfaces 19 + 19 \u003d 38.
If the working route is damaged, the switches will recalculate the path and unblock this port
IEEE 802.1w Rapid spanning tree protocol (RSTP).Advanced 802.1 standardd , which has higher stability and shorter link recovery time.
IEEE 802.1s Multiple spanning tree protocol.Latest version considering all protocol flawsSTP and RSTP.
IEEE 802.3ad Link aggregation for parallel link.This protocol allows you to combine ports into groups. The total speed of this aggregation port will be the sum of the speeds of each port in it.The maximum speed is determined by the IEEE 802.3ad standard and is 8 Gbps.
Layer 3 switches (layer 3). These devices are also called multiswitches because they combine the capabilities of switches working at the second level and routers working withIP packages at the third level. Layer 3 switches fully support all functions and standards of Layer 2 switches. They can work with network devices by IP addresses. The Layer 3 switch supports a variety of connections:l 2 tp, pptp, pppoe, vpn, etc.
Layer 4 switches 4) . L4 devices working on the transport layer modelOSI ... Responsible for ensuring the reliability of data transmission. These switches can, based on information from the packet headers, understand the traffic belonging to different applications and make decisions about redirecting such traffic based on this information. The name of such devices has not settled down, sometimes they are called smart switches, or L4 switches.
Key features of switches
Number of ports... Currently, there are switches with the number of ports from 5 to 48. The number of network devices that can be connected to a given switch depends on this parameter.
For example, when building a small local network of 15 computers, we need a switch with 16 ports: 15 for connecting end devices and one for installing and connecting a router to access the Internet.
Baud rate. This is the speed at which each port on the switch operates. Typically, speeds are indicated as follows: 10/100/1000 Mbps. The port speed is determined during auto negotiation with the end device. In managed switches, this parameter can be manually configured.
For instance : Client device PC with 1 Gbps NIC is connected to the switch port at 10/100 Mbpsc ... As a result of auto-negotiation, the devices agree to use the maximum possible speed of 100 Mbps.
Auto port negotiation betweenFull - duplex and half - duplex. Full - duplex: data transmission is carried out simultaneously in two directions.Half - duplex data transfer is carried out first in one, then in the other direction sequentially.
Internal bandwidth of the switch fabric... This parameter shows at what general speed the switch can process data from all ports.
For example: in the local network there is a switch with 5 ports operating at a speed of 10/100 Mbit / s. In the technical specifications, the parameter switching matrix is \u200b\u200b1 Gbit /c ... This means that each port is inFull - duplex can operate at a speed of 200 Mbpsc (100 Mbps receive and 100 Mbps transmit). Let the parameter of this switching matrix be less than the specified one. This means that at the time of peak loads, the ports will not be able to operate at the declared speed of 100 Mbps.
Auto negotiation of MDI / MDI-X cable type... This function allows you to determine which of the two methods was used to crimp the EIA / TIA-568A or EIA / TIA-568B twisted pair. When installing local networks, the EIA / TIA-568B scheme was most widespread.
Stacking Is the combination of several switches into one single logical device. Different switch manufacturers use their own stacking technologies, for examplec isco uses Stack Wise stacking technology with a 32 Gbps bus and Stack Wise Plus 64 Gbps bus between switches.
For example, this technology is relevant in large local area networks, where it is required to connect more than 48 ports on the basis of one device.
19 ”rack mount... At home and small local area networks, switches are often installed on flat surfaces or mounted on a wall, however, the presence of so-called "ears" is necessary in larger local area networks where active equipment is located in server cabinets.
MAC table sizeaddresses. Switch (switch) is a device operating at the 2nd level of the modelOSI ... Unlike the hub, which simply redirects the received frame to all ports except the sender port, the switch learns: remembersMAC the address of the sender device, entering it, the port number and the lifetime of the entry in the table. Using this table, the switch does not redirect the frame to all ports, but only to the destination port. If the number of network devices in the local network is significant and the size of the table is full, the switch starts overwriting the older entries in the table and writes new ones, which significantly reduces the speed of the switch.
Jumboframe ... This feature allows the switch to operate with a larger packet size than specified by the Ethernet standard. After receiving each packet, it takes some time to process it. When using the increased packet size using the Jumbo Frame technology, you can save on packet processing time in networks where data transfer rates of 1 Gb / s and higher are used. At a lower speed, there is no big win
Switching modes.In order to understand the principle of operation of switching modes, first consider the structure of the frame transmitted at the link layers between the network device and the switch in the local network:
As you can see from the picture:
- First comes the preamble signaling the beginning of the frame transmission,
- Then MAC destination address (DA) and MAC sender address (SA)
- Third level identifier:IPv 4 or IPv 6 in use payload)
- And at the end the checksumFCS: 4 byte CRC value used to detect transmission errors. Calculated by the sender and placed in the FCS field. The receiving side calculates this value independently and compares it with the received value.
Now let's look at the switching modes:
Store - and - forward... This switching mode saves the entire frame to the buffer and checks the fieldFCS which is at the very end of the frame, and if the checksum of this field does not match, discards the entire frame. As a result, the likelihood of network congestion is reduced, since it is possible to discard frames with an error and postpone the transmission time of the packet. This technology is found in more expensive switches.
Cut -through. Simpler technology. In this case, frames can be processed faster, since they are not completely saved to the buffer. For analysis, data from the beginning of the frame to the destination MAC address (DA) inclusive is saved to the buffer. The switch reads this MAC address and forwards it to the destination. The disadvantage of this technology is that the switch is sending in this case both dwarf packets less than 512 bit intervals and damaged packets, increasing the load on the local network.
PoE support
Pover over ethernet technology allows you to power a network device over the same cable. This solution allows you to reduce the cost of additional installation of supply lines.
The following PoE standards exist:
PoE 802.3af supports equipment up to 15.4W
PoE 802.3at supports equipment up to 30W
Passiv PoE
PoE 802.3 af / at has intelligent control circuits for supplying voltage to the device: before supplying power to the PoE device, the af / at source negotiates with it to avoid damage to the device. Passiv PoE is much cheaper than the first two standards, power is directly supplied to the device through free pairs of network cable without any coordination.
Characteristics of standards
PoE 802.3af is supported by most low-cost IP cameras, IP phones and access points.
The PoE 802.3at standard is present in more expensive models of IP surveillance cameras, where 15.4 watts cannot be kept within. In this case, both the IP video camera and the PoE source (switch) must support this standard.
Expansion slots... Switches can have additional expansion slots. The most common are SFP modules (Small Form-factor Pluggable). Modular, compact transceivers used for data transmission in telecommunications environments.
SFP modules are inserted into a free SFP port of a router, switch, multiplexer, or media converter. Although SFP Ethernet modules exist, the most commonfiber-optic modules are used to connect the main channel for data transmission over long distances, unattainable for the Ethernet standard. SFP modules are selected depending on the distance, data transfer rate. The most common are dual fiber SFP modules, which use one fiber for receiving and the other for transmitting data. However, WDM technology allows data transmission at different wavelengths over a single optical cable.
SFP modules are:
- SX - 850nm used with multimode optical cable up to 550m
- LX - 1310 nm is used with both types of optical cable (SM and MM) up to 10 km
- BX - 1310/1550 nm is used with both types of optical cable (SM and MM) up to 10 km
- XD - 1550 nm used with single mode cable up to 40 km, ZX up to 80 km, EZ or EZX up to 120 km and DWDM
The SFP standard itself provides for data transfer at a speed of 1 Gbps, or at a speed of 100 Mbps. For faster data transfer, SFP + modules have been developed:
- SFP + data transfer at 10 Gbps
- XFP data transfer at 10 Gbps
- QSFP + data transfer at 40 Gbps
- CFP data transfer at 100 Gbps
However, at higher speeds, signals are processed at higher frequencies. This requires more heat dissipation and, accordingly, larger dimensions. Therefore, in fact, the SFP form factor has been preserved only in SFP + modules.
Conclusion
Many readers have probably come across unmanaged switches and budget managed L2 switches in small local area networks. However, the choice of switches for building larger and more technically complex local networks is best left to professionals.
Safe Kuban uses switches of the following brands when installing local networks:
Professional solution:
Cisco
Qtech
Budget solution
D-Link
Tp-Link
Tenda
Safe Kuban carries out installation, commissioning and maintenance of local networks in Krasnodar and the South of Russia.
