【 Weak current College 】 edge switch smart and performance 】

If the network's edge device QoS, rate limiting, ACL, PBR and sFlow integrated into hardware chip, makes these smart can impact basic two-story, three layers of wire-speed performance forward, end-to-end intelligent networks to large-scale, allowing the entire network has a global connectivity, also has a global network of smart. From the past to the present, the network design philosophy has always existed in several different ways. It offers flux and smart these two priorities, focused on the degree of difference affects network design: through the pass stresses connectivity, simple management, low price; intelligent strong regulation tube and value-added capabilities, so most of the complexity of the higher cost is relatively high. 　　In fact, design is not high, only depends on the user's actual needs and budget. Therefore, the network architecture can be the whole second floor of the schema, but less extended degree; or it can be a full three-tier architecture, but higher prices; whereas most of the programming would strike a certain balance, this results in two different architecture — the folding shaft network architecture and distributed backbone network architecture. Of these, the folding shaft will shrink to the upper layer of intelligence gathering, and lower access equipment is only emphasized through pass and line speed. 　　From intelligent control perspective, this is a centralized design. Both the schema at the network edge there are significant differences. The folding shaft up to layer 2 switching as an edge, while the more decentralized backbone to the third Exchange as an edge. If simply to swap or routing to determine the network of smart, of course, the third Exchange over Layer 2 switching. But as more and more business in the same online service, a network of intelligent problem no longer simply to second-tier/three layers to determine, more often, the implementation of QoS capabilities, providing the ability to specify the access rate, the ACL (access control list) of security screening capabilities, network traffic statistics and monitoring capabilities and policy routing (PBR) support capacity, can be more effective to determine the network intelligence. 　　Thus, with such a concept, the folding shaft edge of layer 2 switching equipment that is distributed to the edge of the backbone in three-layer switching equipment, the large number of manufacturers of second-tier or three-layer switching device, the user can according to their business needs to make a clear choice. Implementation of QoS capabilities in multimedia service, data, voice, image on delay, jitter, stealthily substituting requirements vary. In order to better implementation of multimedia services, users had to add the packet corresponding QoS marking, edge switches, or read the QoS and perform, or for non-trusted source, taking heavy line classification, heavy line tag QoS and how to implement them. QoS in the past have two layers of CoS (service level) or three-layer IP Precedence (IP precedence level), and now emphasize differentiated services (DiffSew) support. Therefore, edge switches in end-to-end QoS support, as QoS in the site or the site, play a crucial role. 　　On DiffSew hardware support capability is one of the key features of the switch. Specifies the access rate capacity is Gigabit Ethernet backbone of popularity makes a hefty bandwidth, but this resource is not inexhaustible, the inexhaustible. 　　And take the user pays to control the use of effective edge bandwidth is the most viable means, therefore, on the edge switch interfaces, not only to provide 10 MB, 100 MB of capacity, but also to provide port-based VLAN, priority, and ACL classification rate limiting capabilities, but the best is inbound or outbound can perform rate limiting, range from 256k to Gigabit, particle size, hardware chip capable hardware processing ranges should, in General about the 256k. Smart Switch investigation here must be particularly emphasized that hardware processing is that the edge device will not start rate limiting and affect their ability to wire-speed packet forwarding, which is on the edge device is important performance indicators. 　　There is a complete rate limiting capabilities without impacting network performance metrics to effectively manage the network bandwidth resources. ACL security shielding capacity in a network, not only can make network ACL Manager used to prepare the network policy for individual users or specific data stream to allow or deny control can also be used to strengthen network security shield. From simple Ping to Death attack, TCP Sync attacks to more diverse and more complex hacking, ACL can play a role mask. 　　There are standard ACL and ACL extended ACL (Extended ACL), regardless of the edge is on the second floor of the switch or a three-layer switches, it is best to have supported standard ACL and extended ACL, you can use network security shield and policy enforcement capabilities across the edge of the network. With rate limiting, network equipment should not only be able to perform a complete ACL functionality, including inbound and outbound, must also be stressed that the ability of hardware processing. So, you can start the ACL, does not affect second-tier or three-layer switching equipment capacity of wire-speed packet forwarding.
Policy routing support General route either through RIP, OSPF, BGP, and MPLS labeling protocols, are determined by the destination address of the routing path cannot be effective separation of network traffic, or develop policies on the network traffic. However, policy routing capability in today's diverse network environments is sometimes one of the necessary functionality. Simple, for example, in a large network operators (NSP) environments, different user needs to be connected to different Internet service providers (ISP), or in the campus, as a teaching and research of users must be connected to a high-speed network for export, and hostels network users are often leads to a lower-speed before export, so shunt can impact the performance of the research campus, at the same time through proper diverting, high speed/low speed exports are assigned to the corresponding flow, making the effective bandwidth of the applications. Want to reach this diversionEffect, the General routing is unable to do that only through policy routing (PBR), classify the source address, and to develop the next-hop IP address is required to export, and this is contrary to the general policy route: routing based on source address information do the routing path selection, not based on destination address information do the routing path selection. Policy routing can do not only depend on the user's category route selected path and shunt, further, it can also be done according to the business class to specify a routing or streaming. Its practice is to be classified when not only look at the third level of IP address, look at the fourth floor of the IP port number, different business leads to a different route. For example, on all port number 80 HTTP stream category, which leads to a specific four-tier Web switches or cache server through Web caching mechanism that allows users of the Web response time dramatically improve, and the export of repeat traffic network has also been substantially mitigated. 　　These examples are just some of the features of policy based routing, actually it's features far beyond these, policy routing because you can directly specify the lower end devices in the network, and then through the intermediary of the generic routing, reaches the top equipment exports, therefore, it is not in the middle of the convergence device startup, more time to effectively shunt, policy routing will start on the access device. 　　With ACL, requires policy routing of network devices, not only to have a complete and diversified policy routing support, at the same time it must be emphasized that there is hardware processing power, to be initiated at the same time, still enjoy the third Exchange wire-speed forward. Network traffic statistics and monitoring traffic statistics and monitoring in network construction has become an important part. A very simple idea is, if you cannot see the overall network traffic, how to manage the entire network if we provide high bandwidth, but also be able to take full advantage of network traffic information, we may at any time adjust the network resources and strategy, making the network running smoothly, also makes network trouble shooting easy and fast. 　　So in a network, and then provides a complete, cover the whole screen, real-time network monitoring system, which is like a Warren Freeway online everywhere with monitoring cameras generally, let the tube personnel take effective shunt instruments, but also through the complete statistics on route expansion and planning provides important reference. 　　Traffic monitoring and statistics in the past because of the limited by existing technologies, most only SNMP, RMON, RMON v2 implementation features, such as technology, and network bandwidth or network device resource overhead caused considerable impact, it is generally unable to cover the entire network, not real-time monitoring, not in a hundred megabytes, Gigabit even Gigabit ports, and so on high speed networks, which makes the whole network of monitoring and statistics could not achieve satisfactory performance. Recently have NetFlow and sFlow (RFC3176) based on the flow of traffic monitoring and statistical techniques, appear in the comparison of high-end network devices, including core, edge, second-tier device, three-tier devices. These two technologies basically provide a relatively complete flow information, but still distinguish between the two: NetFlow broaden and IPX and AppleTalk, while providing additional statistical information, including VLAN, MAC address, statistics, BGP Community statistics and other information, so from the statistical and accounting perspective, NetFlow can provide more convincing, but the relative overhead and costs are high; from statistics and monitoring perspective, sFlow provide more information for the analysis of the flow distribution and flow of future trends, anomaly traffic monitoring, fault detection and exclusion can be relatively low overhead and costs, by the way hardware chip, reached at wire speed sFlow can therefore be directly built into the edge of the second-tier or three-layer switching devices provide coverage of the whole network, real-time network monitoring features. 　　On the whole network, this is a fairly attractive value-added features. 　　With the mentioned features, sFlow traffic statistics and monitoring functions must also be hardware processing, in order to not influence the network equipment of second-tier or three-tiered Exchange wire-speed performance. The design concept of the network, whether it is centralized in the folding shaft, thus underlining the use of permeable layer 2 switching device as edge access equipment; or the use of decentralized backbone, thereby emphasizing intelligent three-tiered exchange equipment as edge access equipment, its smart should not be limited to the Exchange or routing capability, or only emphasizes the wire-speed switching or wire-speed routing capability, after all, this part is the industry standard, almost all manufacturers of layer 2 switching, three-layer routing equipment can be achieved.
As broadband networks, broadband, multimedia application development, users should care about is the end-to-end network intelligence, as well as hardware chip integration capabilities. If the edge device (both layer 2 switching or three layers of routing and switching equipment) are significantly the quality of service (QoS), rate limiting (Rating Limiting), access control list (ACL), policy routing (PBR) and traffic monitoring (sFlow) integrated into hardware chip, makes these smart does not affect the basic two-story, three layers of wire-speed performance forward, end-to-end intelligent networks can be carried out on a large scale, allowing the entire network, not only with global connectivity (Connectivity), also has a global network of smart (Control). With this concept, the multitude of edge switching device, users can be on a different product to have a better orientation and choice.