Comparison of router and Cisco L3 switch. L2 and L3 VPN communication channels - Differences between physical and virtual channels of different levels Full-fledged L2 level switches

Bachelor of Radio Engineering

trainee engineer at the branch of NVision Group CJSC NVision-Siberia

Master's student at SibGUTI

Consultant: Maramzin Valery Valentinovich, Leading Design Engineer Direction of Networks and Data Transmission Systems NVision Group

Annotation:

The article describes the elements of the methodology for determining the network topology at the data link and network levels

This article describes the elements of methodology for determining of the network topology at the data link and network layers

Keywords:

topology, protocols

topology, protocols

UDC 004.722

Currently, every large company has its own internal local network infrastructure. The internal network includes both workstations themselves and any other network devices that fall under the concept of “host”.

Host (from the English Host) is the end node in the TCP/IP protocol stack. Most often, these devices on a network are routers and switches.

How larger company, the larger and more extensive its network, which includes both intranet resources and other services and nested structures that must be constantly maintained and monitored. It is for the purpose of high-quality network monitoring, quick troubleshooting and emergency situations, identifying channel obstructions and solving other problems that you need to know the network topology.

Network topology is the configuration of a graph whose vertices correspond to the end nodes of the network (computers) and communication equipment(routers, switches), and edges are physical or information connections between vertices.

In most cases, the type of topology is a partially connected hierarchical tree, when the entire network web diverges from one or several powerful root servers, routers. And the larger the local network, the more difficult it is to maintain it and detect faults in the absence of knowledge of its architecture.

Of course, there are currently some ready-made solutions capable of visualizing a network graph indicating all nodes included in it. These include various network management packages that work automatically and do not always correctly reflect the real state of objects.

For example, HP OpenView Network Node Manager from Hewlett-Packard and various similar products provide information about the topology at the L3 level, but do not provide much information about connecting and disconnecting network devices. That is, to effectively detect network nodes and existing connections between them, it is necessary to operate with topology detection tools at the L2 level, working in connection detection mode at the level of switches and routers.

There are other solutions from specific large manufacturers of network equipment, such as Cisco Systems, Nortel Networks, which have developed their own protocols CDP, LLDP - a standard for servicing large enterprise networks. But the problem is this: often many networks are implemented on hardware different manufacturers, selected for one reason or another, parameters or preferences.

Consequently, there is a need to develop a universal method for determining the topology of networks, regardless of the equipment supplier and other conditions, which would use a branched algorithm for analyzing the network and its nodes, and would also provide the results in a simplified visual form, for example, by constructing a network connectivity graph.

This can be implemented as follows. The input data for the algorithm will be the authentication parameters of one of the root devices on the network and its IP address. This will begin the collection of information about each device through a sequential SNMP poll using a certain sequence of actions.

First you need to establish which protocols are active and supported. specific device, on the device in question. The primary analysis should include checking the activity of the LLDP and CDP protocols - the simplest ways to detect proximity between devices on the network. Link Layer Discovery Protocol (LLDP) is a link layer protocol that allows network devices to advertise information about themselves and their capabilities to the network, and also collect this information about neighboring devices.

Cisco Discovery Protocol (CDP) is a link-level protocol developed by Cisco Systems that allows you to discover connected (directly or through first-level devices) Cisco network equipment, its name, IOS version and IP addresses.

Thus, if a device supports one of these protocols, the algorithm immediately accesses the corresponding sections of the MIB table (Management Information Base), which contains all information about neighboring devices, if they also advertised it about themselves. This includes IP addresses, port information, chassis information, and device types.

If there is no LLDP/CDP support, the second step of the check will be an SNMP poll of the local MIB of the current device to obtain information about its active interfaces and ARP table.

In this case, first of all, the verification procedure is launched on the switches. Using the ARP table (Address Resolution Protocol) of the switch, the algorithm will obtain information about each connected device in the form of a correspondence MAC-address ̶ IP-address ̶ interface ̶ TTL

The search for neighboring devices should be carried out through sequential unicast polling of all those found in ARP table MAC addresses m. The response to an ARP request from the desired device by MAC address and fixation of the interface from which the response was received will become a fact of detection of the device on the network. Having identified the neighborhood, we carry out the procedure for matching MAC addresses: if the interface of the first device receives a response to a request for the MAC address of the second device, and vice versa, the interface of the second device receives a response to the request for the first MAC address, then this is a guaranteed communication line between two nodes. As a result, neighborhood information contains not only the communication line between nodes, but also information about the interfaces through which they are connected.

Determining the proximity of devices by MAC addresses

Next, the algorithm switches to the next switch and repeats the verification procedure, leaving a record in the log file about the devices already visited and their parameters, thus going through each node in the network sequentially.

When designing this method and the development of the algorithm, one should not lose sight of several conditions for its correct operation:

1. Devices must have support for the SNMP protocol enabled, preferably version 3.
2. The algorithm must be able to distinguish virtual interfaces from real ones and build a connectivity graph based on real physical connections.

Bibliography:

Reviews:

03/13/2014, 21:09 Klinkov Georgy Todorov
Review: It is also necessary to keep in mind the fact that the network topology requires effective routing and data switching, especially in relation to firewall technology - Active-Active topology, asymmetric routing Cisco MSFC and FWSM. FWSM balancing using PBR or ECMP routing; NAC – location in the topology; IDS and IPS architecture.

03/13/2014, 22:08 Nazarova Olga Petrovna
Review: The last paragraph represents recommendations. No conclusion. Finalize it.

As a rule, if you want to connect all network and client devices to the network, this is one of the main devices most suitable for this purpose. As the variety of network applications increases and the number of converged networks increases, the new Layer 3 network switch is effectively used in both data centers and complex corporate networks, commercial applications and in more complex client projects.

What is a layer 2 switch?

A layer 2 switch (Layer2 or L2) is designed to connect several local devices computer network(LAN) or several segments of a given network. The layer 2 switch processes and registers MAC addresses of incoming frames, performs physical addressing and data flow control (VLAN, multicast filtering, QoS).

The terms ''Level 2'' & ''Level 3'' are originally derived from the Interoperability Protocol open networks(OSI), which is one of the main models used to describe and explain how network communications work. The OSI model defines seven layers of system interaction: application layer, presentation layer, session layer, transport layer, network layer, data link layer (data link layer), and physical layer, among which the network layer is layer 3, and the data link layer is layer 2.

Figure 1: Layer 2 and Layer 3 in the Open Network Interconnection (OSI) protocol.

Layer 2 provides direct data transfer between two devices on a local network. During operation, a Layer 2 switch maintains a MAC address table in which the MAC addresses of incoming frames are processed and recorded and the equipment connected through the port is stored. Data sets are switched in MAC addresses only within the local network, which allows data to be stored only within the network. When using a Layer 2 switch, it is possible to select specific switch ports for flow control (VLAN). The ports, in turn, are located in different layer 3 subnets.

What is a Layer 3 switch?

(Layer 3 or L3) are actually routers that implement routing mechanisms (logical addressing and selection of data delivery path (route) using routing protocols (RIP v.1 and v.2, OSPF, BGP, proprietary routing protocols, etc.) not in software devices, but with the help of specialized hardware (chips).

A router is the most common Layer 3 network device. These switches perform routing functions (logical addressing and delivery path selection) of packets to the destination IP address (Internet Protocol). Layer 3 switches check the source and destination IP addresses of each data packet in their IP routing table and determine the best address to forward the packet to (a router or switch). If the destination IP address is not found in the table, the packet will not be sent until the destination router is determined. For this reason, the routing process occurs with a certain time delay.

Layer 3 switches (or multilayer switches) have some of the functionality of Layer 2 switches and routers. Essentially it's three different devices, designed for different applications that rely heavily on available functions. However, all three devices also share some common features.

Layer 2 Switch VS Layer 3 Switch: What's the Difference?

The main difference between Layer 2 and Layer 3 switches is the routing feature. A Layer 2 switch only works with MAC addresses, ignoring IP addresses and elements more high levels. A Layer 3 switch performs all the functions of a Layer 2 switch. In addition, it can perform static and dynamic routing. This means that a Layer 3 switch has both a MAC address table and an IP address routing table, and also connects multiple VLAN devices and provides packet routing between different VLANs. A switch that does only static routing is usually called Layer 2+ or Layer 3 Lite. In addition to routing packets, Layer 3 switches also include some features that require information about IP address data in the switch, such as tagging VLAN traffic based on IP address instead of manual settings port. Moreover, Layer 3 switches have higher power consumption and increased security requirements.

Layer 2 Switch vs Layer 3 Switch: How to Choose?

When choosing between Layer 2 and Layer 3 switches, it is worth considering in advance where and how the switch will be used. In case you have a Layer 2 domain, you can simply use a Layer 2 switch. However, if you need routing between internal VLANs, you should use a Layer 3 switch. The Layer 2 domain is where hosts are connected, which allows you to guarantee stable work layer 2 switch. This is usually called the access layer in a network topology. If you need to switch to multiple access switch aggregation and perform inter-VLAN routing, you must use a Layer 3 switch. In network topology, this is called a distribution layer.

Figure 2: Router, Layer 2 Switch, and Layer 3 Switch Use Cases

Since a Layer 3 switch and a router have routing functionality, you should determine the difference between them. It really doesn't matter which device you choose for routing, as each has its own advantages. If you require a large number of routers with switch functions to build a local VLAN, and you do not need further routing (ISP)/WAN, then you can safely use a Layer 3 switch. Otherwise, you need to choose a router with more Layer 3 functions.

Layer 2 switch VS Layer 3 switch: Where to buy?

If you are looking to buy a Layer 2 or Layer 3 switch to build your network infrastructure, there are certain key parameters that we recommend you pay attention to. In particular, the speed of packet forwarding, throughput unifying motherboard, number of VLANs, MAC address memory, delay in data transfer, etc.

Forwarding speed (or throughput) is the forwarding capability of the backplane (or switch fabric). When the forwarding capability is greater than the combined speed of all ports, the backplane is called non-blocking. Forwarding speed is expressed in packets per second (pps). The formula below allows you to calculate the forwarding speed of a switch:

Forwarding Rate (pps) = Number of 10 Gbps ports * 14,880,950 pps + Number of 1 Gbps ports * 1,488,095 pps + Number of 100 Mbps ports * 148,809 pps

The next parameter to consider is the backplane bandwidth or switch bandwidth, which is calculated as the total speed of all ports. The speed of all ports is counted twice, one for the Tx direction and one for the Rx direction. Backplane bandwidth is expressed in bits per second (bps or bps). Backplane Bandwidth (bps) = Port Number * Port Baud Rate * 2

To others important parameter is a configurable number of VLANs. Typically, 1K = 1024 VLANs is enough for a layer 2 switch, and the standard number of VLANs for a layer 3 switch is 4k = 4096. MAC address table memory is the number of MAC addresses that can be stored in the switch, usually expressed as 8k or 128k . Latency is the amount of time it takes to transfer data. Latency times should be as short as possible, so latency is usually expressed in nanoseconds (ns).

Conclusion

Today we tried to understand the differences between Layer 2 and Layer 3 and the devices commonly used at these layers, including the Layer 2 switch, Layer 3 switch, and router. The main conclusion that I would like to highlight today is that a more advanced device is not always better and more efficient. Today it is important to understand why you are going to use the switch, what are your requirements and conditions. A clear understanding of the initial data will help you choose the most suitable device for you.

Tags:

 0

 2

Many people have wondered what L2-VPN is, how it works and why it is needed. L2-VPN is a virtual private network service. Virtual Private Network- virtual private network), provided by telecom operators on a point-to-point basis. The provider’s network is absolutely transparent for the client in this service.

Where might this be needed?

Let's say you are a private entrepreneur, you have an office in Uryupinsk and Voronezh. You want to combine 2 networks into 1 large local network. From the point of view of you (the client), this service will look like shown in Figure 1.

Those. like connecting to one large L2 switch. If necessary, you can install it yourself in your vpn channel additional services network protection, encryption, authentication, for example IPSec tunnel, etc.

What does this look like from the provider's point of view?

This is where it gets a little more complicated. Having told him that you want this service, the provider you have chosen will connect both offices to their nearest switches, perform manipulations on the equipment, and you will receive the coveted service. The provider's network can be huge. In order for your packages from Uryupinsk to get to Voronezh and back, they will have to overcome a lot of switches, several routers and many, many kilometers of travel. If schematically, it can be represented as shown in Figure 2.

Providers provide this service based on their IP/MPLS network. The cost of this service is calculated by the provider based on distance, channel capacity, total costs of maintaining and operating equipment, depreciation charges, etc. However, with all this, the price is several times too high for the client.

Conclusion

This service is one of the most popular providers among clients. It is very simple and does not require settings on the client’s equipment.

Advantages:

• accelerated exchange of files and messages within the network;
• high security of information transfer;
• collaboration on documents and databases;
• access to corporate information http servers;
• organization of high-quality video conferencing and video broadcasts between offices

However, there are also disadvantages. Because Since the service is L2, it is very difficult for telecom operators to track problems on this service and almost always they learn about the problem from the client. In fact, the client takes upon himself all the diagnostics and work with the provider, so if there are any problems, their solution is very delayed.

There is a more interesting service that allows you to organize point-to-multipoint connections at the L2 level of the OSI model - this is VPLS, you can read more about it by going to.

You can buy/order the L2VPN service.

L3 switch It can only perform pure IP routing - it does not know NAT, route-map or traffic-shape, traffic counting. The switches are not capable of working with VPN tunnels (Site-to-site VPN, Remote Access VPN, DMVPN), cannot encrypt traffic or perform statefull firewall functions, and cannot be used as a telephony server (digital PBX).

The main advantage of a layer 3 switch is the fast routing of traffic from different L3 segments to each other, most often this is internal traffic without access to the Internet. .

The router will provide you with Internet access. NAT is also configured on the router.

Routing a large number of local networks is practically impossible on a router; there is a high probability of service degradation when using QoS, ACL NBAR and other functions that lead to the analysis of traffic coming to interfaces. Most likely, problems will begin when the local traffic speed exceeds more than 100 Mbit/s (depending on the specific router model). The switch, on the contrary, can easily cope with this task.

The main reason is that the switch routes traffic based on CEF tables.

Cisco Express Forwarding (CEF) is a high-speed routing/packet switching technology used in routers and third-level switches from Cisco Systems, which allows for faster and more efficient processing of transit traffic.

A router can also use CEF, but if you use functions on the router that lead to analysis of all traffic, then the traffic will go through the processor. Compare in the router performance table given at the very beginning what performance the router has with “Fast\CEF switching” (using tables) and what with “Process switching” (the routing decision is made by the processor).

In summary, a router differs from an L3 switch in that the router can manage traffic very flexibly, but has relatively low performance when operating within a local network, L3 switch on the contrary, it has high performance, but cannot influence or process traffic.

We can say about L2 switches that they are used only at the access level, providing connection to the end user (not network equipment)

When to use L2 switches and when to use L3 switches?

In a small branch of up to 10 people, it is enough to install one router with a built-in switch (800 series) or an installed ESW expansion module (1800,1900 series) or ESG.

In an office for 50 people, you can install one medium-performance router and one 48-port L2 switch (possibly two 24-port ones).

In a branch of up to 200 people we will use a router and several second-level switches. It is important to understand that if you have divided the network into segments at the IP address level into several subnets and are routing between networks on the router, then you will definitely have a high CPU load, which will cause a lack of performance and end-user complaints about packet drops. If most users communicate only with computers, servers, printers and other network devices only within their L3 segment, and leave this address space only to access the Internet, then this network design will be satisfactory. When the network expands, the number of departments within which traffic should not get out of this department, if different departments (in our case these are subnets or network segments) are forced to exchange data with each other, then the performance of the router will no longer be enough.

In such a large office (over 200 employees), purchasing a high-performance Layer 3 switch becomes mandatory. Its tasks will include supporting all “default gateways” of local segments. Communication between this switch and the hosts will be through logical network interfaces(interface VLAN or SVI). The router will only have two connections - to the Internet and to your L3 switch. Users will need to be connected via L2 switches, connected in a star or ring to the L3 switch using Gigabit connections, thus we will need an L3 switch with Gigabit ports. Thus, the center of the network will become just L3 switch, which will be responsible for core and distribution functions simultaneously, L2 switches at the access level and a router as a gateway for connecting to the Internet or for communicating with remote offices via tunnels.

In really LARGE campus networks with more than 500 people and with high requirements for performance and functionality, it may be necessary to install L3 switches even at the access level to connect users. This may be due to the following reasons:

Insufficient performance of L2 switches (especially with gigabit ports and when used as server farms)

Insufficient number of supported active vlans (255 versus 1000 for L3)

Lack of Q-n-Q functionality

Insufficient number of supported ACL entries (for 2960 - 512, for 3560 - 2000)

Limited capabilities for working with multicasts

Insufficient QoS capabilities on L2 switches

Network architecture "L3-access" - i.e. The routing points of local subnets are brought to the access level, and already summarized routes are sent up to the distribution level...

Lack of L2 and STP at the distribution level.

This is the first article in the “Networking for Little Ones” series. Maxim aka Gluck and I thought for a long time where to start: routing, VLANs, equipment configuration. In the end, we decided to start with the fundamental and, one might say, the most important thing: planning. Since the cycle is designed for complete beginners, we will go all the way from start to finish.

It is assumed that you have at least read about reference model OSI, about the TCP/IP protocol stack, you know about the types of existing VLANs, about the most popular now port-based VLAN and about IP addresses. We understand that “OSI” and “TCP/IP” are scary words for newbies. But don't worry, we're not using them to scare you. These are things that you will have to deal with every day, so during this series we will try to reveal their meaning and relationship to reality.

Let's start by stating the problem. There is a certain company engaged, for example, in the production of elevators that go only up, and therefore is called Lift My Up LLC. They are located in an old building on Arbat, and rotten wires stuck into burnt and burnt-out switches from the 10Base-T era do not await the connection of new servers via gigabit cards. So, they have a catastrophic need for network infrastructure and money is tight, which gives you the opportunity to have limitless choices. This is every engineer's dream. Yesterday you passed the interview, and after a difficult struggle you rightfully received the position of network administrator. And now you are the first and only of your kind in it. Congratulations! What's next?

The situation needs to be a little more specific:

1. IN this moment the company has two offices: 200 square meters on Arbat for workspaces and a server room. There are several providers represented there. The other one is on Rublyovka.
2. There are four user groups: accounting (B), financial and economic department (FED), production and technical department (PTO), other users (D). There are also servers (C), which are placed in a separate group. All groups are demarcated and do not have direct access to each other.
3. Users of groups C, B and FEO will only be in the Arbat office, PTO and D will be in both offices.

Having estimated the number of users, the required interfaces, and communication channels, you prepare a network diagram and an IP plan.

When designing a network, you should try to adhere to a hierarchical network model, which has many advantages compared to a “flat network”:

• simplifies understanding of network organization
• the model implies modularity, which means it is easy to increase capacity exactly where it is needed
• easier to find and isolate the problem
• increased fault tolerance due to duplication of devices and/or connections
• distribution of functions to ensure network functionality across various devices.

According to this model, the network is divided into three logical levels: network core(Core layer: high-performance devices, the main purpose is fast transport), prevalence rate(Distribution layer: enforces security policies, QoS, aggregation and routing in VLANs, defines broadcast domains), and access level(Access-layer: usually L2 switches, purpose: connecting end devices, marking traffic for QoS, protecting against network rings (STP) and broadcast storms, providing power for PoE devices).

On a scale like ours, the role of each device is blurred, but the network can be logically divided.

Let's make an approximate diagram:

In the presented diagram, the Core will be router 2811, switch 2960 will be classified as the Distribution level, since it aggregates all VLANs into a common trunk. The 2950 switches will be Access devices. End users, office equipment, and servers will connect to them.

We will name the devices as follows: abbreviated name of the city ( msk) — geographical location (street, building) ( arbat) — device role in the network + sequence number.

We select them according to their roles and location hostname:

• Router 2811: msk-arbat-gw1(gw=GateWay=gateway);
• switch 2960: msk-arbat-dsw1(dsw=Distribution switch);
• 2950 switches: msk-arbat-aswN, msk-rubl-asw1(asw=Access switch).

Network documentation

The entire network must be strictly documented: from schematic diagram, to the interface name.

Before we start setting up, I would like to provide a list of necessary documents and actions:

• network diagrams L1, L2, L3 in accordance with the levels of the OSI model (physical, channel, network);
• IP addressing plan = IP plan;
• VLAN list;
• signatures ( description) interfaces;
• list of devices (for each you should indicate: hardware model, installed iOS version, RAM\NVRAM volume, list of interfaces);
• marks on cables (where it comes from and where it goes), including on power and grounding cables and devices;
• a single regulation defining all the above parameters and others.

What we will monitor in the simulator program is highlighted in bold. Of course, all network changes must be included in the documentation and configuration so that they are up to date.

When we talk about labels/stickers on cables, we mean this:

This photo clearly shows that each cable is marked, the meaning of each machine on the panel in the rack, as well as each device.

We will prepare the documents we need:

VLAN List

Each group will be allocated to a separate vlan. This way we will limit the broadcast domains. We will also introduce a special VLAN for device management. VLAN numbers 4 through 100 are reserved for future use.

IP plan

The allocation of subnets is generally arbitrary, corresponding only to the number of nodes in this local network, taking into account possible growth. IN in this example all subnets have a standard /24 mask (/24=255.255.255.0) - these are often used in local networks, but not always. We recommend reading about network classes. In the future we will turn to classless addressing (cisco). We understand that links to technical articles on Wikipedia are bad manners, but they provide good definition, and we will try, in turn, to transfer this to the picture of the real world.

By Point-to-Point network we mean connecting one router to another in point-to-point mode. Usually addresses with a mask of 30 are taken (returning to the topic of classless networks), that is, containing two node addresses. Later it will become clear what we are talking about.

Equipment connection plan by ports

Of course, now there are switches with a bunch of 1Gb Ethernet ports, there are switches with 10G, there are 40Gb on advanced operator hardware that cost many thousands of dollars, 100Gb are in development (and according to rumors, there are even such boards that have entered industrial production). Accordingly, you can choose switches and routers in the real world according to your needs, while keeping your budget in mind. In particular, a gigabit switch can now be bought inexpensively (20-30 thousand) and this with a reserve for the future (if you are not a provider, of course). A router with gigabit ports is already significantly more expensive than one with 100Mbps ports, but it is worth it, because FE models (100Mbps FastEthernet) are outdated and their throughput is very low.

But in the emulator/simulator programs that we will use, unfortunately, there are only simple hardware models, so when modeling the network we will start from what we have: the Cisco2811 router, the Cisco2960 and 2950 switches.

We will explain why VLANs are distributed in this way in the following parts.

Network diagrams

Based on this data, all three network diagrams can be drawn up at this stage. To do this, you can use Microsoft Visio, some free application, but with reference to your format, or graphics editors (you can do it by hand, but it will be difficult to keep it up to date :)).

Not for the sake of open source propaganda, but for the sake of variety of means, let’s use Dia. I consider him one of the best apps for working with circuits under Linux. There is a version for Windows, but, unfortunately, there is no compatibility in Vizio.

L1

That is, on the L1 diagram we reflect the physical devices of the network with port numbers: what is connected where.

L2

On the L2 diagram we indicate our VLANs.

L3

In our example, the third-level diagram turned out to be quite useless and not very clear, due to the presence of only one routing device. But over time it will acquire more details.

As you can see, the information in the documents is redundant. For example, VLAN numbers are repeated both in the diagram and in the port plan. It’s as if someone is good at something here. Do whatever is more convenient for you. This redundancy makes it difficult to update if the configuration changes, because you need to fix it in several places at once, but on the other hand, it makes it easier to understand.

We will return to this first article more than once in the future, just as you will always have to return to what you originally planned. Actually, the task is for those who are just starting to learn and are ready to make an effort: read a lot about vlans, ip-addressing, find the Packet Tracer and GNS3 programs. As for fundamental theoretical knowledge, we advise you to start reading Cisco press. This is something you absolutely need to know. In the next part, everything will be like an adult, with a video, we will learn how to connect to the equipment, understand the interface and tell you what to do to a careless admin who has forgotten the password.

Original article:

Tags