May 1999

Layer N Switching: Moving Up The Stack

TONY RYBCZYNSKI

Switching has had (and will continue to have) a profound effect on data networking. First, Layer 2 improved the performance of LANs. Then, Layer 3 switching dramatically improved the price/performance of router networks. And now, Layer 4 switching - as some vendors call it - suggests another advance is imminent.

But Layer 4 switching is something of a misnomer; that is, the name reflects more of the marketer's zeal than the technician's predilection for accuracy. So how do we evaluate Layer 4 switching? What's behind the name? In examining these questions, this article will attempt to penetrate the marketing hype and reveal what Layer 4 switching really has to offer. As we will see, Layer 4 switching (and up) promises to further the development of application-aware networking.

LAYER BY LAYER
In the seven-layer Open System Interconnection (OSI) model, Layer 1 is the Physical Layer, and consists of the physical media whether it is copper, fiber, or wireless. Layer 1 switching, then, is just a fancy name for circuit switching.

Skipping a layer, to Layer 3, brings us to the Network Layer, the layer at which addressing and routing are accomplished (based on an IP address, say). Routing IP packets across a network has traditionally been done by multiprotocol software routers (which can also route IPX packets used by Novell systems, DECnet packets from Digital/Compaq, and so on). With the convergence to IP, this Layer 3 routing function can be done substantially in high-performance hardware, that is by Layer 3 switches or what some call routing switches. These devices have won favor in the campus backbone environment, primarily because their price/performance exceeds that of software-based routers by an order of magnitude.

But if all addressing is at Layer 3, what's a Layer 2 switch? In the LAN world, all devices have a factory-assigned Media Access Control or MAC address. These devices have traditionally been connected over broadcast media (for example, 10 Mbit/s Ethernet), whereby MAC frames, transmitted on the LAN, are received by all devices on the LAN, but only processed by the destination device identified by the MAC address. This is why LANs are implemented only among "friends" in a workgroup. If many devices start broadcasting lots of information, broadcast storms can bring large LANs to their knees. Enter Layer 2 switches. These devices make LANs more manageable by learning which MAC addresses are where and switching traffic directly between source and destination. This is true switching but only operates in the domain of a LAN. By its nature Layer 2 switching is not a scaleable solution, at least not beyond hundreds of devices.

If we delve into the OSI model a little more, we eventually find Layer 4, which is defined as the Transport Layer, and which runs on an end-to-end basis across the network. In other words, Layer 4 is an end-point function, the most commonly known example being the Transmission Control Protocol (TCP), which supports reliable transport across an IP network. Since reliable transport is something the Internet does not do, and TCP does, TCP is used in a broad range of applications, including Web access (HTTP uses TCP).

The last layer we'll look at in detail is Layer 5. Like Layer 4, Layer 5 is an end-point function and is referred to as the Session Layer. HTTP and FTP (the File Transfer Protocol) are two examples. In fact, if your PC has any of a number of FTP software packages, you can transmit a file in real-time to a remote party, as long as you know that party's Layer 3 IP address. This can be handy if the file you want to transmit is larger than the maximum size supported by your e-mail system or if real-time delivery is required. The only catch is that you have to know the remote party's IP address. These again are end point functions.

HOW IT ALL STACKS UP
So switching is done in Layers 1, 2, and 3, while Layers 4 and up (for completeness, Layers 6 and 7 are the Presentation and Application Layers, respectively) are left to the end points. So, why would anyone attribute switching to the Transport Layer, that is, to Layer 4? What is Layer 4 switching?

Layer 4 switching was introduced by vendors trying to differentiate their solutions using N + 1 marketing techniques - "Since Layer 3 switches are hot, surely Layer 4 switches will be hotter." But, you can't do switching without addressing, and there is no addressing at Layer 4.

Is there any fire behind this marketing smokescreen? Yes, and it's called "application awareness" or "application intelligence." Adding application awareness at Layer 4 and up at the edge of your network, and in front of your server farms, can solve real business problems. More specifically, application awareness is very important in achieving two key objectives for users:

1. Preferential treatment for certain applications and end users, in those instances in which application or end user needs cannot be signaled to the network at Layer 3.
2. Server load balancing and improved server application resiliency.

One common approach for implementing application awareness is to examine port numbers carried in the TCP header. A set of "Well Known Port numbers" has been identified for TCP, which standardize the use of some port numbers by application. For example, FTP can be distinguished from Telnet, SNMP for management, SMTP for messaging, and HTTP for web access. Some applications don't have Well Known Port numbers, while others have one for their control channel, but a randomly selected port number established for each data channel. Sometimes corporations choose to use different port numbers as a policy, for example, to distinguish internally generated HTTP traffic from Internet-based traffic. So some vendors monitor information passed over control channels to determine dynamically the port numbers presently being used by each flow for each application.

APPLICATION-AWARE NETWORKING
In an ideal world, all applications would indicate their requirements within the networking layers, and there would be one Quality of Service (QoS) standard. Unfortunately, there are several competing standards. For example, some applications will use the Type of Service (ToS) bits in the Layer 3 IP header as specified in the Differentiated Services (DiffServ) architecture. Others will use Resource reSerVation Protocol (RSVP) Layer 3 signaling as specified in the Integrated Services (IntServ) architecture. Yet others may indicate their requirements in the MAC header using IEEE 802.1p, with these requirements most likely being mapped to DiffServ as soon as they leave the local LAN.

However, most current applications don't signal their requirements in the ways just described. Instead, application awareness is being built into switches. Application awareness is being built into intelligent Layer 2 switches at the workgroup level, routing switches at the campus level, and routers and enterprise network switches at the WAN edge level.

Technically, this approach is referred to as deep packet filtering, whereby the Layer 2 or 3 switch examines the received packet header fields (beyond those associated with Layer 2 or 3, respectively) to ascertain the appropriate treatment the network should provide. For example, an application-aware switch can examine TCP port numbers (as discussed earlier) or fields of a Layer 5 Real Time Protocol (RTP) header to detect the start of an IP telephony call and ensure appropriate treatment across the network.

ROLE OF THE SERVER SWITCH
Server load balancing is less an end-to-end networking function than an end-point optimization function, which again requires application awareness. To this end, a specialized class of products referred to as server switches or server load balancers has emerged. These provide three levels of functionality, all geared toward choosing the best available server to handle client requests.

The simplest form of functionality provides balancing and redundancy on a local basis. The next level adds content awareness, allowing, for example, a customer query to be handled differently from a customer order. The third level extends the functions of the previous two levels across geographically dispersed servers and redirects traffic based on server proximity.

Server switches require a high degree of customizability at Layers 4 to 7, since allowing for virtually unlimited possibilities is a priority. These switches also need to be tied into the policy management structure. In their simplest forms, server switches advertise virtual IP addresses for a number of real servers running the application. When user clients connect to the virtual IP address, the server switch decides which real server is best suited to service the client. The server switch sends the client request, as well as all the succeeding packets associated with the session to the designated real server. To do so, the server switch modifies the IP addresses to convert virtual IP addresses to real IP addresses.

The server switch's heart is application awareness. For example, predictable server performance as a target response time can be set for a range of Layer 4 to 7 protocols including HTTP, FTP, and DNS, as well as any TCP and any UDP port. Incoming requests can be switched to the specific servers that can fulfill them in the shortest time. The server switch can continually monitor each server for response time at the port level and allow customers to set the minimum response time for each supported service.

If response times are above the limit prescribed by policy, lower-priority requests are throttled until the top-priority requests are fulfilled within policy limits. When servers are dynamically tuned according to policy, customers are guaranteed a maximum response time for their domain. For example, an administrator may establish a policy whereby HTTP requests receive priority over FTP. Then, whenever response times for HTTP requests exceed the specified limits, the server switch reallocates resources as needed to bring HTTP response times back within the desired range. The classes are defined by protocol or application (for example, HTTP and FTP).

The server switch routes each incoming request to the server that can fulfill it in the shortest time. It monitors each server at the port level for response time and accounts for designated minimum response times for each supported service. This arrangement guarantees a maximum response time for each class of request. For example, requests to e-commerce servers could be assigned a maximum response time of 25 msec, while browsing requests to these servers could be set to 50 msec, leaving FTP requests a "best effort" response time. It monitors each class of request in real-time and offloads low-priority requests when necessary, thus dynamically tuning and allocating server resources to satisfy customer-driven business policies.

LOOKING AHEAD
The types of functionality described in this article scarcely begin to suggest the possibilities. With some vision, it is possible to see how the convergence of data and telephony will enable a whole new range of applications.

Delivering preferential treatment through application-aware networking across the enterprise not only meets the needs of data applications, but also enables new unified applications such as packet telephony and interactive multimedia. The future for server switches is even more exciting, as they become an element of Internet-enabled call centers (or telephony-enabled Web centers) that blend all kinds of traffic, whatever a company may choose, to enhance customer care, broaden markets, and expand business.

Some vendors will no doubt pursue N + 1 marketing. However, there is no question that application-aware networking will continue to evolve up the OSI model to provide additional value to users. Generally, value will be added at the edge of the network, leaving backbones to operate within the networking layers, focusing on high-performance reliable transport.

Tony Rybczynski is director of strategic marketing and technologies for Nortel Networks' Enterprise Solutions. This business unit offers a full range of enterprise workgroup, campus, and wide-area unified networks, through direct and indirect channels. For more information, visit the company's Web site at www.nortelnetworks.com. E-mail questions or comments to the author at [email protected].

• DNS: Domain Name System
• FTP: File Transfer Protocol
• HTTP: HyperText Transfer Protocol
• OSI: Open System for Interconnection
• RTP: Real Time Protocol
• SMTP: Simple Mail Transfer Protocol
• SNMP: Simple Network Managament Protocol
• TCP: Transmission Control Protocol
• UDP: User Datagram Protocol