May 1999
Layer N Switching: Moving Up The Stack
TONY RYBCZYNSKI
Switching has had (and will continue to have) a profound effect on data networking.
First, Layer 2 improved the performance of LANs. Then, Layer 3 switching dramatically
improved the price/performance of router networks. And now, Layer 4 switching - as some
vendors call it - suggests another advance is imminent.
But Layer 4 switching is something of a misnomer; that is, the name reflects more of
the marketer's zeal than the technician's predilection for accuracy. So how do we evaluate
Layer 4 switching? What's behind the name? In examining these questions, this article will
attempt to penetrate the marketing hype and reveal what Layer 4 switching really has to
offer. As we will see, Layer 4 switching (and up) promises to further the development of
application-aware networking.
LAYER BY LAYER
In the seven-layer Open System Interconnection (OSI) model, Layer 1 is the Physical Layer,
and consists of the physical media whether it is copper, fiber, or wireless. Layer 1
switching, then, is just a fancy name for circuit switching.
Skipping a layer, to Layer 3, brings us to the Network Layer, the layer at which
addressing and routing are accomplished (based on an IP address, say). Routing IP packets
across a network has traditionally been done by multiprotocol software routers (which can
also route IPX packets used by Novell systems, DECnet packets from Digital/Compaq, and so
on). With the convergence to IP, this Layer 3 routing function can be done substantially
in high-performance hardware, that is by Layer 3 switches or what some call routing
switches. These devices have won favor in the campus backbone environment, primarily
because their price/performance exceeds that of software-based routers by an order of
magnitude.
But if all addressing is at Layer 3, what's a Layer 2 switch? In the LAN world, all
devices have a factory-assigned Media Access Control or MAC address. These devices have
traditionally been connected over broadcast media (for example, 10 Mbit/s Ethernet),
whereby MAC frames, transmitted on the LAN, are received by all devices on the LAN, but
only processed by the destination device identified by the MAC address. This is why LANs
are implemented only among "friends" in a workgroup. If many devices start
broadcasting lots of information, broadcast storms can bring large LANs to their knees.
Enter Layer 2 switches. These devices make LANs more manageable by learning which MAC
addresses are where and switching traffic directly between source and destination. This is
true switching but only operates in the domain of a LAN. By its nature Layer 2 switching
is not a scaleable solution, at least not beyond hundreds of devices.
If we delve into the OSI model a little more, we eventually find Layer 4, which is
defined as the Transport Layer, and which runs on an end-to-end basis across the network.
In other words, Layer 4 is an end-point function, the most commonly known example being
the Transmission Control Protocol (TCP), which supports reliable transport across an IP
network. Since reliable transport is something the Internet does not do, and TCP does, TCP
is used in a broad range of applications, including Web access (HTTP uses TCP).
The last layer we'll look at in detail is Layer 5. Like Layer 4, Layer 5 is an
end-point function and is referred to as the Session Layer. HTTP and FTP (the File
Transfer Protocol) are two examples. In fact, if your PC has any of a number of FTP
software packages, you can transmit a file in real-time to a remote party, as long as you
know that party's Layer 3 IP address. This can be handy if the file you want to transmit
is larger than the maximum size supported by your e-mail system or if real-time delivery
is required. The only catch is that you have to know the remote party's IP address. These
again are end point functions.
HOW IT ALL STACKS UP
So switching is done in Layers 1, 2, and 3, while Layers 4 and up (for completeness,
Layers 6 and 7 are the Presentation and Application Layers, respectively) are left to the
end points. So, why would anyone attribute switching to the Transport Layer, that is, to
Layer 4? What is Layer 4 switching?
Layer 4 switching was introduced by vendors trying to differentiate their solutions
using N + 1 marketing techniques - "Since Layer 3 switches are hot, surely Layer 4
switches will be hotter." But, you can't do switching without addressing, and there
is no addressing at Layer 4.
Is there any fire behind this marketing smokescreen? Yes, and it's called
"application awareness" or "application intelligence." Adding
application awareness at Layer 4 and up at the edge of your network, and in front of your
server farms, can solve real business problems. More specifically, application awareness
is very important in achieving two key objectives for users:
- Preferential treatment for certain applications and end users, in those instances in
which application or end user needs cannot be signaled to the network at Layer 3.
- Server load balancing and improved server application resiliency.
One common approach for implementing application awareness is to examine port numbers
carried in the TCP header. A set of "Well Known Port numbers" has been
identified for TCP, which standardize the use of some port numbers by application. For
example, FTP can be distinguished from Telnet, SNMP for management, SMTP for messaging,
and HTTP for web access. Some applications don't have Well Known Port numbers, while
others have one for their control channel, but a randomly selected port number established
for each data channel. Sometimes corporations choose to use different port numbers as a
policy, for example, to distinguish internally generated HTTP traffic from Internet-based
traffic. So some vendors monitor information passed over control channels to determine
dynamically the port numbers presently being used by each flow for each application.
APPLICATION-AWARE NETWORKING
In an ideal world, all applications would indicate their requirements within the
networking layers, and there would be one Quality of Service (QoS) standard.
Unfortunately, there are several competing standards. For example, some applications will
use the Type of Service (ToS) bits in the Layer 3 IP header as specified in the
Differentiated Services (DiffServ) architecture. Others will use Resource reSerVation
Protocol (RSVP) Layer 3 signaling as specified in the Integrated Services (IntServ)
architecture. Yet others may indicate their requirements in the MAC header using IEEE
802.1p, with these requirements most likely being mapped to DiffServ as soon as they leave
the local LAN.
However, most current applications don't signal their requirements in the ways just
described. Instead, application awareness is being built into switches. Application
awareness is being built into intelligent Layer 2 switches at the workgroup level, routing
switches at the campus level, and routers and enterprise network switches at the WAN edge
level.
Technically, this approach is referred to as deep packet filtering, whereby the Layer 2
or 3 switch examines the received packet header fields (beyond those associated with Layer
2 or 3, respectively) to ascertain the appropriate treatment the network should provide.
For example, an application-aware switch can examine TCP port numbers (as discussed
earlier) or fields of a Layer 5 Real Time Protocol (RTP) header to detect the start of an
IP telephony call and ensure appropriate treatment across the network.
ROLE OF THE SERVER SWITCH
Server load balancing is less an end-to-end networking function than an end-point
optimization function, which again requires application awareness. To this end, a
specialized class of products referred to as server switches or server load balancers has
emerged. These provide three levels of functionality, all geared toward choosing the best
available server to handle client requests.
The simplest form of functionality provides balancing and redundancy on a local basis.
The next level adds content awareness, allowing, for example, a customer query to be
handled differently from a customer order. The third level extends the functions of the
previous two levels across geographically dispersed servers and redirects traffic based on
server proximity.
Server switches require a high degree of customizability at Layers 4 to 7, since
allowing for virtually unlimited possibilities is a priority. These switches also need to
be tied into the policy management structure. In their simplest forms, server switches
advertise virtual IP addresses for a number of real servers running the application. When
user clients connect to the virtual IP address, the server switch decides which real
server is best suited to service the client. The server switch sends the client request,
as well as all the succeeding packets associated with the session to the designated real
server. To do so, the server switch modifies the IP addresses to convert virtual IP
addresses to real IP addresses.
The server switch's heart is application awareness. For example, predictable server
performance as a target response time can be set for a range of Layer 4 to 7 protocols
including HTTP, FTP, and DNS, as well as any TCP and any UDP port. Incoming requests can
be switched to the specific servers that can fulfill them in the shortest time. The server
switch can continually monitor each server for response time at the port level and allow
customers to set the minimum response time for each supported service.
If response times are above the limit prescribed by policy, lower-priority requests are
throttled until the top-priority requests are fulfilled within policy limits. When servers
are dynamically tuned according to policy, customers are guaranteed a maximum response
time for their domain. For example, an administrator may establish a policy whereby HTTP
requests receive priority over FTP. Then, whenever response times for HTTP requests exceed
the specified limits, the server switch reallocates resources as needed to bring HTTP
response times back within the desired range. The classes are defined by protocol or
application (for example, HTTP and FTP).
The server switch routes each incoming request to the server that can fulfill it in the
shortest time. It monitors each server at the port level for response time and accounts
for designated minimum response times for each supported service. This arrangement
guarantees a maximum response time for each class of request. For example, requests to
e-commerce servers could be assigned a maximum response time of 25 msec, while browsing
requests to these servers could be set to 50 msec, leaving FTP requests a "best
effort" response time. It monitors each class of request in real-time and offloads
low-priority requests when necessary, thus dynamically tuning and allocating server
resources to satisfy customer-driven business policies.
LOOKING AHEAD
The types of functionality described in this article scarcely begin to suggest the
possibilities. With some vision, it is possible to see how the convergence of data and
telephony will enable a whole new range of applications.
Delivering preferential treatment through application-aware networking across the
enterprise not only meets the needs of data applications, but also enables new unified
applications such as packet telephony and interactive multimedia. The future for server
switches is even more exciting, as they become an element of Internet-enabled call centers
(or telephony-enabled Web centers) that blend all kinds of traffic, whatever a company may
choose, to enhance customer care, broaden markets, and expand business.
Some vendors will no doubt pursue N + 1 marketing. However, there is no question that
application-aware networking will continue to evolve up the OSI model to provide
additional value to users. Generally, value will be added at the edge of the network,
leaving backbones to operate within the networking layers, focusing on high-performance
reliable transport.
Tony Rybczynski is director of strategic marketing and technologies for Nortel
Networks' Enterprise Solutions. This business unit offers a full range of enterprise
workgroup, campus, and wide-area unified networks, through direct and indirect channels.
For more information, visit the company's Web site at www.nortelnetworks.com. E-mail questions or
comments to the author at tonyryb@nortelnetworks.com.
|
TMCnet LOGIN
Webinars
