Network switch

A network switch (also called switching hub, bridging hub, officially MAC bridge[1]) is a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device.

A network switch is a multiport network bridge that uses hardware addresses to process and forward data at the data link layer (layer 2) of the OSI model. Some switches can also process data at the network layer (layer 3) by additionally incorporating routing functionality. Such switches are commonly known as layer-3 switches or multilayer switches.[2]

Switches for Ethernet are the most common form of network switch. The first Ethernet switch was introduced by Kalpana in 1990.[3] Switches also exist for other types of networks including Fibre Channel, Asynchronous Transfer Mode, and InfiniBand.

Unlike less advanced repeater hubs, which broadcast the same data out of each of its ports and let the devices decide what data they need, a network switch forwards data only to the devices that need to receive it.[4]

2550T-PWR-Front
Avaya ERS 2550T-PWR, a 50-port Ethernet switch

Overview

Cisco small business SG300-28 28-port Gigabit Ethernet rackmount switch and its internals

Cisco small business SG300-28 28-port Gigabit Ethernet rackmount switch
Internals of a Cisco small business SG300-28 28-port Gigabit Ethernet rackmount switch

A switch is a device in a computer network that connects other devices together. Multiple data cables are plugged into a switch to enable communication between different networked devices. Switches manage the flow of data across a network by transmitting a received network packet only to the one or more devices for which the packet is intended. Each networked device connected to a switch can be identified by its network address, allowing the switch to direct the flow of traffic maximizing the security and efficiency of the network.

A switch is more intelligent than an Ethernet hub, which simply retransmits packets out of every port of the hub except the port on which the packet was received, unable to distinguish different recipients, and achieving an overall lower network efficiency.

An Ethernet switch operates at the data link layer (layer 2) of the OSI model to create a separate collision domain for each switch port. Each device connected to a switch port can transfer data to any of the other ports at any time and the transmissions will not interfere.[a] Because broadcasts are still being forwarded to all connected devices by the switch, the newly formed network segment continues to be a broadcast domain. Switches may also operate at higher layers of the OSI model, including the network layer and above. A device that also operates at these higher layers is known as a multilayer switch.

Segmentation involves the use of a switch to split a larger collision domain into smaller ones in order to reduce collision probability, and to improve overall network throughput. In the extreme case (i.e. micro-segmentation), each device is located on a dedicated switch port. In contrast to an Ethernet hub, there is a separate collision domain on each of the switch ports. This allows computers to have dedicated bandwidth on point-to-point connections to the network and also to run in full-duplex mode. Full-duplex mode has only one transmitter and one receiver per collision domain, making collisions impossible.

The network switch plays an integral role in most modern Ethernet local area networks (LANs). Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office (SOHO) applications typically use a single switch, or an all-purpose device such as a residential gateway to access small office/home broadband services such as DSL or cable Internet. In most of these cases, the end-user device contains a router and components that interface to the particular physical broadband technology. User devices may also include a telephone interface for Voice over IP (VoIP).

Role in a network

Switches are most commonly used as the network connection point for hosts at the edge of a network. In the hierarchical internetworking model and similar network architectures, switches are also used deeper in the network to provide connections between the switches at the edge.

In switches intended for commercial use, built-in or modular interfaces make it possible to connect different types of networks, including Ethernet, Fibre Channel, RapidIO, ATM, ITU-T G.hn and 802.11. This connectivity can be at any of the layers mentioned. While the layer-2 functionality is adequate for bandwidth-shifting within one technology, interconnecting technologies such as Ethernet and token ring is performed more easily at layer 3 or via routing.[6] Devices that interconnect at the layer 3 are traditionally called routers, so layer 3 switches can also be regarded as relatively primitive and specialized routers.[7]

Where there is a need for a great deal of analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall,[8][9] network intrusion detection,[10] and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules.[11]

Through port mirroring, a switch can create a mirror image of data that can go to an external device such as intrusion detection systems and packet sniffers.

A modern switch may implement power over Ethernet (PoE), which avoids the need for attached devices, such as a VoIP phone or wireless access point, to have a separate power supply. Since switches can have redundant power circuits connected to uninterruptible power supplies, the connected device can continue operating even when regular office power fails.

Layer-specific functionality

Smartswitch6000
A modular network switch with three network modules (a total of 24 Ethernet and 14 Fast Ethernet ports) and one power supply.

Modern commercial switches use primarily Ethernet interfaces. The core function of an Ethernet switch is to provide a multiport layer 2 bridging function. Many switches also perform operations at other layers. A device capable of more than bridging is known as a multilayer switch. Switches may learn about topologies at many layers and forward at one or more layers.

Layer 1

A layer 1 network device transfers data, but does not manage any of the traffic coming through it, an example is Ethernet hub. Any packet entering a port is repeated to the output of every other port except for the port of entry. Specifically, each bit or symbol is repeated as it flows in. A repeater hub can therefore only receive and forward at a single speed.[12] Since every packet is repeated on every other port, packet collisions affect the entire network, limiting its overall capacity.

By the early 2000s, there was little price difference between a hub and a low-end switch.[13] Hubs remained useful for a time for specialized applications, such supplying a copy of network traffic to a packet analyzer. A network tap may also be used for this purpose and many network switches now have a port mirroring feature that provides the same functionality.

Layer 2

5 Port Gigabit Netzwerk-Switch TL-SG1005D 01
Layer 2 switch without management functionality and 5 ports

A layer 2 network device is a multiport device that uses hardware addresses, MAC address, to process and forward data at the data link layer (layer 2).

A switch operating as a network bridge may interconnect devices in a home or office. The bridge learns the MAC address of each connected device. Bridges also buffer an incoming packet and adapt the transmission speed to that of the outgoing port. While there are specialized applications, such as storage area networks, where the input and output interfaces are the same bandwidth, this is not always the case in general LAN applications. In LANs, a switch used for end user access typically concentrates lower bandwidth and uplinks into a higher bandwidth.

Interconnect between switches may be regulated using spanning tree protocol (STP) that disables links so that the resulting local area network is a tree without loops. In contrast to routers, spanning tree bridges must have topologies with only one active path between two points. Shortest path bridging is a layer 2 alternative to STP allows all paths to be active with multiple equal cost paths.[14][15]

Layer 3

A layer-3 switch can perform some or all of the functions normally performed by a router. Most network switches, however, are limited to supporting a single type of physical network, typically Ethernet, whereas a router may support different kinds of physical networks on different ports.

A common layer-3 capability is awareness of IP multicast through IGMP snooping. With this awareness, a layer-3 switch can increase efficiency by delivering the traffic of a multicast group only to ports where the attached device has signalled that it wants to listen to that group.

Layer-3 switches typically support IP routing between VLANs configured on the switch. Some layer-3 switches support the routing protocols that routers use to exchange information about routes between networks.

Layer 4

While the exact meaning of the term layer-4 switch is vendor-dependent, it almost always starts with a capability for network address translation, and may add some type of load distribution based on TCP sessions or advanced QoS capabilities.[16]

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security gateway.

Layer 7

Layer-7 switches may distribute the load based on uniform resource locators (URLs), or by using some installation-specific technique to recognize application-level transactions. A layer-7 switch may include a web cache and participate in a content delivery network (CDN).[17]

Types

24-port 3Com switch
A rack-mounted 24-port 3Com switch

Form factors

Switches are available in many form factors, including stand-alone, desktop units which are typically intended to be used in a home or office environment outside a wiring closet; rack-mounted switches for use in an equipment rack or an enclosure; DIN rail mounted for use in industrial environments; and small installation switches, mounted into a cable duct, floor box or communications tower, as found, for example, in fibre to the office infrastructures.

Rack-mounted switches may be standalone units, stackable switches or large chassis units with swappable line cards.

Configuration options

Unmanaged switches have no configuration interface or options. They are plug and play. They are typically the least expensive switches, and therefore often used in a small office/home office environment. Unmanaged switches can be desktop or rack mounted.

Managed switches have one or more methods to modify the operation of the switch. Common management methods include: a command-line interface (CLI) accessed via serial console, telnet or Secure Shell, an embedded Simple Network Management Protocol (SNMP) agent allowing management from a remote console or management station, or a web interface for management from a web browser. Examples of configuration changes that one can do from a managed switch include: enabling features such as Spanning Tree Protocol or port mirroring, setting port bandwidth, creating or modifying virtual LANs (VLANs), etc. Two sub-classes of managed switches are smart and enterprise managed switches.

Smart (or intelligent) switches are managed switches with a limited set of management features. Likewise "web-managed" switches are switches which fall into a market niche between unmanaged and managed. For a price much lower than a fully managed switch they provide a web interface (and usually no CLI access) and allow configuration of basic settings, such as VLANs, port-bandwidth and duplex.[18]

Enterprise managed (or fully managed) switches have a full set of management features, including CLI, SNMP agent, and web interface. They may have additional features to manipulate configurations, such as the ability to display, modify, backup and restore configurations. Compared with smart switches, enterprise switches have more features that can be customized or optimized, and are generally more expensive than smart switches. Enterprise switches are typically found in networks with larger number of switches and connections, where centralized management is a significant savings in administrative time and effort. A stackable switch is a version of enterprise-managed switch.

Typical management features

19-inch rackmount Ethernet switches and patch panels
A couple of managed D-Link Gigabit Ethernet rackmount switches, connected to the Ethernet ports on a few patch panels using Category 6 patch cables (all equipment is installed in a standard 19-inch rack)

Traffic monitoring

It is difficult to monitor traffic that is bridged using a switch because only the sending and receiving ports can see the traffic.

Methods that are specifically designed to allow a network analyst to monitor traffic include:

  • Port mirroring – the switch sends a copy of network packets to a monitoring network connection.
  • SMON – "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.
  • RMON[19]
  • sFlow

These monitoring features are rarely present on consumer-grade switches. Other monitoring methods include connecting a layer-1 hub or network tap between the monitored device and its switch port.[20]

See also

Notes

  1. ^ In half duplex mode, each switch port can only either receive from or transmit to its connected device at a certain time. In full duplex mode, each switch port can simultaneously transmit and receive, assuming the connected device also supports full duplex mode.[5]

References

  1. ^ IEEE 802.1D
  2. ^ Thayumanavan Sridhar (September 1998). "Layer 2 and Layer 3 Switch Evolution". cisco.com. The Internet Protocol Journal. Cisco Systems. Retrieved 2014-08-05.
  3. ^ Robert J. Kohlhepp (2000-10-02). "The 10 Most Important Products of the Decade". Network Computing. Archived from the original on 2010-01-05. Retrieved 2008-02-25.
  4. ^ "Hubs Versus Switches – Understand the Tradeoffs" (PDF). ccontrols.com. 2002. Retrieved 2013-12-10.
  5. ^ "Cisco Networking Academy's Introduction to Basic Switching Concepts and Configuration". Cisco Systems. 2014-03-31. Retrieved 2015-08-17.
  6. ^ Joe Efferson; Ted Gary; Bob Nevins (February 2002). "Token-Ring to Ethernet Migration" (PDF). IBM. p. 13. Archived from the original (PDF) on 2015-09-24. Retrieved 2015-08-11.
  7. ^ Thayumanavan Sridhar (September 1998). "The Internet Protocol Journal - Volume 1, No. 2: Layer 2 and Layer 3 Switch Evolution". Cisco Systems. Retrieved 2015-08-11.
  8. ^ Cisco Catalyst 6500 Series Firewall Services Module, Cisco Systems,2007
  9. ^ Switch 8800 Firewall Module, 3Com Corporation, 2006
  10. ^ Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module, Cisco Systems,2007
  11. ^ Getting Started with Check Point Fire Wall-1, Checkpoint Software Technologies Ltd., n.d.
  12. ^ Dual speed hubs internally consist of two hubs with a bridge between them.
  13. ^ Matthew Glidden (October 2001). "Switches and Hubs". About This Particular Macintosh blog. Retrieved June 9, 2011.
  14. ^ Peter Ashwood-Smith (24 February 2011). "Shortest Path Bridging IEEE 802.1aq Overview" (PDF). Huawei. Archived from the original (PDF) on 15 May 2013. Retrieved 11 May 2012.
  15. ^ "IEEE Approves New IEEE 802.1aq Shortest Path Bridging Standard". Tech Power Up. 7 May 2012. Retrieved 11 May 2012.
  16. ^ S. Sathaye (January 1999), The Ins and Outs of Layer 4+ Switching, NANOG 15, archived from the original on 2007-04-13, It usually means one of two things: - 1. Layer 4 information is used to prioritize and queue traffic (routers have done this for years) - 2. Layer 4 information is used to direct application sessions to different servers (next generation load balancing).
  17. ^ How worried is too worried? Plus, a Global Crossing Story. Archived 2017-01-03 at the Wayback Machine, NANOG mailing list archives, S. Gibbard,October 2001
  18. ^ "Tech specs for a sample HP "web-managed" switch". Archived from the original on December 13, 2007. Retrieved 2007-05-25.CS1 maint: BOT: original-url status unknown (link)
  19. ^ Remote Network Monitoring Management Information Base, RFC 2819, S. Waldbusser,May 2000
  20. ^ "How to Build a Miniature Network Monitor Device". Retrieved 2019-01-08.

External links

AirPort Extreme

The AirPort Extreme was a residential gateway product from Apple Inc. combining the functions of a router, network switch, wireless access point and NAS as well as varied other functions, and one of Apple's AirPort products. The latest model, the 6th generation, supports 802.11ac networking in addition to older standards. Versions of the same system with a built-in network-accessible hard drive are known as the AirPort Time Capsule.

The name "AirPort Extreme" originally referred to any one of Apple's AirPort products that implemented the (then) newly introduced 802.11g Wi-Fi standard, differentiating it from earlier devices that ran the slower 802.11a and b standards. At that time the gateway part of this lineup was known as the AirPort Extreme Base Station. With the addition of the even faster Draft-N standards in early 2009 this naming was dropped, and from then on only the gateway has been known as the AirPort Extreme. Several minor upgrades followed, mostly to change antenna and power in the Wi-Fi. In 2013, a major upgrade added 802.11ac support and more internal antennas.

The AirPort Extreme has gone through three distinct physical forms. The earliest models were packaged similar to the original AirPort Base Station, in a round housing known as the "flying saucer". From 2007 to 2013 the Extreme was packaged in a rounded-rectangle white plastic housing, similar in layout and size to the Mac mini or earlier Apple TVs. The 2013 802.11ac model was re-packaged into a more vertical case, taller than it is square.

According to a Bloomberg report on November 21, 2016, "Apple Inc. has disbanded its division that develops wireless routers, another move to try to sharpen the company’s focus on consumer products that generate the bulk of its revenue, according to people familiar with the matter."In an April 2018 statement to 9to5Mac, Apple announced the discontinuation of its AirPort line, effectively leaving the consumer router market. Apple will continue supporting the AirPort Extreme, however the company now provides a list of recommended features when consumers are searching for a new wireless router.

Alaxala Networks

Alaxala Networks Corp. (アラクサラネットワークス株式会社, Arakusara Nettowākusu Kabushiki-gaisha), commonly known as its brand Alaxala, is a Japanese company headquartered in Kawasaki, Kanagawa, Japan, that offers networking hardware products.

Crossover switch

In electronics, a crossover switch or matrix switch is a switch connecting multiple inputs to multiple outputs using complex array matrices designed to switch any one input path to any one (or more) output path(s). There are blocking and non-blocking types of cross-over switches.

These switches can be microelectromechanical systems, electrical, or optical non-linear optics, and are used in electronics and fiber optic circuits, as well as some optical computers. A banyan switch is one type of cross-over switch. Their complexity depends on the topology of the individual switches in a switch matrix (how wide it is by how many 'plies' or layers of switches it takes), to implement the desired crossover logic.

Typical crossover matrices follow the formula: an N×N Banyan switch uses (N/2) log N elements. Other formulas are used for differing number of cross-over layers and scaling is possible, but becomes very large and complex with large N×N arrays. CAD and AI can be used to take the drudgery out of these designs.

The switches are measured by how many stages, and how many up/down sorters and crosspoints. Switches often have buffers built in to speed up switching speeds.

A typical switch may have a 2×2 and 4×4 down sorter, followed by an 8×8 up sorter, followed by a 2×2 crosspoint banyan switch network, resulting in a 3-level sorting for a 3-stage banyan network switch.

The future is moving to larger arrays of inputs and outputs needed in a very small space. See wafer fabrication and VLA's.

Ethernet crossover cable

An Ethernet crossover cable is a crossover cable for Ethernet used to connect computing devices together directly. It is most often used to connect two devices of the same type, e.g. two computers (via their network interface controllers) or two switches to each other. By contrast, patch cables or straight through cables are used to connect devices of different types, such as a computer to a network switch or Ethernet hub.

Intentionally crossed wiring in the crossover cable connects the transmit signals at one end to the receive signals at the other end.

Many devices today support auto MDI-X capability, wherein a patch cable can be used in place of a crossover cable, or vice versa, and the receive and transmit signals are reconfigured automatically within the devices to yield this desired result.

Fibre Channel switch

In the computer storage field, a Fibre Channel switch is a network switch compatible with the Fibre Channel (FC) protocol. It allows the creation of a Fibre Channel fabric, that is the core component of a storage area network (SAN). The fabric is a network of Fibre Channel devices which allows many-to-many communication, device name lookup, security, and redundancy. FC switches implement zoning, a mechanism that disables unwanted traffic between certain fabric nodes.

Fibre Channel switches may be deployed one at a time or in larger multi-switch configurations. SAN administrators typically add new switches as their server and storage needs grow, connecting switches together via fiber optic cable using the standard device ports. Some switch vendors offer dedicated high-speed stacking ports to handle inter-switch connections (similar to existing stackable Ethernet switches), allowing high-performance multi-switch configurations to be created using fewer switches overall.

Major manufacturers of Fibre Channel switches are: Brocade, Cisco Systems, and QLogic.

Getting By

Getting By is an American sitcom that aired on ABC from March 5, 1993, until May 21, 1993, and on NBC from September 21, 1993, until June 18, 1994. The series was created by William Bickley and Michael Warren, who also served as executive producers with Thomas L. Miller and Robert L. Boyett. The final Miller-Boyett series to begin its run under parent studio Lorimar Television, Getting By was folded into Warner Bros. Television for its second season, following Warner Bros.' absorption of Lorimar.

The series was initially successful as a part of ABC's TGIF lineup in its first season, but politics between ABC and Miller-Boyett Productions led to the show's switch to NBC for the second and final season.

Kalpana

Kalpana is a Sanskrit word that means "creativity" and "imagination" in Hindi, Telugu, Marathi and Nepali. It is also a popular female Hindu name and Hindi for chimera. It may also refer to:

Kalpana (imagination), a Vedantic view

Kalpana (supercomputer), at NASA's Ames Research Center

Kalpana (company), inventor of the first Ethernet network switch

Kalpana-1, an Indian meteorological satellite

Link encryption

Link encryption is an approach to communications security that encrypts and decrypts all traffic at each network routing point (e.g. network switch, or node through which it passes) until arrival at its final destination. This repeated decryption and encryption is necessary to allow the routing information contained in each transmission to be read and employed further to direct the transmission toward its destination, before which it is re-encrypted. This contrasts with end-to-end encryption where internal information, but not the header/routing information, are encrypted by the sender at the point of origin and only decrypted by the intended receiver.

Link encryption offers a couple of advantages:

encryption is automatic so there is less opportunity for human error.

if the communications link operates continuously and carries an unvarying level of traffic, link encryption defeats traffic analysis.On the other hand, end-to-end encryption ensures only the recipient sees the plaintext.

Link encryption can be used with end-to-end systems by superencrypting the messages.

Bulk encryption refers to encrypting a large number of circuits at once, after they have been multiplexed.

Modular computer network switch

A modular computer network switch is a computer network switch which can be modified using field-replaceable units after they are acquired. Modular network switches give network operators more flexibility as the network requirements change. They also allow the switches to be serviced on the operator site.

Some components which can usually be added or replaced are :

Additional network interfaces using line cards

Power supplies

Cooling fansModular switches may have a supervisor module which controls the operation of other components and one or more line cards that add additional functionality to the switch

Multilayer switch

A multilayer switch (MLS) is a computer networking device that switches on OSI layer 2 like an ordinary network switch and provides extra functions on higher OSI layers.

Switching technologies are crucial to network design, as they allow traffic to be sent only where it is needed in most cases, using fast, hardware-based methods. Switching uses different kinds of network switches. A standard switch is known as a layer 2 switch and is commonly found in nearly any LAN. Layer 3 or layer 4 switches require advanced technology (see managed switch) and are more expensive, and thus are usually only found in larger LANs or in special network environments.

Network partition

A network partition refers to network decomposition into relatively independent subnets for their separate optimization as well as network split due to the failure of network devices. In both cases the partition-tolerant behavior of subnets is expected. This means that even after the network is partitioned into multiple sub-systems, it still works correctly.

For example, in a network with multiple subnets where nodes A and B are located in one subnet and nodes C and D are in another, a partition occurs if the network switch device between the two subnets fails. In that case nodes A and B can no longer communicate with nodes C and D, but all nodes A-D work the same as before.

OpenFlow

OpenFlow is a communications protocol that gives access to the forwarding plane of a network switch or router over the network.

Open vSwitch

Open vSwitch, sometimes abbreviated as OVS, is an open-source implementation of a distributed virtual multilayer switch. The main purpose of Open vSwitch is to provide a switching stack for hardware virtualization environments, while supporting multiple protocols and standards used in computer networks.The project's source code is distributed under the terms of Apache License 2.0.

Port mirroring

Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic such as an intrusion detection system, passive probe or real user monitoring (RUM) technology that is used to support application performance management (APM). Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN) or Remote Switched Port Analyzer (RSPAN). Other vendors have different names for it, such as Roving Analysis Port (RAP) on 3Com switches.

Network engineers or administrators use port mirroring to analyze and debug data or diagnose errors on a network. It helps administrators keep a close eye on network performance and alerts them when problems occur. It can be used to mirror either inbound or outbound traffic (or both) on single or multiple interfaces.

Residential gateway

A residential gateway is a small consumer-grade router which provides network access between local area network (LAN) hosts to a wide area network (WAN) via a modem. The modem may or may not be integrated into the hardware of the residential gateway. The WAN is a larger computer network, generally operated by an Internet service provider.

System Link

System Link is a form of offline multiplayer gaming on the Xbox and Xbox 360 gaming console over a LAN (local area network). A network switch and standard straight-through Ethernet cables may be used to link multiple consoles together, or two consoles can be connected directly. Connecting two Xbox consoles to each other without a switch requires a crossover cable, while Xbox 360 consoles can use standard cables.

One copy of each game for each Xbox console is required to use System Link. Each game must be an identical release with or without identical bonus and/or downloadable content. Some Platinum Hits discs will not link with non-Platinum Hits discs.

The purpose of this is to have multiplayer gameplay on multiple consoles, which allows for a non-split screen multiplayer gaming experience and far more players in one game than a single console can support. Halo: Combat Evolved allows up to 16 players on split screens on four consoles to partake in a simultaneous 16-player game. Later, post-Xbox Live games such as Halo 2 and Unreal Championship supported more consoles per game than the maximum of four supported by Halo. While "system link" was popularized by the pre-Xbox Live era Xbox games, the capability has been used for years in computer gaming. The primary advantage of system link is to allow users to host their own games and control the settings. System link can be visualized as an Xbox being used as a small server and "hosting" other Xbox's.

System Link also allows for Virtual Private Networks (VPNs) to take place, which allows LAN to take place over the internet.

The Xbox 360 can not only use wired Ethernet to connect to a LAN, but also use a wireless adapter (such as the Xbox 360 Wireless Network Adapter in an access point-based or mesh network). Additionally, some Xbox Live titles like Halo 3 can play a match with players connected over Xbox Live and on the same LAN.

By allowing multiplayer games over the same LAN, System Link has led to the formation of private and public LAN parties.

Virtual Extensible LAN

Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).VXLAN is an evolution of efforts to standardize on an overlay encapsulation protocol. It increases scalability up to 16 million logical networks and allows for layer 2 adjacency across IP networks. Multicast or unicast with head-end replication (HER) is used to flood broadcast, unknown unicast, and multicast (BUM) traffic.The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks.

VXLAN was officially documented by the IETF in RFC 7348.

Open vSwitch is an example of a software-based virtual network switch that supports VXLAN overlay networks.

Virtual LAN

A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). LAN is the abbreviation for local area network and in this context virtual refers to a physical object recreated and altered by additional logic. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

VLANs allow network administrators to group hosts together even if the hosts are not directly connected to the same network switch. Because VLAN membership can be configured through software, this can greatly simplify network design and deployment. Without VLANs, grouping hosts according to their resource needs necessitates the labor of relocating nodes or rewiring data links. VLANs allow networks and devices that must be kept separate to share the same physical cabling without interacting, improving simplicity, security, traffic management, or economy. For example, a VLAN could be used to separate traffic within a business due to users, and due to network administrators, or between types of traffic, so that users or low priority traffic cannot directly affect the rest of the network's functioning. Many Internet hosting services use VLANs to separate their customers' private zones from each other, allowing each customer's servers to be grouped together in a single network segment while being located anywhere in their data center. Some precautions are needed to prevent traffic "escaping" from a given VLAN, an exploit known as VLAN hopping.

To subdivide a network into VLANs, one configures network equipment. Simpler equipment can partition only per physical port (if at all), in which case each VLAN is connected with a dedicated network cable. More sophisticated devices can mark frames through VLAN tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Since VLANs share bandwidth, a VLAN trunk can use link aggregation, quality-of-service prioritization, or both to route data efficiently.

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.