Layer 3 switch various functions

Filter that blocks the packet

　Filtering refers to a function to relay or discard a specific packet received by the L3 switch.Used to reduce unnecessary traffic and ensure network security.

　When used in the LAN, for example, it is said that the transmission and reception packet with a server that contains confidential information such as personnel data and R & D data is discarded between networks in the Human Resources and R & D departments and other internal networks.Filtering is often done.As a result, it is possible to prevent unauthorized access from the outside of the department and prevent information leakage from outside.

　パケットをフィルタリングするには、まず対象となるフロー^※1を検出しなければならない。そのため、送信元MACアドレス・宛先MACアドレスなどのレイヤ2の情報、あるいは送信元IPアドレス・宛先IPアドレス・ポート（プロトコル）番号などのレイヤ3の情報を条件として、単独または複数で指定し、フローを特定する。

* 1: A set of Ethernet frames and IP packets with common attributes that pass through the flow L3 switch is called flows.Packets belonging to the same flow match one or more header items such as MAC addresses, IP addresses, and port numbers.

　The combination of flow detection conditions and the movement (action) of the flow (action) of the flow to the flow is called "filter entry".With a high -performance L3 switch, a different filter entry can be set for each physical interface for each input and output.On the other hand, inexpensive L3 switches may only be able to set a filter entry for each VLAN input and output.

　The operation of L3 switches and routers filtering packets is as shown in Fig. 1.Recently, the number of switches that handle these filtering processing at high speed with hardware is increasing.

Figure 1 Filtering operation

Policy routing and load balancing

　Policy routing refers to a special routing method that transfers packets to specific routes based on the policy set by the user instead of the routing table (route table).Although it is similar to static routing, policy routing enables detailed route control not only for the destination IP address, but also on conditions such as port numbers and sending source IP addresses.

　For example, there are two routes from a network to another network, and if you follow the routing table, let's consider a configuration that uses a 100Mbps wide area Ethernet line and uses a dedicated 1Mbps line only if it is disconnected (Fig.2).When introducing an IP phone in this network, a policy route can be used to pass a dedicated line with less delay only for IP phone traffic.

Figure 2 Comparison of normal routing, policy routing, ECMP

　Most L3 switches and routers policy routing functions are implemented in combination with the filtering function mentioned above.Therefore, the flow detection conditions for the policy routing are basically the same as the condition of filtering detection.In addition, the policy routing policy is often implemented, such as describing the route information that transfers the packet after relaying the operation instructions in the interface or VLAN input filter entry.

　Road balancing is a function that distributes traffic loads when multiple routes reach the destination network address.The link -acting of Layer 2 introduced in the second installment of this series also realizes load balancing, but in principle, the same standard Ethernet line can be bundled with the switch.On the other hand, the load balance function of the Layer 3 (IP layer) can be used in a different transmission medium, or a load balancing can be performed even if there are multiple L3 switches and routers at the end of the transmission medium.It is also called "ECMP (Equal Cost Multi Path)" to prepare two same routes at the same cost and distribute traffic as appropriate.

　もっとも単純な実装は、送出するパケットをラウンドロビン方式^※2で順繰りに各経路に割り振る方法だ。ただ、これは回線速度を考慮せず機械的にパケットを割り当てるため、低速な回線で帯域超過を起こしてパケットを喪失する可能性が高い。

* 2: In the case of load dispersion of a roundrobin method network, it is to assign a packet (frame) transmission process to multiple lines in order.All processing is equally handled in the round robin method.

(Following the next page, following "Rodundization function VRRP")