®

Layer 3 Switching

3 C o m T e c h n i c a l P a p e r s

An Introduction

11

Layer 3 SwitchingAn Introduction

Contents

A Brief History of Protocol Layering 2

Effective Information Management 2

Layering 101 3

Contemporary Layering Model 3

Layer 1 4

Layer 2 4

Layer 3 5

Layer 4 6

Layer 5 6

Enter the Layer 3 Switch 6

A Layer 3 Switch Is a Router 7

Router Interfaces as Layer 2 Switching Domains 7

Effective Application of Policy 7

Ease of Management 8

Layer 3 Switching v. Traditional Routing 8

The Business Case for a Layer 3 Switch 8

Cost Savings 10

Case Study 10

Initial Network 11

Phase 1 11

Phase 2 12

Phase 3 12

Future Trends 12

Conclusion 13

Layer 3 SwitchingAn Introduction

By Robert Ciampa

Many people involved in the deployment ofinformation technology compare their professionto the world of Indiana Jones, a Hollywoodaction hero of great intelligence, challenged byfriendly and unfriendly forces while searching theworld for lost cities and hidden treasure. LikeIndiana Jones, IT managers might not have asecond chance if they make a wrong decision. Infact, the journey through the networking jungleis full of deception, wrong turns, and stumblingblocks.

In a competitive environment, the propertechnology decisions can catapult corporationsover their competitors, erasing barriers to entryand redrawing the battlefield. A prime exampleis amazon.com, which has used the Internet torevolutionize the bookselling industry, at theexpense of formidable competitors who nowattempt to mimic the techniques of their upstartfoe. On the other hand, blindly following tempo-rary technology fashion may leave IT managersstuck in the jungle, or out of a job.

This paper is a map through the jungle ofinternetworking infrastructure, particularlyfocusing on how Layer 2 switching and Layer 3routing have combined to form the powerfulLayer 3 switching architecture. The paper ana-lyzes Layer 3 switching from both a functionaland an operational perspective, helping thereader make an informed assessment of its meritsas an enabling technology.

A Brief History of Protocol Layering

To fully appreciate Layer 3 switching, it is use-ful to examine its ancestry, since many com-mon traits still prevail. Rather than go back tothe stone age of hierarchical networking, we’llbegin with the “modern era” of data commu-nications, a time of peer-to-peer networkingwith heterogeneous systems. It is interesting tonote that hierarchical networking—its bestexample being IBM’s Systems NetworkArchitecture (SNA)—was probably the quin-tessential—but immutable—client/server

architecture. SNA’s formal counterpart, theInternational Standards Organization (ISO)Open Systems Interconnect (OSI) model,which was a seven-element layout, succeededmore as a pedagogical tool than as an imple-mentation foundation. As a result, manyacademics, along with the some rare imple-menters (Digital Equipment Corporation withDECnet Phase V) were left in the networkingjungle.

Meanwhile, the Internet Protocol (IP)was enjoying some deployment success, firstthrough the U.S. Department of Defense’sARPANET—the genesis of the Internet—then into diverse university communities. IPand its associated higher-layer protocols, suchas User Datagram Protocol (UDP) and Trans-port Control Protocol (TCP), were supposedto be supplanted by the OSI protocols, butthe increasing complexity of OSI, exacerbatedby a prolonged ratification process, underminedits prospects. IP continued to be deployed,while other IP-like protocols such as NetWare’sIPX and Apple’s AppleTalk were enjoying theirown success. The similarity among IP, IPX,and AppleTalk is no accident: they share acommon lineage through Xerox Network Sys-tems (XNS), an older but simpler model thanOSI.

Effective Information Management

Just as there are many types of jungles, sothere are many types of data networks. Andjungles and networks have some striking simi-larities in the way they are organized. In thejungle, the parts of the whole are calledecosystems; in the network, they are called lay-ers. Each subsystem, or layer, is often quitedistinct from others within the same system ornetwork, but depends upon access to the oth-ers for its survival. Call it the food chain orcall it the protocol stack.

Knowledge of layering is crucial for thestrategic and tactical deployment of both net-working and information technology in anorganization. Many people view layering as anacademic exercise in which Layer 2 representsswitching and Layer 3 represents routing.Such shortsighted thinking leaves many orga-nizations at the mercy of the performance

22

Acronyms andAbbreviations

ASIC

application-specific

integrated circuit

ATM

Asynchronous Transfer Mode

BGP

Border Gateway Protocol

CoS

Class of Service

DHCP

Dynamic Host Configuration

Protocol

DNS

Domain Name System

FDDI

Fiber Distributed Data

Interface

FIRE

Flexible Intelligent Routing

Engine

IEEE

Institute of Electrical and

Electronics Engineers

IETF

Internet Engineering Task

Force

IP

Internet Protocol

IPsec

IP Security

ISO

International Standards

Organization

ISP

Internet service provider

MAC

Media Access Control

MIB

Management Information

Base

MPOA

Multiprotocol over ATM

constraints of their collapsed backbonerouters. Understanding the capabilities andlimits of each layer is the foundation for infor-mation management. Strategic decisions mustbe made about application deployment, net-work scalability, performance, and cost ofownership. Tactical decisions must be madeabout which products to apply as part of anoverall solution. This methodology becomeseven more important as voice, video, and datanetworks continue to converge, blurring theonce clear demarcation between data commu-nications and telecommunications.

Layering 101

Although this paper is about Layer 3 switch-ing, a quick overview of layering is needed.Layering schemes provide guidelines, ratherthan strict rules, for delegating networkingfunctionality. Figure 1 shows the basic princi-ples of layering. Elements at the same layer,shown on the horizontal, are known as peersand communicate via a well-known (and doc-umented) protocol. Messages are exchangedamong peers, the protocol defining the for-mat, syntax, semantics, and sequencing. Ele-ments within the same stack, shown on thevertical, communicate via an internal interface.This interface, though usually not well docu-mented nor standard, often exhibits the samecharacteristics as a protocol, the only differ-ence being that the interface protocol betweenLayer n and Layer n + 1 on stack 1 may bewholly different from that of stack 2.

As mentioned, communication withinone stack may be different from that within

other stacks and entirely proprietary, but com-munication between peers in different stacksmust be open and consistent. The notion ofopen systems has been a major factor in thegrowth and operation of the Internet, alongwith those of institutional organizations. It isalso important to note that an element at aparticular layer may be further broken downinto additional layers. This is most clearly seenwith Asynchronous Transfer Mode (ATM)models. Finally, in certain models, higher lay-ers may share information with lower layers toeither conserve system resources or improveperformance. The Internet Engineering TaskForce (IETF) Next-Hop Resolution Protocol(NHRP) is an example of this intra-layer com-munication, allowing Layer 3 “shortcuts.”This concept will be discussed later.

Contemporary Layering Model

For many years, the OSI model (Figure 2) wasthe reference layering paradigm for data net-working. The OSI model was an extremelypowerful architecture that included well-defined Layer n ⁄ Layer n + 1 protocols inaddition to rich peer-to-peer protocols. Unfor-tunately, much of this model succumbed tothe complexity of the protocols and the effectsof an overly rigorous standardization process.Since only a few elements survived to becomepart of the contemporary networking model,no further analysis will be made of this model.

The contemporary network layer archi-tecture is much simpler than its OSI counter-part. Originating from various research anddefense initiatives, the contemporary modelwas intended to be supplanted by OSI.Instead, it became the de facto networking

33

Acronyms andAbbreviations

NHRP

Next-Hop Resolution

Protocol

OSI

Open Systems Interconnect

OSPF

Open Shortest Path First

QoS

Quality of Service

RIP

Routing Information

Protocol

RMON

Remote Monitoring

RSVP

Resource Reservation

Protocol

RTP

Real Time Protocol

SDH

Synchronous Digital

Hierarchy

SLA

Service Level Agreement

SNA

Systems Network

Architecture

SONET

Synchronous Optical

Network

TCP

Transport Control Protocol

UDP

User Datagram Protocol

VPN

virtual private network

WAN

wide area network

WinSock

Windows Sockets

XNS

Xerox Network Systems

Layer n + 1 Layer n + 1

Layer n Layer n

Layer n – 1 Layer n – 1

Figure 1. Layering Reference Model

Application

Presentation

Session

Transport

Network

Data link

Physical

Figure 2. OSI Layering Model

standard, especially through IP. As mentioned,both IPX and AppleTalk are quite similar toIP, but are slowly becoming less prominent asIP dominance continues to grow. This discus-sion will emphasize IP, but the methods dis-cussed can easily be applied to environmentsusing NetWare and Apple protocols.

Figure 3 shows the contemporary net-working model based upon IP. Network par-ticipants, whether infrastructure equipment(switches and routers) or end systems (clientsand servers), may include some or all of theprotocol stack.

Layer 1

This layer, known as the interface layer, isresponsible for device connectivity. Thoughusually represented by well-known networktypes—Ethernet, Fast Ethernet, Gigabit Eth-ernet, Token Ring, FDDI, ATM, SONET/SDH, etc.—Layer 1 also covers the subtypes.For example, Fast Ethernet provides physicalconnectivity over copper media (100BASE-TX) and over fiber media (100BASE-FX).Fiber can be further divided into multimodeor single mode, with single mode further par-titioned based on its “reach,” the distance overwhich it can transmit. Certain technologiesare actually used as a pure Layer 1 element(SONET/SDH) or provide a virtual Layer 1element (ATM with SONET/SDH).

While the various types of Ethernet arerather straightforward, FDDI, ATM, andSONET/SDH add more complexity, whileproviding extended Layer 1 capabilities suchas fault tolerance and support for physicalmultiplexing to support distinct traffic flowssuch as voice and data. With these addedcapabilities comes added cost, and sometimesslower performance.

Layer 2

This layer, known as the switching layer,allows end station addressing and attachment.Because architectures up to Layer 2 allow endstation connectivity, it is often practical toconstruct a Layer 2–only network, providingsimple, inexpensive, high-performance con-nectivity for hundreds or even thousands ofend stations. The past five years have seen theextraordinary success of the “flat” networktopologies provided by Layer 2 switches con-nected to other Layer 2 switches or ATMswitches.

Layer 2 switching, also called bridging,forwards packets based on the unique MediaAccess Control (MAC) address of each endstation. Data packets consist of both infra-structure content, such as MAC addresses andother information, and end-user content. AtLayer 2, generally no modification is requiredto packet infrastructure content when goingbetween like Layer 1 interfaces, like Ethernetto Fast Ethernet. However, minor changes toinfrastructure content—not end-user datacontent—may occur when bridging betweenunlike types such as FDDI and Ethernet.Either way, processing impact is minimal andso is configuration complexity.

Layer 2 deployment has seen the moststriking infrastructure change over the pastdecade. Shared Ethernet, represented by par-ticular cable types or contained within sharedhubs, offered a very simple, and even moreinexpensive, approach for Layer 2. Thoughstill quite popular, shared technology, whereall stations use the same bandwidth slice, hasvery limited scaling capabilities. Dependingupon the applications being used, shared net-works of more than one hundred users arebecoming less common. Many networkdesigners have “tiered” their infrastructure byfeeding shared Layer 2 into switched Layer 2or even Layer 3. Switched Layer 3 apportionseach station—or port—its own dedicatedbandwidth segment. Recent enhancements atLayer 2 provide packet prioritization capabili-ties for the application of network policies.The new IEEE 802.1p standard defines Classof Service (CoS) policies capabilities for Layer2 segments.

44

Application

Transport

Routing

Switching

Interface

Figure 3. Contemporary Layering Model

Note that Layer 2 does not ordinarilyextend beyond the corporate boundary. Toconnect to the Internet usually requires arouter; in other words, scaling a Layer 2 net-work requires Layer 3 capabilities.

Layer 3

This layer, known as the routing layer, pro-vides logical partitioning of subnetworks, scal-ability, security, and Quality of Service (QoS).QoS, a recent enhancement to Layer 3, goesbeyond the simple packet prioritization foundin CoS by providing bandwidth reservationand packet delay bounding.

The backbone of the Internet, along withthose of many large organizations, is builtupon a Layer 3 foundation. IP is the premierLayer 3 protocol. In addition to Layer 2 MACaddresses, each IP packet also contains sourceand destination IP addresses. For an intranetpacket, one IP address addresses the client, theother the server.

IP in itself is not a particularly complexprotocol; extensive capabilities are supplied bythe other components of the IP suite. TheDomain Name System (DNS) removes theburden of remembering IP addresses by asso-ciating them with real names. The DynamicHost Configuration Protocol (DHCP) easesthe administration of IP addresses and is usedextensively by network administrators andInternet service providers (ISPs). Routing pro-tocols such as Open Shortest Path First(OSPF), Routing Information Protocol (RIP),and Border Gateway Protocol (BGP) provideinformation for Layer 3 devices to direct datatraffic to the intended destination. IP Security(IPsec) furnishes elements necessary for secu-rity, such as authentication and encryption. IPnot only allows for user-to-user communica-tion, but also for efficient dissemination overpoint-to-multipoint flows, known as IP Multi-cast. Higher-layer protocols, discussed later inthis paper, provide even greater versatility forcontent distribution.

Although many organizations receivedtremendous performance advantages by con-verting routed and shared networks to Layer 2switching, it became apparent that some levelof partitioning was still required. Consequently,

routers maintained a presence at many pointswithin a corporate network. For a while thispresented minimal problems, since a majorityof the data traffic stayed local to the subnet,which was increasingly being serviced by aLayer 2 switch. But concurrent with theincreasing acceptance of Layer 2 switching asan essential component of network infrastruc-ture were two other developments: the migra-tion of servers to server farms for increasedsecurity and management of data resources;and the deployment of intranets, organization-wide client/server communications based onWeb technology. These factors began movingdata flows off local subnets and onto therouted network, where the limitations ofrouter performance increasingly led to bottle-necks.

With the routers causing informationflow constriction, IT managers becameincreasingly reluctant to deploy new, enablingtechnologies, such as multicast-based applica-tions and middleware. Even the migration ofdesktops to higher-performance media con-nections, such as 100 Mbps Fast Ethernet,were scrutinized as long as 10 Mbps routerinterface funnels were in place.

Router vendors attempted to respond byoffering higher-performance interface cards,but throughput was fundamentally boundedby centralized, software-based architecturesthat simply could not go any faster. The samesoftware responsible for managing WAN links,X.25, and asynchronous terminal lines wasnow expected to handle next-generation giga-bit networks. Router vendors tried distribut-ing functionality to improve performance,resulting in a hodgepodge collection of routeprocessing and interface cards. Was the devicestill routing, or was it performing some otherpacket forwarding scheme?

Emerging QoS was even more suspect.The IETF was moving forward on ResourceReservation Protocol (RSVP), a signalingmethod to set up bandwidth and delay controlon packet-based internetworks. MonitoringRSVP flows, using a process know as policing,required extensive software support on alreadyoverburdened legacy routers. Could QoS bepractical on a contemporary LAN?

55

Meanwhile, standards bodies such as theATM Forum were working on methods tooffload the Layer 3 bottleneck by exploitingthe capabilities of the lower layers. One resultwas the Multiprotocol over ATM (MPOA)specification, which uses Layer 3 routinginformation and the IETF’s NHRP protocolto offload the routers and provide forwardingat the physical (ATM) layer. A Layer 3 switchcan route at Layer 3 or utilize MPOA; the per-formance is identical.

Layer 4

This layer, known as the transport layer, is thecommunication path between user applica-tions and the network infrastructure anddefines the method of communicating. TCPand UDP are well-known examples of ele-ments at the transport layer. TCP is a “con-nection-oriented” protocol, requiring theestablishment of parameters for transmissionprior to the exchange of data. Web technologyis based on TCP. UDP is “connectionless” andrequires no connection setup, which is espe-cially important for multicast flows. Elementsat this level also differ in the amount of errorrecovery provided and whether or not it is vis-ible to the user application. Both TCP andUDP are layered on IP, which has minimalerror recovery and detection mechanisms,leaving the burden at Layer 4 or higher. TCPforces retransmission of data that was lost bythe lower layers, whereas UDP makes theapplication responsible.

A major enhancement to multimedia sup-port at Layer 4 is the Real Time Protocol(RTP). RTP works in conjunction with UDP,and provides services necessary for packet tim-ing and sequencing. Many time-sensitiveapplications running over IP networks nowactually include both UDP and RTP.

Layer 5

This layer, known as the application layer,provides access to either the end user or sometype of information repository such as a data-base or data warehouse. Users communicatewith the application, which in turn deliversdata to the transport layer. Applications donot usually communicate with the lower layers;

rather, they are written to interface with a spe-cific communication library, like the popularWinSock library available in Windows-basedworkstations.

When defining the behavior of the appli-cations they are writing, developers decide onthe type of transport mechanism necessary.For example, database or Web access requiresrobust, error-free access and would demandTCP, though it could be implemented withmore code and in a more cumbersome man-ner with UDP. Multimedia, on the otherhand, cannot tolerate the overhead of connec-tion-oriented traffic and will commonly makeuse of UDP. For prioritization, either TCP norUDP can be selected, depending on the appli-cation or other parameters such as time of day.Any assistance that a network device can pro-vide in terms of prioritization of the applica-tion would be extremely beneficial to thenetwork manager, particularly during times oftraffic volume from the LAN to the WAN.

Enter the Layer 3 Switch

Traditional routers, once the core componentsof enterprise networks, became a major obsta-cle to the migration toward next-generationnetworks. All the magic and alchemy involvedin trying to make a software-based router for-ward packets more quickly created only anillusion of serious Layer 3 routing performance.A fundamental shift in technology wasrequired.

In 1992, 3Com, a pioneer in both Layer2 switching and traditional routing, beganintegrating its switching and routing products.The motivation was twofold: to reduce thenumber of devices to be managed, and tolower the cost of a combined Layer 2 and 3solution. Though the first solution was mostlysoftware based, subsequent products displayedincreasing use of application specific integratedcircuits (ASICs)—first for address table queries,then for forwarding packets. In 1997, 3Comdelivered its third-generation, fully ASIC-enabled Layer 3 CoreBuilder™ 3500 switch,based on the Flexible Intelligent RoutingEngine (FIRE) ASIC. For more informationon FIRE, see the white paper “Flexible Intelli-gent Routing Engine (FIRE): The Third-

66

Generation Layer 3 Switching Architecturefrom 3Com,” available at www.3com.com.

Table 1 shows 3Com’s Layer 3 switchingproduct evolution.

A Layer 3 Switch Is a Router

Vendors and the trade press alike have tried toapply the term “Layer 3 switch” to variousproducts of the day, succeeding only in con-fusing IT decision makers. This paper aims toremove that confusion. A Layer 3 switch doeseverything to a packet that a traditional routerdoes:• Determines forwarding path based on

Layer 3 information• Validates the integrity of the Layer 3 header

via checksum• Verifies packet expiration and updates

accordingly• Processes and responds to any option infor-

mation• Updates forwarding statistics in the Man-

agement Information Base (MIB)• Applies security controls if required

Because it is designed to handle high-per-formance LAN traffic, a Layer 3 switch can beplaced anywhere within a network core orbackbone, easily and cost-effectively replacingthe traditional collapsed backbone router. TheLayer 3 switch communicates with the WANrouter using industry-standard routing proto-cols like RIP and OSPF.

Router Interfaces as Layer 2 Switching Domains

The Layer 3 switch has inherent Layer 2switching domains per interface, allowing forindividual subnet bandwidth allocation, alongwith broadcast containment. Not all interfacesare created equal, so the ability to group ports

together, whether based on physical character-istics or protocol information, is an extremelypowerful tool for network designers concernedwith capacity planning. This architecture isinherently scalable, capable of supportingnumerous external Layer 2 switches that resideeither in the data center or the wiring closet.

Such a design model preserves the subnet-ted infrastructure, concurrently boosting per-formance of those subnets and enabling thedeployment of switched 10, 100, or 1000Mbps right to the desktop if so desired. Theconcept of “subnet preservation” is the key toeffective and trouble-free network migra-tion—it allows gradual migration, helping ITmanagers to work within their staffing con-straints without the need to renumber andreassign their entire network.

Effective Application of Policy

As previously stated, contemporary Layer 3switches perform their forwarding—whetherLayer 2, Layer 3, unicast, multicast, or broad-cast—in hardware. Software is deployed tohandle network administration, table manage-ment, and exception conditions. Some tech-nologists view the hardware component of aLayer 3 switch as inflexible. In fact, hardwareprovides the ultimate flexibility not only inperformance, but in parallel processing aswell. The parallel processing model allows thenetwork device to perform far more opera-tions on packets than previously imagined,especially with respect to the application ofpolicy.

A policy is a mechanism to alter the nor-mal forwarding of a packet through a net-working device. Familiar examples includesecurity, load balancing, and protocol option

77

Table 1. Layer 3 Switching Product Evolution

Generation Technology Product Routing Performance

First Software LANplex 5000 switch 50K pps

Second ISE ASIC CoreBuilder 2500, 6000 switch 100K–1.1M pps

Third FIRE ASIC CoreBuilder 3500, 9000 switch 3.5M–64M pps

processing. Newer policies include QoS, a wayto allocate bandwidth and control propagationdelay, in addition to CoS, a way to managepacket prioritization. QoS and CoS policiesare not only meant to enable new multimediaapplications, such as LAN telephony, but toensure network response time for mission-critical applications, such as telemedicine.Policy implemented by intelligent networkingdevices, such as Layer 3 switches, enables theintegration of voice, video, and data onto thesame infrastructure, a process 3Com callsconvergence.

Software-based architectures cannot seam-lessly administer policy controls at even mod-erate rates of speed (beyond 10 Mbps). TheLayer 3 switch solves the problem, enablingpolicies to be applied at the same performancelevels as ordinary Layer 2 and 3 forwarding.Further innovation allows the Layer 3 switchto apply policy based on Layer 4 information,such as TCP and UDP port information. For-ward thinkers refer to this as “Layer 4 switch-ing.” The FIRE architecture supports all thesepolicies, all the way to Layer 4.

Even with the massive capacity additionsbeing planned for many networks, effectivepolicy management enabled by Layer 3switching is key to the protection and avail-ability of critical resources.

Ease of Management

One of the critical success factors for the Layer2 switch was its implementation and opera-tional simplicity. Deployment was often aseasy as powering on the switch, assigning it anIP address, and making the physical networkconnections. Routers, on the other hand,required extensive training and forced users tosift through a multitude of arcane commands.Layer 3 switches remove such complexity.Setting up a routed environment is as simpleas setting up a Layer 2 switch, defining therouted interface, and enabling the routingprotocols. IT managers concerned about theirinvestment in training staff on traditionalrouter platforms must assess whether this istruly an investment, or simply a sunk costbased upon vendor lock-in schemes.

For the network management applicationperspective, a Layer 3 switch behaves exactlyas a legacy router does. Because of its Layer 2component, extensive Remote Monitoring(RMON) capabilities are available. However,since Layer 3 and Layer 4 capabilities are pre-sent in the Layer 3 switch, higher-layer moni-toring is available with RMON2 technology.RMON and RMON2 have historically beendeployed with expensive external devicesknown as probes. Moving the RMON/RMON2 capability into the Layer 3 switch isa major benefit for IT administrators.

Layer 3 Switching vs. Traditional Routing

By now, it should be clear that a Layer 3switch can be deployed anywhere in the LANwhere a traditional router can be or has beenused.

Table 2 compares the two types ofdevices. The Layer 3 switch has been opti-mized for high-performance LAN support andis not meant to service wide area connections(although it could easily satisfy the require-ments for high-performance MAN connectiv-ity, such as SONET). This optimization booststhe performance of a Layer 3 switch to as muchas ten times that of a legacy router, while dri-ving the price down to as little as a tenth. Thiscost comparison does not include the lowertraining costs for Layer 3 switch administra-tors or the increased productivity of a high-performance network.

There is another major architectural dif-ference between a Layer 3 switch and a router.A traditional router organizes bridging (Layer2) and routing (Layer 3) as peers. A Layer 3switch layers routing on top of switching, per-mitting a more natural networking architec-ture while greatly facilitating scalability.

The Business Case for a Layer 3 Switch

Some IT managers may be concerned aboutdeploying a “new” technology such as Layer 3switching to their network. But Layer 3switching is really an integration of twoproven technologies: switching and routing.In fact, some Layer 3 switches are running theexact same routing software that has been fullytested and used in mission-critical networks

88

for nearly a decade. So whether the decisionmaker is an early adopter of technology ormore conservative, the Layer 3 switch can sat-isfy both needs.

The first step toward the deployment ofnext-generation IT infrastructures is to ignorethe networking element. Although this mayseem absurd, it allows managers to focus onthe end users, services, and data without beingbound by historical network deficiencies. Thenetwork should be transparent. When therequirements for information transfer areknown, capacity planning techniques willdetermine the necessary client and serverinterconnects. Organizational and securitymandates are then applied, yielding the policyand subnetted infrastructure. Cost is thenfactored in. Finally, the decision is maderegarding the appropriate networking prod-ucts to satisfy these requirements.

Layer 3 switching technology must beconsidered from two perspectives. First, as amigration tool to move users forward tohigher-performance networking, or surpris-ingly, to squeeze more performance out ofwhat is currently installed. Many users com-plain about FDDI performance, only to dis-cover that the network is running at less than20 percent of capacity. The problem is not thenetwork, but rather the devices attached to it.The second perspective addresses what can bedone when network performance bottlenecksare removed. A high-performance network

enables a variety of steps to reduce costs andenhance security and business operations. Thefollowing are examples of several such steps.• Server farms. Today, the viability of many

organizations is closely related to their intel-lectual property, often stored on databasesor server devices. The security and protec-tion of these servers has been a major goalof IT managers, who have been at odds withthe users of those servers. The point of con-tention has been the dependence of serverperformance on the network topology. Theresponse has been to move servers withinthe same subnet or Layer 2 switchingdomain as users. With data traffic patternsbecoming more distributed, this approachwas breaking down. The Layer 3 switchallows servers to be centralized with no per-formance penalty, eliminating the cost ofnumerous server repositories while keepingend users satisfied.

• Intranets. Because of its secure nature,along with its higher capacity, the intranet isbecoming a viable corporate communica-tions vehicle with usage that includes HRrecord retrieval, major announcements,computer-based training, and live videobroadcasts. Delivering a wide variety of ser-vices, some requiring a huge amount ofbandwidth, can wreak havoc on the oldrouter. The Layer 3 switch, because of itshigher performance, traffic prioritization,

99

Table 2. Layer 3 Switch vs. Legacy Router

Characteristic Layer 3 Switch Legacy Router

Routes core LAN protocols:IP, IPX, AppleTalk Yes Yes

Subnet definition Layer 2 switch domain Port

Forwarding architecture Hardware Software

RMON support Yes No

Price Low High

Forwarding performance High Low

Policy performance High Low

WAN support No Yes

and subnet preservation, is ideally suited forthe deployment of intranets.

• Converged networks. For some time, tech-nological prognosticators have been extol-ling the virtues of multimedia and warningof the excessive demand it will place on ITinfrastructures. But many network man-agers have been disinclined to integrate theirvoice, video, and data traffic, concerned notonly with the bandwidth requirements, butfearing the degraded quality of the respec-tive elements. The ability to recognize andrespond to the unique attributes of voice,data, and video not only makes their inte-gration viable, but also attractive from a costand management perspective. The inherentflow recognition capabilities of Layer 3switching enable practical deployment ofconverged networks without performanceuncertainties.

Cost Savings

A traditional router may run U.S. $8,000 to$10,000 per Fast Ethernet interface, while aLayer 3 switch costs less than U.S. $1,000 per

port. Surprisingly, greater densities can beachieved with Layer 3 switching, freeing upvaluable rack space and saving on physicalcabling plant expansion. Training costs plum-met, too, as a four- to seven-day legacy routercourse is replaced with a one- or two-day classfor the Layer 3 switch.

Major savings also lie in the ancillaryeffects of applying Layer 3 switching technol-ogy. Cost savings realized through server cen-tralization, notably in physical plant andsecurity, can be substantial, especially whenspace is at a premium. Other, less tangibleeffects include improved response time andconformance with SLAs. Clearly, the overallcost of ownership benefits of Layer 3 switchesversus routers can be substantial.

Case Study

The following application scenario starts witha common contemporary network topologyand illustrates a migration path toward a next-generation infrastructure. The deploymentobjectives are as follows:• To minimize network disruption

1100

Shared hub

Data Center

Department

Client

Internet

FDDI ring

Corporate WAN

Client

Client

Shared hubLegacy

router

Legacy routerLegacy router

Legacy

router

Server

Department

server

Server

Figure 4. Initial Network Configuration

• To preserve subnet infrastructure• To avoid parallel network construction

Initial Network

The network core, shown in Figure 4, consistsof an FDDI backbone running at 20 percentcapacity, occasionally peaking at 40 percent.Collapsed backbone routers are the connec-tion points to the FDDI backbone, with theexception of some data center servers thatattach directly to the backbone. The legacyrouters supply mostly 10 Mbps Ethernetinterfaces, with some 100 Mbps Fast Ethernetinterfaces. Some of these Ethernet interfacesconnect to Layer 2 switches, which then cas-cade to hubs, while others connect to hubsdirectly. A majority of the desktops are shared10 Mbps Ethernet. Some of the servers areswitched. Departments may have their ownserver co-located on a subnet. The network isrunning IP and IPX, with the subnets for bothprotocols aligned with the other. The FDDIring contains one subnet for each protocol,and each router interface also provides a sub-

net for each protocol. Two of the routers ser-vice WAN access: one for corporate networkextension, the other for Internet service.

Phase 1

The first phase (Figure 5) consists of keylegacy router replacement for the data centerand for the most heavily used departments. Ifother legacy protocols such as DECnet orBanyan VINES are present, the Layer 3 switchand the router can be co-located in the wiringcloset or the data center, the Layer 3 switchbecoming the “express lane” for the contem-porary protocols. With the Layer 3 switch inplace, the department and data infrastructurebehind it can then be upgraded to higher-per-formance Layer 2 switches, ultimately bring-ing switched Ethernet to the desktop. Themigration of key departmental servers toserver farms may begin at this point. If thecapacity required for the aggregate client-server flows exceeds that of FDDI, the gradualevolution of the backbone may begin at thispoint, otherwise it will be covered in phase 2.

1111

Shared hub

Shared

hub

Data Center

Department

Client

Internet

FDDI ring

Corporate WAN

Client

Client

Legacy router

Layer 3 switch

Layer 3 switch

Legacy

router

Server

Server

Server

Figure 5. Data Center and Workgroup Upgrades to Layer 3 Switching

Phase 2

The second phase (Figure 6 on page 12) con-tinues the replacement of the routers on theFDDI backbone with Layer 3 switches. Therouters that were servicing the WAN connec-tions remain, but are now removed from thebackbone and connected via Ethernet or FastEthernet to a Layer 3 switch. The migrationof the backbone begins at this stage with thechoice of Gigabit Ethernet or ATM. (Thischoice depends upon a variety of factors,which are beyond the scope of this paper.)The 3Com Layer 3 switching methodology isfundamentally unaffected by the choicebetween Gigabit Ethernet and ATM. In fact,the backbone could very well support both.

Phase 3

The third phase (Figure 7) completes the evo-lution of the backbone, and introduces policyservices into the infrastructure. Such policy,administered by the network manager, mayextend as far as the desktop, enabling network

access and signaling mechanisms for CoS andQoS. With the infrastructure distributed, yetoverlaid with a logical management structure,performance metrics can be tuned and modi-fied, giving greater viability to Service LevelAgreements (SLAs). The legacy backbone hasnow been entirely eliminated and replaced byhigher-performance Gigabit Ethernet, ATM,or both. The new backbone is inherently scal-able and is ready for any future network evo-lution. Though beyond the scope of thispaper, the core network will also become thetermination point for virtual private networks(VPNs) as remote offices access the corporateinfrastructure via the Internet. For more infor-mation on VPNs, see the white paper “PrivateUse of Public Networks,” available atwww.3com.com.

Future Trends

The Layer 3 switching solution does not stophere. Expect more Layer 4 capabilities tobecome available, handling advancements in

1122

Shared hub

Layer 3 switch

Layer 3 switch

Layer 3 switchLayer 3 switch

Layer 2

switch

Data Center

DepartmentClient

Internet

FDDI ring

Corporate WAN

ClientClient

Fast

EthernetGigabit

EthernetLegacy router

Server

Department

server

Server

Figure 6. Backbone Migration Begins

middleware, along with providing more effi-cient Web server load balancing and caching.Directory-enabled networks will radically sim-plify the management paradigm using Layer 3switching as a key delivery mechanism. VPNswill become more tightly coupled with theenterprise, interfacing more closely to theLayer 3 infrastructure. VPNs will have anincreasingly significant role within the corpo-rate intranet, requiring more security capabili-ties in the Layer 3 switch.

Conclusion

With a bit of knowledge, the Layer 3 jungledoesn’t look so bad after all. In fact, Layer 3

switching is the natural evolution of net-working technology and an enabling platformfor next-generation applications. This progres-sion represents the erosion of networkingcomplexity, backed by increasing performanceand decreasing cost. A Layer 3 switch turnsout to be a well-known technology, not someentirely new model. But let the buyer beware.What looks like a true Layer 3 switch may notbe one at all, so it is safest to invest in a prod-uct that was born as a true Layer 3 switch.With the advent of Layer 3 switching, thenetwork is no longer a “Temple of Doom.”Instead, it can fulfill its promise as a key ele-ment of enterprise business success.

1133

Client

Internet

Corporate ATM WAN

Client

Gigabit

Ethernet

Gigabit

Ethernet

Fast

EthernetFast

EthernetVPN

Gigabit

Ethernet

Layer 3

switch

Layer 3

switch

Layer 3 switch

Layer 3 switch

Layer 2 switch

Layer 2 switchLayer 2

switch

Gigabit

Ethernet

Legacy router

Policy server

Remote access server

Department

Client

Department

server

Data CenterServer

Server

Figure 7. Backbone Upgrade Complete; Policy Enabled