Layer 3 Switches

Discussion in 'Networking, Telephony & Internet' started by Virtuoso X, May 1, 2012.

  1. Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    hi guys
    wanted to know a few things about 'layer 3 switches' and how they exactly work(call me old fashion)
    Switch im talking about is a Cisco SG300-10 (http://www.cisco.com/en/US/products/ps10898/prod_models_comparison.html third one down)
    i wanted to know in layer 3, does the switch have to be connected to a router to have internet access or can the L3 Switch just be directly connected to the modem that supplies the internet (in this case DPQ3212 which has one ethernet port) to supply internet to the clients attached to the switch

    since its layer 3/ 2 i assume this will work? since a router does the same working in the same layers

    thanks!
     
    Last edited: May 1, 2012
  2. cacaw

    cacaw Member

    Joined:
    Aug 22, 2010
    Messages:
    46
    Location:
    Australia
    Taken from:

    https://learningnetwork.cisco.com/thread/10642

    If you intend to use L3 switching for your internet egress/ingress traffic, this is overkill, unless of course you have upwards of gigabit connections (we have 40gbps at work). Routers are more than capable of routing packets at wirespeed under these conditions. L3 switching is primarily used to switch packets between VLANs with different subnets within an organisation LAN environment.

    Someone can correct me if I am wrong.

    EDIT: CEF = Cisco Express Forwarding
     
    Last edited: May 1, 2012
  3. biatch

    biatch Member

    Joined:
    Jun 18, 2002
    Messages:
    1,679
    Location:
    North Brisbane
    The L3 switch won't NAT, so yes you'll still need a router behind the modem.

    Unless the DPQ3212 has some router functionality but a quick google suggested that it's a straight modem.
     
  4. ltd73

    ltd73 Member

    Joined:
    Apr 14, 2005
    Messages:
    1,724
    [note: i 'make' switches for a living]

    a L2 switch switches on ethernet frames - forwarding on destination mac-address and flooding any unknowns.

    L3 is where IP is at. a L3 switch forwards based on IP addresses, i.e. the same as what a 'router' does.
    the differences between a 'L3 switch' and a 'router' are that the latter is typically forwarding in software, so its much much slower, typically orders of magnitude more limited in performance.
    A L3 switch is superior in performance but that comes at a price. The 'price' is not the $$$ it costs but rather that its likely its logic for forwarding is baked into silicon and can never be changed or upgraded. It can never do more than what the underlying logic can do.

    To give you an example, lets say you bought your L3 switch in 1990, well before L3 switching of IPv6 existed. Lets say you bought a crappy cisco c2501 router at the same time.
    The c2501 could have been upgraded in the meantime with software to make it capable of routing IPv6. The L3 switch could not.


    2nd post is not correct in terms of "CEF", thats just marketing from a certain vendor. ultimately what is going on is something that obeys the rules of IP forwarding, i.e. longest-prefix-match first.
     
  5. OP
    OP
    Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    thanks for all the info! very informative.
     
  6. shift

    shift Member

    Joined:
    Jul 28, 2001
    Messages:
    2,929
    Location:
    Hillcrest, Logan
    A layer 3 switch will do quite complicated routing; but probably won't do PPPOE or NAT which would be required for most consumer Internet connections.
     
  7. OP
    OP
    Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    I understand now that layer 3 is better designed for 'inward routing' rather than outward, i assumed that because a router also functions on layer 3 the l3 switch would be able to do the same, using the same procedure, but unfortunately not.
    Nonetheless a L3 switch would be great replacement to experiment with in my lab.
     
  8. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    I want a switch that makes coffee, ltd get to it.
     
  9. shift

    shift Member

    Joined:
    Jul 28, 2001
    Messages:
    2,929
    Location:
    Hillcrest, Logan
    They can do great for 'outward' routing on a non-consumer connection as well, because they generally handle BGP.

    It's just the mostly "consumery" stuff they don't handle (and generally aren't priced for).
     
  10. OP
    OP
    Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    thanks shift!
     
  11. ltd73

    ltd73 Member

    Joined:
    Apr 14, 2005
    Messages:
    1,724
    ok!

    Code:
    $ ssh ltd@203.9.111.10
    Password: 
    Last login: Tue May  1 05:05:09 2012 from 203.9.111.27
    switch>en
    switch#copy ?
      boot-extensions       Copy boot extensions configuration
      extension:            Source file path
      file:                 Source file path
      flash:                Source file path
      ftp:                  Source file path
      http:                 Source file path
      https:                Source file path
      installed-extensions  Copy installed extensions status
      running-config        Copy from current system configuration
      scp:                  Source file path
      sftp:                 Source file path
      startup-config        Copy from startup configuration
      system:               Source file path
      tftp:                 Source file path
    
    switch#copy [url]ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/updates/14/i386/kaffeine-1.2.2-1.fc14.i686.rpm[/url] ?
      boot-extensions  Copy to boot extensions configuration
      extension:       Destination file path
      file:            Destination file path
      flash:           Destination file path
      ftp:             Destination file path
      http:            Destination file path
      https:           Destination file path
      running-config   Update (merge with) current system configuration
      scp:             Destination file path
      sftp:            Destination file path
      startup-config   Copy to startup configuration
      system:          Destination file path
      tftp:            Destination file path
    
    switch#copy [url]ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/updates/14/i386/kaffeine-1.2.2-1.fc14.i686.rpm[/url] extension:
    switch#                                                                                                                                                   
    switch#show extensions 
    Name                                       Version/Release           Status RPMs
    ------------------------------------------ ------------------------- ------ ----
    kaffeine-1.2.2-1.fc14.i686.rpm             1.2.2/1.fc14              A, NI     1
    
    A: available | NA: not available | I: installed | NI: not installed | F: forced
    switch#exte
    switch#extension ?
      kaffeine-1.2.2-1.fc14.i686.rpm  NI
    
    switch#extension kaffeine-1.2.2-1.fc14.i686.rpm 
    % Error installing kaffeine-1.2.2-1.fc14.i686.rpm: RPM install error: Transaction check failed: kdebase-runtime is needed by kaffeine-1.2.2-1.fc14.i686
    kdelibs4 >= 4.6.3 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtCore.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtDBus.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtGui.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtNetwork.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtSql.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtSvg.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libQtXml.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libX11.so.6 is needed by kaffeine-1.2.2-1.fc14.i686
    libXss.so.1 is needed by kaffeine-1.2.2-1.fc14.i686
    libkdecore.so.5 is needed by kaffeine-1.2.2-1.fc14.i686
    libkdeui.so.5 is needed by kaffeine-1.2.2-1.fc14.i686
    libkfile.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libkio.so.5 is needed by kaffeine-1.2.2-1.fc14.i686
    libsolid.so.4 is needed by kaffeine-1.2.2-1.fc14.i686
    libxine.so.1 is needed by kaffeine-1.2.2-1.fc14.i686
    
    switch#extension kaffeine-1.2.2-1.fc14.i686.rpm force
    switch# 
    switch#show extensions 
    Name                                       Version/Release           Status RPMs
    ------------------------------------------ ------------------------- ------ ----
    kaffeine-1.2.2-1.fc14.i686.rpm             1.2.2/1.fc14              A, F      1
    
    A: available | NA: not available | I: installed | NI: not installed | F: forced
    
    switch#bash sudo rpm -qa | grep kaf
    kaffeine-1.2.2-1.fc14.i686
    
    switch#bash sudo su
    bash-4.1# kaffeine
    kaffeine: error while loading shared libraries: libQtSql.so.4: cannot open shared object file: No such file or directory
     
  12. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    Much better... and to think people wonder why you pay so much for support contracts.
     
  13. OP
    OP
    Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    haha Lol :D
     
  14. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    9,874
    Location:
    Canberra
    why do people keep bring up NAT as a thing L3 switches cant do, NAT's just a table, inside local, outside local, inside global, outside global. Infact NAT is one thing that would quite easily fit into a hardware table, much like ACL's.
     
  15. OP
    OP
    Virtuoso X

    Virtuoso X Member

    Joined:
    Jul 22, 2010
    Messages:
    305
    Location:
    Melbourne
    i believe the L3 switch is capable of doing NAT within a VLAN environment correct me if im wrong.
     
  16. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    9,874
    Location:
    Canberra
    I believe a layer 3 switch can do anything that you can do in fixed function hardware at wire rate
     
  17. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    would prefer they just made coffee
     
  18. GooSE

    GooSE New Member

    Joined:
    Jun 26, 2001
    Messages:
    6,679
    Location:
    Sydney
    I believe Cisco switches do NAT if you have a firewall linecard installed.
     
  19. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    9,874
    Location:
    Canberra
    i know a 6500 can do nat without one, but it seems people are missing the point, reread what LTD said ;)

    SUP 2T improves on this

     
    Last edited: May 1, 2012
  20. geniesis

    geniesis Member

    Joined:
    Aug 27, 2007
    Messages:
    190
    I've only seen NAT in Cisco Cat6500 switches. It's probably because the Silicon required for such a functionality outweighs the benefit of having the feature in the entire product line.

    Generally speaking, NAT is really only used at the very edge of your network to get your organization out to the Internet. In that respect, you would generally have a Firewall device of some software like Cisco ASA, or Juniper SRX or Fortigate or similar at the edge which will perform Firewall and NAT functionality.

    NAT requires a lot of lookups and connection monitoring, including L7 inspection and rewrites in order to allow you to have for instance the ability to get Active FTP sessions in your network.

    Hence, the logic required in the switch would be quite complex. Also note that Switches have very low CPU grunt as everything is done in hardware.

    As for how L3 switches route. Think about the switch as two devices. A L2 switch and a Router. The router has "virtual interfaces" called Vlans (for simplicity i'm ignoring routed interfaces) instead of physical ones. When a packet is destined for the default gw which would be the IP address on the VLAN, the switch will pass the packet to the "router" instance to be routed. The router will make a routing decision and forward the packet to the correct vlan interface. The L2 switch then takes over in switching the packet onto the correct wire. This is one way to imagine how packets get from one network to another. How it does this in hardware is a little different, but the concept stays more or less the same.

    Now, in Cisco land there is a jargon called CEF. Other vendors have their own jargon for it. Essentially it's a "shortcut". It basically does this. Instead of the CPU being involved every time a packet needs to be routed. What if we created some specialized silicon that can perform L2 rewrites (That is change the mac address) based on a table in memory. This means that all the CPU now needs to do is keep that table in memory up to date with correct mac and IP address data. Now there are several tables kept in memory, but they are the FIB and adjacency tables. These tables provide the hardware silicon with enough data on what to rewrite the mac address with and what interface it needs to be sent out of.

    With CEF, it allows a L3 switch to perform routing at wire-speed and hence why they call it L3 switching.

    As you can also see, this is heavily dependant on silicon and hence, features like NAT, MPLS, etc.. would actually need to be implemented in silicon to work. So if there is no demand for that feature, then the vendor isn't going to spend money on it.

    If the reason for requiring NAT is to support a multi-vendor network with high-speed requirements. The only network that comes to mind is a stock exchange network. It would probably be better to either get the vendor to NAT themselves, freeing you of the hassle, or utilize VRF's to separate clashing subnets.
     

Share This Page