A Brief History of Protocol Layering
To fully appreciate Layer 3 switching, it is useful to examine its
ancestry, since many common traits still prevail. Rather than go back to
the stone age of hierarchical networking, we'll begin with the
"modern era" of data communications, a time of peer-to-peer
networking with heterogeneous systems. It is interesting to note that
hierarchical networking—its best example being IBM's Systems Network
Architecture (SNA)—was probably the quintessential—but
immutable—client/server architecture. SNA's formal counterpart, the
International Standards Organization (ISO) Open Systems Interconnect (OSI)
model, which was a seven-element layout, succeeded more as a pedagogical
tool than as an implementation foundation. As a result, many academics,
along with the some rare implementers (Digital Equipment Corporation
with DECnet Phase V) were left in the networking jungle.
Meanwhile, the Internet Protocol (IP) was
enjoying some deployment success, first through the U.S. Department of
Defense's ARPANET—the genesis of the Internet—then into diverse
university communities. IP and its associated higher-layer protocols,
such as User Datagram Protocol (UDP) and Transport Control Protocol
(TCP), were supposed to be supplanted by the OSI protocols, but the
increasing complexity of OSI, exacerbated by a prolonged ratification
process, undermined its prospects. IP continued to be deployed, while
other IP-like protocols such as NetWare's IPX and Apple's AppleTalk were
enjoying their own success. The similarity among IP, IPX, and AppleTalk
is no accident: they share a common lineage through Xerox Network
Systems (XNS), an older but simpler model than OSI.
Effective Information Management
Just as there are many types of jungles, so there are many types of data
networks. And jungles and networks have some striking similarities in
the way they are organized. In the jungle, the parts of the whole are
called ecosystems; in the network, they are called layers. Each
subsystem, or layer, is often quite distinct from others within the same
system or network, but depends upon access to the others for its
survival. Call it the food chain or call it the protocol stack.
Knowledge of layering is crucial for the
strategic and tactical deployment of both networking and information
technology in an organization. Many people view layering as an academic
exercise in which Layer 2 represents switching and Layer 3 represents
routing. Such shortsighted thinking leaves many organizations at the
mercy of the performance constraints of their collapsed backbone
routers. Understanding the capabilities and limits of each layer is the
foundation for information management. Strategic decisions must be made
about application deployment, network scalability, performance, and cost
of ownership. Tactical decisions must be made about which products to
apply as part of an overall solution. This methodology becomes even more
important as voice, video, and data networks continue to converge,
blurring the once clear demarcation between data communications and
telecommunications.
Layering 101
Although this paper is about Layer 3 switching, a quick overview of
layering is needed. Layering schemes provide guidelines, rather than
strict rules, for delegating networking functionality. Figure 1 shows
the basic principles of layering. Elements at the same layer, shown on
the horizontal, are known as peers and communicate via a well-known (and
documented) protocol. Messages are exchanged among peers, the protocol
defining the format, syntax, semantics, and sequencing. Elements within
the same stack, shown on the vertical, communicate via an internal
interface. This interface, though usually not well documented nor
standard, often exhibits the same characteristics as a protocol, the
only difference being that the interface protocol between Layer n and
Layer n+1 on stack 1 may be wholly different from that of stack 2.
Figure 1. Layering Reference Model
As mentioned, communication within one
stack may be different from that within other stacks and entirely
proprietary, but communication between peers in different stacks must be
open and consistent. The notion of open systems has been a major factor
in the growth and operation of the Internet, along with those of
institutional organizations. It is also important to note that an
element at a particular layer may be further broken down into additional
layers. This is most clearly seen with Asynchronous Transfer Mode (ATM)
models. Finally, in certain models, higher layers may share information
with lower layers to either conserve system resources or improve
performance. The Internet Engineering Task Force (IETF) Next-Hop
Resolution Protocol (NHRP) is an example of this intra-layer
communication, allowing Layer 3 "shortcuts." This concept will
be discussed later.
Layer 1
This layer, known as the interface layer, is responsible for device
connectivity. Though usually represented by well-known network
types—Ethernet, Fast Ethernet, Gigabit Ethernet, Token Ring, FDDI,
ATM, SONET/SDH, etc.—Layer 1 also covers the subtypes. For example,
Fast Ethernet provides physical connectivity over copper media
(100BASE-TX) and over fiber media (100BASE-FX). Fiber can be further
divided into multimode or single mode, with single mode further
partitioned based on its "reach," the distance over which it
can transmit. Certain technologies are actually used as a pure Layer 1
element (SONET/SDH) or provide a virtual Layer 1 element (ATM with SONET/SDH).
While the various types of Ethernet are
rather straightforward, FDDI , ATM, and SONET/SDH add more complexity,
while providing extended Layer 1 capabilities such as fault tolerance
and support for physical multiplexing to support distinct traffic flows
such as voice and data. With these added capabilities comes added cost,
and sometimes slower performance.
Layer 2
This layer, known as the switching layer, allows end station addressing
and attachment. Because architectures up to Layer 2 allow end station
connectivity, it is often practical to construct a Layer 2-only network,
providing simple, inexpensive, high-performance connectivity for
hundreds or even thousands of end stations. The past five years have
seen the extraordinary success of the "flat" network
topologies provided by Layer 2 switches connected to other Layer 2
switches or ATM switches.
Layer 2 switching, also called bridging,
forwards packets based on the unique Media Access Control (MAC) address
of each end station. Data packets consist of both infrastructure
content, such as MAC addresses and other information, and end-user
content. At Layer 2, generally no modification is required to packet
infrastructure content when going between like Layer 1 interfaces, like
Ethernet to Fast Ethernet. However, minor changes to infrastructure
content—not end-user data content—may occur when bridging between
unlike types such as FDDI and Ethernet. Either way, processing impact is
minimal and so is configuration complexity.
Layer 2 deployment has seen the most
striking infrastructure change over the past decade. Shared Ethernet,
represented by particular cable types or contained within shared hubs,
offered a very simple, and even more inexpensive, approach for Layer 2.
Though still quite popular, shared technology, where all stations use
the same bandwidth slice, has very limited scaling capabilities.
Depending upon the applications being used, shared networks of more than
one hundred users are becoming less common. Many network designers have
"tiered" their infrastructure by feeding shared Layer 2 into
switched Layer 2 or even Layer 3. Switched Layer 3 apportions each
station—or port—its own dedicated bandwidth segment. Recent
enhancements at Layer 2 provide packet prioritization capabilities for
the application of network policies. The new IEEE 802.1p standard
defines Class of Service (CoS) policies capabilities for Layer 2
segments.
Note that Layer 2 does not ordinarily
extend beyond the corporate boundary. To connect to the Internet usually
requires a router; in other words, scaling a Layer 2 network requires
Layer 3 capabilities.
Layer 3
This layer, known as the routing layer, provides logical partitioning of
subnetworks, scalability, security, and Quality of Service (QoS). QoS, a
recent enhancement to Layer 3, goes beyond the simple packet
prioritization found in CoS by providing bandwidth reservation and
packet delay bounding.
The backbone of the Internet, along with
those of many large organizations, is built upon a Layer 3 foundation.
IP is the premier Layer 3 protocol. In addition to Layer 2 MAC
addresses, each IP packet also contains source and destination IP
addresses. For an intranet packet, one IP address addresses the client,
the other the server.
IP in itself is not a particularly
complex protocol; extensive capabilities are supplied by the other
components of the IP suite. The Domain Name System (DNS) removes the
burden of remembering IP addresses by associating them with real names.
The Dynamic Host Configuration Protocol (DHCP) eases the administration
of IP addresses and is used extensively by network administrators and
Internet service providers (ISPs). Routing protocols such as Open
Shortest Path First (OSPF), Routing Information Protocol (RIP), and
Border Gateway Protocol (BGP) provide information for Layer 3 devices to
direct data traffic to the intended destination. IP Security (IPsec)
furnishes elements necessary for security, such as authentication and
encryption. IP not only allows for user-to-user communication, but also
for efficient dissemination over point-to-multipoint flows, known as IP
Multicast. Higher-layer protocols, discussed later in this paper,
provide even greater versatility for content distribution.
Although many organizations received
tremendous performance advantages by converting routed and shared
networks to Layer 2 switching, it became apparent that some level of
partitioning was still required. Consequently, routers maintained a
presence at many points within a corporate network. For a while this
presented minimal problems, since a majority of the data traffic stayed
local to the subnet, which was increasingly being serviced by a Layer 2
switch. But concurrent with the increasing acceptance of Layer 2
switching as an essential component of network infrastructure were two
other developments: the migration of servers to server farms for
increased security and management of data resources; and the deployment
of intranets, organization-wide client/server communications based on
Web technology. These factors began moving data flows off local subnets
and onto the routed network, where the limitations of router performance
increasingly led to bottlenecks.
With the routers causing information flow
constriction, IT managers became increasingly reluctant to deploy new,
enabling technologies, such as multicast-based applications and
middleware. Even the migration of desktops to higher-performance media
connections, such as 100 Mbps Fast Ethernet, were scrutinized as long as
10 Mbps router interface funnels were in place.
Router vendors attempted to respond by
offering higher-performance interface cards, but throughput was
fundamentally bounded by centralized, software-based architectures that
simply could not go any faster. The same software responsible for
managing WAN links, X.25, and asynchronous terminal lines was now
expected to handle next-generation gigabit networks. Router vendors
tried distributing functionality to improve performance, resulting in a
hodgepodge collection of route processing and interface cards. Was the
device still routing, or was it performing some other packet forwarding
scheme?
Emerging QoS was even more suspect. The
IETF was moving forward on Resource Reservation Protocol (RSVP), a
signaling method to set up bandwidth and delay control on packet-based
internetworks. Monitoring RSVP flows, using a process know as policing,
required extensive software support on already overburdened legacy
routers. Could QoS be practical on a contemporary LAN?
Meanwhile, standards bodies such as the
ATM Forum were working on methods to offload the Layer 3 bottleneck by
exploiting the capabilities of the lower layers. One result was the
Multiprotocol over ATM (MPOA) specification, which uses Layer 3 routing
information and the IETF's NHRP protocol to offload the routers and
provide forwarding at the physical (ATM) layer. A Layer 3 switch can
route at Layer 3 or utilize MPOA; the performance is identical.
Layer 4
This layer, known as the transport layer, is the communication path
between user applications and the network infrastructure and defines the
method of communicating. TCP and UDP are well-known examples of elements
at the transport layer. TCP is a "connection-oriented"
protocol, requiring the establishment of parameters for transmission
prior to the exchange of data. Web technology is based on TCP. UDP is
"connectionless" and requires no connection setup, which is
especially important for multicast flows. Elements at this level also
differ in the amount of error recovery provided and whether or not it is
visible to the user application. Both TCP and UDP are layered on IP,
which has minimal error recovery and detection mechanisms, leaving the
burden at Layer 4 or higher. TCP forces retransmission of data that was
lost by the lower layers, whereas UDP makes the application responsible.
A major enhancement to multimedia support
at Layer 4 is the Real Time Protocol (RTP). RTP works in conjunction
with UDP, and provides services necessary for packet timing and
sequencing. Many time-sensitive applications running over IP networks
now actually include both UDP and RTP.
Layer 5
This layer, known as the application layer, provides access to either
the end user or some type of information repository such as a database
or data warehouse. Users communicate with the application, which in turn
delivers data to the transport layer. Applications do not usually
communicate with the lower layers; rather, they are written to interface
with a specific communication library, like the popular WinSock library
available in Windows-based workstations.
When defining the behavior of the
applications they are writing, developers decide on the type of
transport mechanism necessary. For example, database or Web access
requires robust, error-free access and would demand TCP, though it could
be implemented with more code and in a more cumbersome manner with UDP.
Multimedia, on the other hand, cannot tolerate the overhead of
connection-oriented traffic and will commonly make use of UDP. For
prioritization, either TCP nor UDP can be selected, depending on the
application or other parameters such as time of day. Any assistance that
a network device can provide in terms of prioritization of the
application would be extremely beneficial to the network manager,
particularly during times of traffic volume from the LAN to the WAN.
Enter the Layer 3 Switch
Traditional routers, once the core components of enterprise networks,
became a major obstacle to the migration toward next-generation
networks. All the magic and alchemy involved in trying to make a
software-based router forward packets more quickly created only an
illusion of serious Layer 3 routing performance. A fundamental shift in
technology was required.
In 1992, 3Com, a pioneer in both Layer 2
switching and traditional routing, began integrating its switching and
routing products. The motivation was twofold: to reduce the number of
devices to be managed, and to lower the cost of a combined Layer 2 and 3
solution. Though the first solution was mostly software based,
subsequent products displayed increasing use of application specific
integrated circuits (ASICs)—first for address table queries, then for
forwarding packets. In 1997, 3Com delivered its third-generation, fully
ASIC-enabled Layer 3 CoreBuilder™ 3500 switch, based on the Flexible
Intelligent Routing Engine (FIRE) ASIC. For more information on FIRE,
see the white paper "Flexible Intelligent Routing Engine (FIRE):
The Third-Generation Layer 3 Switching Architecture from 3Com,"
available at www.3com.com. Table 1 shows 3Com's Layer 3 switching
product evolution.
