Wednesday, April 25, 2012

Layer 2 Switches & Layer 3 switches


What is the basic difference between layer 2 & layer 3 switches? We often hear of these two terms and try to distinguish them, which one is better for building our network.

To be simple, Layer 3 switches route packets based on IP, layer 2 by MAC. Both switch types have the capability of linking network devices together from one port to another. Unlike hubs, switches distribute data more intelligently as it interprets them and sends it out to the right destination.

Layer 2 and Layer 3 terms come from the OSI seven Layer model (a theoretical way of dividing network architecture up with functionality, service, dependence and application). Within the model, Layer 2 represents the “Data Link Layer” while Layer 3 represents the “Network Layer”.

Layer 2 switches have the capability of moving packets around a single network. As the reference to the OSI Layer holds true, this switch facilitates data only (and) within the physical layer (also known as Layer 1 e.g. cables and connectors). It is intelligent enough to learn the MAC addresses of each device, source/ destination of each packet and routes each packet within the single domain (at wire speed). While it breaks up a collision domain, it does not have the ability to transport the data packet from one network to another nor can it prioritize packets to guarantee bandwidth. Putting devices on a Layer 2 switch makes one entire large local segment (or what some people might call a “broadcast domain”).

Layer 3 switches act like a traditional router – it enables different network segments to be linked together. With this, data can be inter-networked from one network subnet to another. Prioritization of packets can be setup and the Layer 3 switch is intelligent enough to learn which routes are the best between the networks. While the Layer 2 switch routes packets based on MAC, Layer 3 switches route data packets based on IP. Going a step further, Layer 3 switches have the capability to logically separate networks into two or more VLANs (Virtual LANs), enhancing security and unauthorized access between networks. A Layer 3 switch typically sits above Layer 2 switches and governs the routes/ access between the different networks.

An example of this would be within a water treatment facility. Being a big treatment plant, each separate department (Clorination, Aeration, Distillation, Filtration, Waste Generation etc.) is split up into smaller/mini networks. Each mini network (consisting of PLC, I/O modules, monitors, sensors, HVAC, Historian stations and more) is controlled by its own Layer 2 switch. As all departments need the ability to synchronize, coordinate and share data with each other to perform the relevant operations, there needs to be a device that allows each data to move from one department’s network to another. That is where the Layer 3 switch comes in. All Layer 2 switches essentially converges to the Layer 3 switch facilitating inter-network data transport with the ability to prioritize packets, allow/ limit access to certain networks at any given time.

Which switch?
Small networks can be built using just Layer 2 devices, but most corporate networks will have a mix of Layer 2 and Layer 3 switches. Dumb Layer 2 products are a cheap and easy way of providing connectivity to workgroups while more intelligent Layer 3 switches enable departmental networks to be segmented and controlled with no loss of bandwidth.

Finally, it's worth noting that some switch vendors claim to support Layer 4 (the Transport Layer) and above. Load balancing switches, for example, use information beyond Layer 3 to distribute packets across large server farms. However, there's blurring of the levels in these more sophisticated products such that it's now more usual to refer to them as multi-level switches. Multi-level switches are more expensive and complicated to deploy and mostly reserved for specialist applications.

More Notes:
The Cisco Catalyst 2950, Cisco 2960 series are typical examples of Layer 2 switches. The Cisco Catalyst 3550, 3560, 3750, 4500, 6500 series would be good examples of Layer 3 switches.

Sunday, April 15, 2012

The Benefits of Cisco VoIP


VoIP and IP telephony are becoming increasingly popular with large corporations and consumers alike. For many people, Internet Protocol (IP) is more than just a way to transport data, it's also a tool that simplifies and streamlines a wide range of business applications. Telephony is the most obvious example. VoIP—or voice over IP—is also the foundation for more advanced unified communications applications—including Web and video conferencing—that can transform the way you do business.

What is VoIP? Useful Terms help you learn the potential of this technology
VoIP refers to a way to carry phone calls over an IP data network, whether on the Internet or your own internal network. A primary attraction of VoIP is its ability to help reduce expenses because telephone calls travel over the data network rather than the phone company's network.
IP telephony encompasses the full suite of VoIP enabled services including the interconnection of phones for communications; related services such as billing and dialing plans; and basic features such as conferencing, transfer, forward, and hold. These services might previously have been provided by a PBX.
IP communications includes business applications that enhance communications to enable features such as unified messaging, integrated contact centers, and rich-media conferencing with voice, data, and video.
Unified communications takes IP communications a step further by using such technologies as Session Initiation Protocol (SIP) and presence along with mobility solutions to unify and simply all forms of communications, independent of location, time, or device.

What is VoIP: Service Quality
Public Internet phone calling uses the Internet for connecting phone calls, especially for consumers. But most businesses are using IP telephony across their own managed private networks because it allows them to better handle security and service quality. Using their own networks, companies have more control in ensuring that voice quality is as good as, if not better than, the services they would have previously experienced with their traditional phone system.

The Benefits of Cisco VoIP
Cisco VoIP phones or voice clarity of definition is valuable in a business is supreme, than the traditional phone system. Typically, when your business depends on customer calls your company, boost call quality higher than all else, customer support representatives and the signal quality is most valuable to complete the call you are in succession the business profit.

But there is more and more use of Cisco VoIP call routing, and from the company’s management, not just the support side. In order to distinguish the company’s management side, can you imagine the support, as agent to receive calls from customers. Whether customers want, the agent should be able to clearly hear it and respond accordingly.

The management side of the company includes the clerks who ԁο the accounting or the company, the secretaries who receive incoming calls from prospective clients, etc. People who own and run companies are result out the compensation of Cisco VOIP as opposed to even using the traditional PABX system.

Even if the PABX or the Private Automatic Branch Exchange handles all incoming and outgoing calls going to most of the company departments, an increasing number of companies are using a fusion system of VOIP and the traditional PABX in handling both calls to and from the departments and to/from the support side.

The largest difference to using the VOIP is the clarity of the voice and the efficiency of the system that it uses. While it is right that you subdue use internet bandwidth when using VOIP, advancements in the field of data compression allows a total lot more voice channels to be integrated into a data channel that comprises just one ordinary telephone line. This means that if you manage to compress up to 7 to 10 real voice data channels in your internet DSL line, this is equivalent to having up to 10 people talk to each other using just one ordinary telephone line.

Not only that, while you are able to compress the voice data in real time using the same internet that everybody is using, you are subdue able to use the rest of the internet for other uses, like managing your web application for the Cisco VOIP that you are using, search for answer to the question that the customer gave to you or even follow up on customers who you have to call back and more.

The chief advantage of using Cisco VoIP is the huge number of voice data channels that you can use over ordinary telephone lines. This is coupled with the fact that the VOIP is also backward unified to the traditional telephone systems so that you can also call anyone, anywhere in world in real time.

With the proliferation of Voice over IP (VoIP) telephone technologies, Cisco IP Phones have become a popular choice because of an extensive selection of models covering a wide range of needs. While they employ features specific to the Cisco VoIP servers, these phones can also be used with "open source" VoIP technologies. So you can visit Cisco’s official site to see Cisco IP Phones VoIP

Tuesday, April 10, 2012

Cisco's First Generation ISR Routers, Familiar to Cisco Users


Cisco's original Integrated Services Routers, with more than 6M products in operation, are the industry's most popular solution for small to medium-sized businesses and enterprises with branch offices to achieve high-performance, secure, and reliable access to strategic applications. Progent's CCIE network engineers are proven experts at providing online design, management, and problem solving services for Cisco 1800, 2800, and 3800 family ISR routers. Progent can assist your company to move up to the latest release of Cisco IOS Software with minimal disruption to your network, assess the security vulnerability of your existing router configuration, and assist you to migrate efficiently to the latest releases of Cisco ISR Generation 2 routers when it makes competitive sense for your company.

Cisco 1800 Integrated Services Routers
The modular Cisco 1800 family of routers incorporate data and protection within one resilient system for high-speed, scalable connectivity with strategic business programs. The Cisco 1800 Series router design has been specifically engineered to satisfy the requirements of small-to-medium-sized businesses (SMBs), branch offices, and ISP-managed services environments for delivery of simultaneous services at high speed. The integrated secure systems design of the Cisco 1800 Series routers offers optimum flexibility and fast ROI.

The Cisco 1841 router offers important benefits compared to older generations of Cisco 1700 Series devices by bringing more than a 5x performance increase and built-in hardware-based encryption enabled by an available Cisco IOS Software protection image. The Cisco 1841 router dramatically increases plug-in card slot performance as well as capacity over the 1700 Series routers while providing compatibility with over 30 available WAN interface cards (WICs) and multiflex trunk cards (VWICs-for data only). The Cisco 1841 device provides further enhancement of Virtual Private Network speed with an optional Virtual Private Network acceleration module; an intrusion prevention system (IPS) and firewall capabilities; support for a broad range of interface needs, such as support for optional switch ports; and sufficient performance and slot capacity for future network expansion and advanced applications.

Cisco 2800 Series Routers
Targeted at small to medium-sized businesses (SMBs) and corporate branch offices, Cisco's 2800 Series comprises several basic versions: the 2801, the 2811, the Cisco 2821, and the 2851. Cisco's 2800 Series routers offer substantial added value compared to prior generations of Cisco devices at comparable prices by offering as much as a fivefold throughput improvement, up to a tenfold increase in protection and voice performance, built-in service features, and radically enhanced slot speed and capacity while maintaining compatibility with the vast majority of the almost 100 popular expansion modules available currently for the 1700, the Cisco 2600 Series, and the Cisco 3700 routers.

Cisco's 2800 Series router provides a range of common protection functions such as a Cisco IOS Software Firewall, intrusion prevention, IP security VPN, Secure Sockets Layer (SSL) VPN, advanced application inspection and control, Secure Shell (SSH) Protocol V 2.0, and SNMPv3 in a single protected solution. Also, by incorporating security functions within the router, Cisco can enable unique intelligent protection functions other security appliances cannot, such as network admissions control (NAC) for virus protection; Voice and Video Enabled VPN for QoS enforcement when mixing voice, video, and Virtual Private Networks; Dynamic Multipoint VPN (DMVPN); Group Encrypted Transport; and Easy VPN for enabling more expandable and easier to manage VPN environments.

Businesses can utilize the 2800 Series to deploy an integrated IP telephony solution for up to 96 IP phones, and can securely combine data, voice, and IP telephony on a single router for their small-to-medium sized satellite offices.

The Cisco 2800 Series router incorporates an integrated access point for wireless LAN access, Wi-Fi Hotspot services for shared public wireless LANs, and network services for cordless wireless LAN telephony and for larger locations.

Cisco 3800 Series ISR Routers
Cisco 3800 Series routers are engineered for small and midsize businesses (SMBs) and enterprise branch locations to offer businesses the highest degree of network agility, performance, and functionality. The Cisco 3800 Series integrated services routers smoothly integrate advanced network engineering, smart services, and protected corporate communications into one resilient system. The Cisco 3800 Series routers ease deployment and management, lower network cost and complexity, and provide investment protection. The Cisco 3800 Series integrated services routers feature embedded security processing, fast throughput and high memory capacity, and high-capacity interfaces that deliver the speed, resilience, and reliability required for scaling business-critical protection, IP telephony, high-volume video, system analysis, and web-based applications in the most demanding corporate environments. Built for speed, the 3800 Series integrated services routers provide multiple simultaneous services as fast as wired T3/E3 rates.

The integrated services routing technology of the 3800 Series router is built to integrate protection and voice handling with the latest wired and wireless services for rapid installation of new applications, including application layer functions, intelligent network services, and converged communications. The 3800 integrated services router supports the bandwidth demands of several Fast Ethernet interfaces for every slot, time-division multiplexing (TDM) connections, and integrated power sourcing to expansion modules compatible with 802.3af Power over Ethernet, while still supporting the traditional portfolio of interfaces. This ensures ongoing return on investment by allowing network expansion or accommodating changes in technology as the latest services are added. By integrating the capabilities of several separate appliances into one compact unit, the 3800 router significantly lowers the cost and complexity of administering remote networks. 

Friday, April 6, 2012

Network Switch Types and LAN Switching


A switch is a telecommunication device which receives a message from any device connected to it and then transmits the message only to that device for which the message was meant. It plays an integral part in most modern Ethernet Local Area Networks (LANs). Network switch represents the features and technologies that can be used to respond to the requirements in emerging network design. Some basic operations and technologies of switches are as follows:
Fast Convergence: Switches stipulate that the network must adapt quickly to network topology changes.
Deterministic Paths: Switches provide desirability of a given path to a destination for certain applications or user groups.
Deterministic Failover: Switches specify that a mechanism be in place to ensure that the network is operational all the times.
Scalable Size and Throughput: Switches provide the infrastructure that must handle the increased traffic demands.
Centralized Applications: Switches dictate that the centralized applications be available to support most or all users on the network.
The New 20/80 Rule: This feature of the switches focus on the shift in traditional traffic patterns.
Multiprotocol Support: Switches support multiprotocol environment for the campus network.
Multicasting: Switches support IP multicast traffic in addition to IP unicast traffic for the campus network.

Before delving into the different switching technologies, the user must understand the functions performed within the different OSI reference model layers to understand how both routers and switches inter-operate and how the different switching technologies work.

The different OSI reference model layers and the functions that each layer performs are summarized below:
Application Layer–provides communication services to applications, file and print services, application services, database services, and message services.
Presentation Layer–presents data to the Application layer, defines frame formats, provides data encryption and decryption and compression and decompression.
Session Layer–defines how sessions between nodes are established, maintained, and terminated and controls communication and coordinates communication between nodes.
Transport Layer–provides end-to-end data transport services.
Network Layer–transmits packets from the source network to the specified destination network and defines end-to-end packet delivery, end-to-end error detection, routing functions, fragmentation, packet switching, and packet sequence control.
Data-Link Layer–translates messages into bits for the Physical layer to transmit and formats messages into data frames.
Physical Layerdeals with the sending and the receiving of bits and with the actual physical connection between the computer and the network medium.

Data encapsulation is the process whereby the information in a protocol is wrapped within another protocol’s data section. When a layer of the OSI reference model receives data, the layer places this data behind its header and before its trailer, and thus encapsulates the higher layer’s data. In short, each layer encapsulates the layer directly over it when data moves through the protocol stack. Since the Physical layer does not use headers and trailers, no data encapsulation is performed at this layer.

Each OSI reference model layer exchanges Protocol Data Units (PDUs). The PDUs are added to the data at each OSI reference model layer.

Each layer that adds PDUs to data has a unique name for that specific protocol data unit:
  • Transport layer = segment
  • Network layer = packet
  • Data Link layer = frame
  • Physical layer = bits

The data encapsulation process is illustrated below:
1. The user creates the data.
2. At the Transport layer, data is changed into segments.
3. At the Network layer, segments are changed into packets or datagrams and routing information is appended to the protocol data unit.
4. At the Data Link layer, the packets or datagrams are changed to frames.
5. At the Physical layer, the frames are changed into bits – 1s and 0s are encoded in the digital signal and are then transmitted.

Layer 2 Switching Overview
While an Ethernet switch utilizes the same logic as a transparent bridge, switches use hardware to learn addresses to make filtering and forwarding decisions. Bridges, on the other hand, utilize software running on general purpose processors. Switches provide more features and functions when compared to bridges. Switches have more physical ports as well.

The basic forward and filter logic that a switch uses is illustrated here:
1. The frame is received.
2. When the destination is a unicast address, the address exists in the address table, and the interface is not the same interface where the frame was received, the frame is forwarded.
3. When the destination is a unicast address and the address does not exist in the address table, the frame is forwarded out on all ports.
4. When the destination is a broadcast or multi-cast address, the frame is forwarded out on all ports.

Switches utilize application specific integrated circuits (ASICs) to create filter tables and to maintain these tables’ content. Because Layer 2 switches do not utilize and reference Network layer header information, they are faster than both bridges and routers. Layer 2 switching is hardware based. The Media Access Control (MAC) address of the host’s network interface cards (NICs) filters the network.

In short, switches use the frame’s hardware addresses to determine whether the frame would be forwarded or dropped. Layer 2 switching does not change the data packet, only the frame encapsulating the packet is read! This basically makes switching a faster process than the routing process.

The primary differences between bridges and Layer 2 switches are listed here:
  • Bridges utilize software running on general purpose processors to make decisions, which essentially makes bridges software based. Switches use hardware to learn addresses and to make filtering and forwarding decisions.
  • For each bridge, only one spanning-tree instance can exist. Switches, on the other hand, can have multiple spanning-tree instances.
  • The maximum ports allowed for bridges are 16. One switch can have hundreds of ports.

A few Layer 2 switching benefits include:
  • Low cost
  • Hardware-based bridging
  • High speed
  • Wire speed
  • Low latency
  • Increases bandwidth for each user

There are a few limitations associated with Layer 2 switching. Broadcasts and multicasts can cause issues when the network expands. Another issue is the slow convergence time of the Spanning-Tree Protocol (SPT). Collision domains also have to be broken up correctly.

Switch Functions Associated with Layer 2 Switching
Layer 2 switching has three main functions:
  • Address learning: Layer 2 switches use a MAC database known as the MAC forward/filter table to create and maintain information on which interfaces the sending devices are located on. The forward/filter table contains information on the source hardware address of each frame received. The MAC forward/filter table contains no information when a Layer 2 switch starts for the first time. When a frame is received, the switch examines the frame’s source address and adds this information to the MAC forward/filter table. Because the switch does not know where the device is located that the frame should be sent to, the switch floods the network with the frame. When a device responds by returning a frame, the switch adds the MAC address from that particular frame to the MAC forward/filter table as well. Next, the two devices establish a point-to-point connection and the frame are forwarded between the two.
  • Making forwarding and filtering decisions: When a frame is received on a switch interface, the switch examines the frame’s destination hardware address then compares this address to the information contained within the MAC forward/filter table:
    • If the destination hardware address is listed in the MAC forward/filter table, the frame is forwarded out the correct exit or destination interface. Bandwidth on the other network segments is preserved because the correct destination interface is used. This concept is known as frame filtering.
    • If the destination hardware address is not listed in the MAC forward/filter table, the frame is flooded out all active interfaces, but not on the specific interface on which the frame was received. When a device responds by returning a frame, the switch adds the MAC address from that particular frame to the MAC forward/filter table. Next, the two devices establish a point-to- point connection and the frame is forwarded between the two.
    • If a server transmits a broadcast on the LAN, the switch floods the frame out all its ports by default.
  • Ensuring loop avoidance: Network loops can typically occur when there are numerous connections between switches. Multiple connections between switches are usually created to allow redundancy. To prevent network loops from occurring and to still maintain redundant links between switches, the Spanning-Tree Protocol (STP) can be used.

The common problems caused by creating redundant links between switches are listed here:
  • While redundant links between routers can provide a few features, remember that frames can in fact be broadcast from all redundant links at the same time. This could possibly result in the creation of network loops.
  • Because frames can be received from a number of segments simultaneously, devices can end up receiving multiple copies of the exact frame. This results in additional network overhead.
  • When no loop avoidance mechanisms are used, a broadcast storm can occur. Broadcast storms occur when switches flood broadcasts continuously all over the internetwork.
  • The user could end up with multiple loops generating all over an internetwork – loops are being created within other loops! This could result in no switching being performed on the network.
  • The MAC forward/filter table’s data could become ineffective when switches can receive a frame from multiple links. This is typically due to the table not being able to establish the device’s location.
  • Switches can also end up continuously adding source hardware address information to the MAC forward/filter table, to the point that the switch no longer sends frames.

Routing Overview
While routers and Layer 3 switches can be considered similar in concept, their design differs. Before discussing Layer 3 switching, some important factors on routing and routers will e summarized.

Routers operate at the Network layer of the OSI reference model to route data to remote destination networks. Routers use Layer 3 headers and logic to route packets. Routers use Routing table information that contains information on how the remote destination networks can be reached to make routing decisions. Cisco routers maintain a Routing table for each network protocol. Using routers can be considered a better option than using bridges. While bridges filter by MAC address, routers filter by IP address. Bridges forward a packet to all segments that it is connected to. Routers, on the other hand, only forward the packet to the particular network segment that the packet is intended for. The default configuration is that the router does not forward broadcasts and multicast frames.

A few benefits of routing are listed here:
  • Routers do not forward broadcasts and multicasts, thereby decreasing the impact of broadcasts/multicasts. Routers tend to contain broadcasts to localized broadcast domains. They do not forward broadcasts like switches and bridges do.
  • Routers perform optimal path determination. Each packet is checked and the router only forwards the packet to the particular network segment for which it is intended.
  • The routing protocol configured on the router, path metrics, source service access points (SSAPs), and destination service access points (DSAPs) are utilized to make these informed routing decisions.
  • Routers provide traffic management and security.
  • Logical Layer 3 addressing is another benefit.

Overview on Layer 3 Switching
As mentioned previously, the main difference between Layer 3 switches and routers is the physical design. Other than this, routers and Layer 3 switches perform similar functions. Layer 3 switches can be placed anywhere in the network to process high performance LAN traffic. In fact, Layer 3 switches can replace routers.
The main functions of Layer 3 switches are listed here:
  • Use logical addressing to determine the paths to destination networks.
  • Layer 3 switches can provide security.
  • Layer 3 switches can also be used to add Management Information Base (MIB) information to Simple Network Management Protocol (SNMP) managers.
  • Layer 3 switches can use Time to Live (TTL).
  • They can respond to and process any option information.
A few benefits of Layer 3 switching include:
  • High performance packet switching.
  • Hardware based packet forwarding occurs.
  • High speed scalability.
  • Low cost and low latency.
  • Provides security.
  • Flow accounting capabilities.
  • Quality of service (QoS).

Layer 4 Switching
Layer 4 switching is a Layer 3 hardware based switching technology that can also provide routing over Layer 3. Layer 4 switching works by taking into account the application that was used. Layer 4 switching examines the port numbers contained within the Transport layer header to make routing decisions. The ports in the Transport layer header pertain to the upper layer protocol or application and are defined in Request for Comments (RFC) 1700.

The characteristics of Layer 4 switching are listed here:
  • A Layer 4 switch has to maintain a larger filter table than the table Layer 3 and Layer 2 switches maintain.
  • A Layer 4 switch can be configured to prioritize certain data traffic based on application. This basically allows users to specify QoS for users.

Quick Look at Multi-Layer Switching (MLS)
Multi-layer switching (MLS) is the terminology used to describe the technology whereby Layer 2, Layer 3, and Layer 4 switching technologies are combined. Multi-layer switching (MLS) works on the concept of routing one and switching many.
Multi-layer switching can make routing decisions with the following:
  • The MAC source and MAC destination address within a Data Link frame.
  • The IP source address and IP destination address within the Network layer header.
  • The protocol defined within the Network layer.
  • The port source number and port destination number specified in the Transport layer header.

The features of Multi-Layer Switching (MLS) are summarized below:
  • High speed scalability
  • Low latency
  • Provide Layer 3 routing
  • Transport traffic at wire speed

To read the information in the packet header, the Cisco Catalyst switches need certain hardware:
  • To obtain packet header information and cache the information, Catalyst 5000 switches need the NetFlow Feature Card (NFFC).
  • To obtain packet header information and cache the information, Catalyst 6000 switches need the Multilayer Switch Feature Card (MSFC) and the Policy Feature Card (PFC).

The Cisco MLS implementation requires te following components:
  • Multilayer Switching Switch Engine (MLS-SE) – this is a switch that deals with moving and rewriting the packets.
  • Multilayer Switching Route Processor (MLS-RP) – an MLS capable router or an RSM, RSFC, MSFC that transmits MLS configuration information and updates.
  • Multilayer Switching Protocol (MLSP) – the protocol that operates between the MLS-SE and MLS-RP to enable multilayer switching.

Cisco Catalyst Switches Overview: Cisco Catalyst & Cisco Catalyst Switches