The switching technology is a type of data forwarding technology emerged along with the switching equipment. It is primarily divided into types: L2 switching technology and L3 switching technology.

As a traditional switching technology, the L2 switching technology requires the switch to maintain a hardware forwarding table, including MAC address and port. Upon receiving a data packet, the switch queries the hardware forwarding table according to the destination MAC address of the packet, and forwards the packet at wire speed based on the corresponding port after matching the destination MAC address.

In contrast, the L3 switching requires the switch to maintain a hardware forwarding table that includes the destination IP address and the next hop MAC address as a minimum. When receiving a data packet ,the switch queries the hardware forwarding table according to the destination IP address information contained in the data packet, finds the relevant table entry and then performs data forwarding. Hardware chip or high-speed cache is used to achieve wire speed.

Typical L3 Switching Technologies

1. One routing and multiple switching

Operating mechanism: The CPU implements L3 routing for the first packet of a data stream. Then the switch forwards the data stream on the Layer 3 according to relevant table entries (source IP address, destination IP address, next hop MAC address, MAC address of forwarding port) and download them to the ASIC chip, through which the L3 forwarding of subsequent packets is completed by the way of hardware-based exact match. The L3 switching goes through the same process for other data streams, that is, one routing and multiple switching.

There are two distinct disadvantages of the above mentioned L3 switching mode. Firstly, the CPU software is adopted to implement routing for the first packet of each type of data streams. In complex data stream scenarios such as a large-scale network, a huge number of applications, and severe virus attacks, the L3 data forwarding takes up a huge amount of CPU resources, which not only impacts the efficiency but also can result in equipment down due to high CPU utilization. Secondly, since the hardware forwarding mode of exact matching is adopted, it is a great challenge to the storage space of the hardware forwarding table of the switch in complex data stream scenarios such as a large-scale network and a huge number of applications. In particular, in a network with virus attacks, since each data packet may be a separate data stream, it may cause the hardware storage space to overflow in a very short period of time. As a result, other data streams can only use pure CPU software to implement L3 routing, in turn, the switch is down rapidly due to resources being used up.

2. Hardware-based L3 switching of Longest Prefix Matching (LPM)

The LPM L3 switching technology can solve the storage space problem of the traditional multiple switching mode that adopts exact stream matching. The LPM technology supports static routes. All the routes learnt dynamically are stored in the hardware forwarding table in the form of network segments. A destination network segment is a forwarding table entry. The direct route network segment is the destination IP address entry of the host forwarding table. All the other data packets with the IP addresses of unclear destination network segments are forwarded directly through the default routes. Generally speaking, LPM can save a lot of storage space, and forward virus attack data through the hardware network segment routes or the default routes without additional hardware table entries, and thus avoiding the storage overflow problem and ensuring the normal operation of equipment.

LPM still requires the CPU to participate in one routing. This will bring some impact on the efficiency of L3 forwarding when there is direct route network segment on the L3 equipment and there are a large number of host forwarding tables, even though each segment has only one demand on CPU participation. The Host Direct Route (HDR) technology can further optimize the efficiency of LPM by making up for the deficiency of CPU's participation in one routing. The HDR supports the L3 equipment to directly download the corresponding MAC address to the hardware forwarding table when running the ARP at the next hop node and the data forwarding port during the longest matching forwarding. Therefore, all the hosts in the network can conduct L3 forwarding directly via the longest matching hardware forwarding table without the impact from the CPU's first participation in the routing.

The LPM and HDR L3 switching technology does not require the CPU participation. This saves cache space. Moreover, it largely improves the routing efficiency, avoids the impact of virus attacks on the network equipment, and improves the equipment stability.

CSS Security System: Best Practice of the MPLS VPN Technology in the Dalian Government Network

The Dalian E-government has been taking the lead in the whole nation. Together with the government websites of Beijing and Shanghai, “Dalian China”, the government portal website maintained by the Dalian Information Center is appraised as the first three leading government websites in China. The Dalian Information Center has been awarded with the Government Website with Chinese Characteristics and Innovation Prize and the Leading Public Choice of Chinese City Government Portal Websites Prize by the Dalian Municipal Government in recent years.

With the expansion of the service scopes of the Dalian Information Center, the Information Center starts to construct the E-government MAN for Dalian this year and plans to run the services of the municipal and county organizations and bureaus of Dalian on the government extranet.

To ensure that the E-government network can stably bear multiple government services and the services of organizations and bureaus on the Dalian China website after the Dalian E-government network is constructed, the Dalian Information Center evaluates the networking solution (switching network versus routing networking) and tests products in real situation before selecting 10 sets of our S8600 switches as the core for the construction of the 10G MPLS E-government network of Dalian.

The following figure shows the topology of the 10G MPLS E-government network of Dalian constructed by 10 sets of RG-S8600. As shown in the figure, 2 sets of S8610 switches are connected as the core of the MPLS network, 6 sets of S8606 switches serve as PEs to connect the VPNs of various municipal bureaus, such as the taxation bureau and the labor bureau, and the other 2 sets of S8606 switches also serve as PEs to connect the data centers and egress areas of the network. The VPNs of organizations and bureaus have a uniform egress on the MPLS network to access the network.

Overview of the MPLS VPN of Ruijie Networks

Ruijie Networks fully supports point-to-multipoint dynamic L3 VPN (BGP MPLS VPN), point-to-point L2 VPN (VPWS) and point-to-multipoint dynamic L2 VPN (VPLS). Moreover, it supports 10G performance, and can implement flexible isolation and mutual access to safe areas.