A switched network is made up of the following three basic components:
Physical switch platform
Common software infrastructure
Network management tools and applications
The first component of a switched network is the physical switch itself. A LAN switch is a device that is made up of many ports connecting LAN segments, such as 100-Mbps Ethernet, and a high-speed port, such as Gigabit Ethernet. The high-speed port, in turn, connects the LAN switch to other devices in the network, as illustrated in Figure 10-1.
A LAN switch has dedicated bandwidth per port, and each port represents a different segment. For best performance, network designers often assign just one host to a port, giving that host dedicated bandwidth of 100 Mbps, as shown in Figure 10-2.
As discussed in Chapter 7, "Spanning Tree Protocol (STP)," the switch builds a table associating the Media Access Control (MAC) address of each local device with the port number through which that device is reachable. For example, referring to Figure 10-2, when Host A on port 1 needs to transmit to Host B on port 2, the LAN switch forwards frames from port 1 to port 2, thus sparing other hosts on port 3 from responding to frames destined for Host B. If Host C needs to send data to Host D at the same time that Host A sends data to Host B, it can do so because the LAN switch forwards frames from port 3 to port 4 at the same time it forwards frames from port 1 to port 2.
Whenever a device connected to the LAN switch sends a frame to an address that is not in the LAN switch's table, such as to a device not connected to the LAN switch, or whenever the device sends broadcast or multicast traffic, the LAN switch sends the frame out all ports except for the port from which the packet originated. This is known as flooding.
Because switches work like transparent bridges, a network built and designed with LAN switches appears as a flat network topology consisting of a single broadcast domain, as illustrated in Figure 10-3.
As a result, these flat networks are liable to suffer network problems, such as network congestion, because they do not scale well. Because some LAN switches can support virtual local-area networks (VLANs), however, VLAN-based networks are more scalable than traditional bridges.
In addition to LAN switches, network designers often use routers as one of the components in a switched network infrastructure. Whereas LAN switches are added to wiring closets to increase bandwidth and to reduce congestion in existing shared-media networks, routers are being deployed in the network backbone. Within a switched network, routing platforms provide for the connection between disparate LANs and wide-area networks (WANs) while implementing broadcast filters and logical firewalls. In general, if you need advanced networking services, such as a firewall and communication between LANs/VLANs using different protocols, routers are necessary in your network.
The second component of a switched network model is a common software infrastructure. The function of this software infrastructure is to combine the variety of physical switching platforms such as LAN switches and multiprotocol routers.
The software infrastructure should perform the following tasks within the network:
Monitor the logical topology of the network? In managing your network, you need to be able to recognize when a change in the network topology has occurred, for whatever reason, such as a link or hardware device failure.
Logically route traffic? If two people are trying to talk to each other, and each is speaking a language unknown to the other person, no communication occurs. The same holds true in your network. If you have two switches, or other devices, that need to communicate and pass traffic back and forth to each other, but are not speaking the same language, or protocol, then no communication occurs.
Manage and control sensitive traffic? If you send a memo through your corporate mailroom in an envelope marked "Confidential" and "Urgent," you should be able to trust that anyone handling that envelope will handle it according to those markings. In other words, no one will open the envelope because it is marked "Confidential," and the envelope will be delivered via the quickest means possible because it is marked "Urgent." This same concept holds true in your network; sensitive and high-priority traffic needs to be handled as marked from source to destination across your network, carefully and quickly.
Provide firewalls, gateways, filtering, and protocol translation? Firewalls provide security for your network. Gateways provide a connection to the outside world, such as the Internet. Traffic filtering prevents unwanted traffic from being carried across the network. Protocol translation is your network language specialist, able to speak the language, or protocol, of both the sending and receiving device, if these two devices cannot do so directly. Your network might be required to provide one or more of these services, so you need to make sure that whatever switches you use have the features you need?rather like buying a car and making sure it has the options you want or need, such as heat and air conditioning.
Recall from Chapter 8, "Virtual LANs (VLANs)," that a VLAN is a group of computers, network printers, network servers, and other network devices that behave as if they were connected to a single network segment.
In its basic form, a VLAN is a broadcast domain. The difference between a traditional broadcast domain and one defined by a VLAN is that a broadcast domain is seen as a distinct physical entity bounded by a router. VLANs are very similar to broadcast domains because their boundaries are also defined by a router. However, a VLAN is a logical topology, meaning that the VLAN hosts are not grouped within the physical confines of a traditional broadcast domain, such as an Ethernet LAN.
VLANs consist of several end systems: end-user computers, such as hosts, servers, or network printers; or network equipment, such as switches and routers. All these end systems are members of a single logical broadcast domain. VLANs do not have the physical constraints that traditional LANs have because traditional LANs are implemented based on cabling infrastructure, whereas VLANs are based on the logical infrastructure enabled by the switch, as illustrated in Figure 10-4.
Each workstation is connected to its local switch, Switch 1 or Switch 2?however, the switch determines which VLAN the workstation belongs to, VLAN 1 or VLAN 2. The VLANs here are enabled and managed by the switches. They also exchange VLAN information with each other through a VLAN trunk protocol, such as VLAN Trunking Protocol (VTP). Each VLAN supports a separate instance of the Spanning Tree Protocol (STP).
VLANs can be used to group a set of related users, regardless of their physical connectivity or proximity to each other; users can be across the building or across the country and still be a part of the same VLAN. The users might be assigned to a VLAN because they belong to the same department or team, such as an accounting or engineering department, or because data-flow patterns among them is such that it makes sense to group them together. For example, one floor of your building could be where the "top talkers" all sit.
Without a router, hosts in one VLAN cannot communicate with hosts in another VLAN.
The third, and last, component of a switched network is made up of network management tools and applications. As more switches are integrated throughout the network, network management becomes vital at both the user workgroup and network backbone layers to ensure your network operates trouble free.
As part of designing a switched network, you must ensure your design takes into account network management applications needed to plan, configure, monitor, and analyze switched network devices and services. Network management applications add bandwidth to the network, some more than others, and this bandwidth needs to be accounted for in your network design.