Choose the right switch for your network As the person responsible for keeping your organizations network

up and running, youll probably have to procure some network switch equipment at some point. Theres a lot to consider when evaluating switches. In this Daily Drill Down, Ill examine the features and terms associated with switches to help you pick the best switch for your needs. Ill focus on workgroup switches, not core or big iron switches. Make the switch Of course, you could buy a simple hub instead of a switch. I dont recommend hubs for a growing organization, primarily because they make much less efficient use of resources than switches do. Switches are replacing hubs as the backbone of network connectivity.

Which switch? Buying a switch is not as simple as walking into a store and grabbing one off the shelf. When Im purchasing network equipment or giving advice to others on what they should buy, I like to look a couple of years down the road. Will your network increase significantly in size? Will you be adding devices to your network? A quick look at the future can help you decide what type of switch to buy. There are a number of specifications that determine how good the switch really is. In the sections that follow, Ill show you some of the features to look for. Size does matter There are basically two types of switch designs: form factor switches and modular switches. Which you choose largely depends on the size of your network. A form factor switch is generally an enclosed chassis with fairly limited upgrade capability, ranging anywhere from a few ports up to 48 ports. Form factor switches are excellent choices for small workgroups of up to 48 devicesincluding PCs, printers, Internet connections, and so on. A modular switch, on the other hand, is an excellent choice for larger workgroups that require more flexibility in their port configurations. A modular switch allows a mix-andmatch approach to determining port configuration since its essentially an empty chassis with slots for adapters. Layer 2 and 3 switching Youll also need to determine whether you need layer 2 or layer 3 switches. In the ISO/OSI model, layer 2 is the Data Link layer where the source and destination terminals are identified by MAC addresses in the network packet. A layer 2 switch can use this information to build a switching table to identify which port a particular MAC address/machine is on. This results in much more efficient network traffic patterns than with hubs, which simply broadcast all received traffic. Conversely, in the ISO/OSI model, layer 3 is the Network layer where IP and routers also operate. As such, a layer 3 switch can perform routing functions since it can make use of the IP information inside the packet. Layer 3 switches are significantly more expensive than layer 2 units. For smaller networks that are centrally located and located in a single subnet, a layer 2 switch is more than sufficient. As networks begin to grow and users are broken out onto separate subnets in order to improve network efficiency and provide better traffic flow, layer 3 switching/routing

becomes the better choice. Hot swapping If you plan to regularly swap out modules and you want as little downtime as possible, you can opt for a switch that supports hot swapping. Hot swapping is the ability to replace the various modules of a modular switch while the system is still operational and serving clients. This is useful in 24/7 environments. Note that some hot-swap switches only let you swap modules of the same type. For example, you cant hot-swap a 10/100 Ethernet module with a gigabit Ethernet module. Youd need to power down the unit for this swap. Forwarding mode Most switches offer up to three possible ways for packets to be forwarded through the unit:

Store-and-forward mode: This method supports error checking and packet filtering since the entire packet is read into the switchs memory and read before being forwarded to the appropriate switch port. Because the switch needs to receive the entire packet, this forwarding mode results in the highest transit delay. For 10/100 switches with a mixture of 10-Mbps and 100-Mbps devices, this is the forwarding mode of choice as it also supports the conversion of LAN speeds, which is a bridging function. Cut-through mode: Unlike store-and-forward, this forwarding method skips error checking, and it doesnt support either packet filtering or switching between different LAN speeds. Enough of the incoming packets are read to determine their destination, and the entire packet is then immediately forwarded to the destination MAC address. Because of the speed at which this mode operates, error packets are forwarded along with good packets. Fragment-free mode: This is cut-through forwarding with limited error correction capability since packets below the minimum allowable size (runts) are discarded.

The mode you look for in a new switch depends on the devices that youll be supporting. If you have both 10-Mbps and 100-Mbps devices, youll need the support of store-andforwards bridging features. If, however, your devices all run at 100 Mbps, you can enjoy the lower latency of cut-through forwarding or fragment-free forwarding for a reduced number of potential errors. Full-duplex and half-duplex Older hubs and Ethernet adapters only operate in half-duplex mode. In half-duplex mode, a device can send and receive data, but it cant do both at the same time. With full-duplex (also called simply duplex) equipment, a system can do both simultaneously, effectively eliminating the possibility of collisions on the link. Most switches support both half- and full-duplex connections. I recommend using full-duplex wherever possible as it makes more efficient use of the infrastructure. Some vendors like to say that their 100-Mbps switch ports operate at 200 Mbps due to full-duplex. This is somewhat misleading as full-duplex only means a full 100 Mbps in both directions simultaneously and not a doubling of the link speed. Be especially careful of this feature when looking at backplane speeds. A fair apples-to-apples comparison will use the same duplex factor to compare backplane speeds. Switching speed Switching speed is the speed at which a switch can process traffic coming in and send it back out. This is not the same as the bandwidth or backplane speed. Switching speed is generally measured in millions of packets per secondthe higher the switching speed, the

better. Backplane speed/switch fabric speed The backplane speed measures how fast traffic can be transmitted between modules in a switch. Closely related to blocking and nonblocking, this number needs to be sufficient to handle your most extreme loads across the switch. Blocking and nonblocking Blocking and nonblocking define whether or not a switchs internal communication and packet processing power can support all ports transmitting simultaneously at their highest possible speeds. A nonblocking switch has enough horsepower to handle this condition, but a blocking switch may need to throttle back traffic in order to handle it all, resulting in a potential bottleneck. Which architecture is best for your needs depends on what your users primarily do on the network. If they are constantly transferring large files across the network, a nonblocking architecture is a better choice. If, on the other hand, your users spend their days dealing with e-mail and doing Web research, a lower-speed backplane will more than suit your needs. Buffer size Every switch has some sort of buffering mechanism. In most cases, either a fixed amount of storage is dedicated to each port, or every port shares a common buffer storage area. The buffer size can have a direct impact on the speed at which a switch can forward packets. A buffer that is too small will cause a switch to throttle back traffic in an effort to control network congestion. Management and monitoring capability Most switches include some method for monitoring their performance so that you can proactively manage situations that may arise. The two most common methods are SNMP (Simple Network Management Protocol) and RMON (Remote MONitoring). SNMP has been around for a long time and is easy to support. Almost every switch that has any kind of management capability supports SNMP. Adding RMON capability to a switch greatly enhances management ability, however. When a switch has RMON capability, youll generally see that it supports a certain number of RMON groups. First, there are two versions of RMON, aptly named RMON1 and RMON2. Together they encompass 20 different groups of management statistics:

Alarm: Allows a user to configure an alarm for a managed object. A sampling interval and alarm threshold can be set for any counter or integer recorded by the RMON agent. Events: Logs three types of eventsrising threshold, falling threshold, and packet match. This group can generate traps for each event. Filters: Includes a buffer for incoming packets as well as any number of userdefinable filters. You can set filters to look at a special address, group of addresses, a certain protocol, or any combination desired. History: Provides trend analysis based on information in the statistics group. This group creates a set of counters for a specific time interval for each type of data from which trend information can be obtained. Hosts: Table of statistics based on MAC addresses. There are counters for broadcast packets, multicast packets, error packets, and number of bytes. This includes data for both transmitted and received bytes for each host. Hosts top N: Contains sorted host statistics. It can be configured to keep a table of activity for the 10 busiest nodes communicating to each host. Rather than the management station receiving lots of data from a management module, the

management module crunches the data and sends a list of only the busiest nodes across the network to the management station. This keeps traffic low and performance high and allows a high level of proactive management. Matrix: Shows error and utilization information in tabular form based on address pairs, so the operator can retrieve information for any pair of network addresses. This allows the management station to view the network traffic on a conversation basis, showing who is talking to whom and how often. Packet Capture: Allows the operator to define buffers for packet capture, change buffer sizes, and specify conditions for starting and stopping packet capture. Statistics: Maintains low-level utilization and error statistics, such as the number of packets sent, packet sizes, broadcasts, multicasts, network errors, and collisions. Token Ring: Adds token ring counters to RMON statistics.

Some of the RMON2 capabilities include:

Address Map: Maps a network layer address to the corresponding Media Access Control (MAC) address. Application-Layer Host: Provides statistics for each network conversation between pairs of network layer addresses. Application-Layer Matrix: Provides statistics on conversations between pairs of network layer addresses for a specified application layer protocol. Traffic broken down by protocols can be recognized by the Protocol Directory group. Network-Layer Host: Provides statistics for each host by network layer address. Network-Layer Matrix: Provides statistics for each network conversation between pairs of network layer addresses. Probe Configuration: Provides remote capability for configuring and querying agent parameters such as resets, software updates, IP address changes, and trap destinations. Protocol Directory: Provides a table of all identifiable protocols and their descriptions. Protocol Distribution: Provides statistics for each protocol that the agent is configured to track. RMON Conformance: Provides information to management software regarding the status of support for the groups. User History: Enables the agent to save samples of RMON2 data for any management information base (MIB) object at specified intervals.