Network switches are essential to enterprise networks, offering various capabilities and functions. Some switches are configurable, and others are not. Some operate at layer 2 of the OSI model, while others function at layer 3.
With so many variations, comprehending switch capabilities can sometimes be overwhelming. This article simplifies these concepts to help you better understand how each type of switch can benefit your network.
One of the fundamental concepts associated with network design is network segmentation. As a network grows in size and the number of end-user devices (endpoints) increases, network traffic also increases, resulting in inefficiency. The following diagram shows a network where all endpoints are connected to a single network segment.
Network designers use a network segmentation strategy to optimize network efficiency, separating network hosts into segments with similar functions. For example, one could segment the network above into six subdivisions, each serving a different enterprise department, as shown below.
This division creates smaller, more manageable segments. Communication within each segment takes place at layer 2 of the OSI model, while communication between segments requires using a layer 3 device such as a router.
This means that each segment is a self-contained portion of the network that communicates with the "outside world" only when needed. This results in a much more efficient, secure, scalable, and manageable network.
Typically, network segments should have no more than about 200 endpoints per segment, but most are much smaller. There are many exceptions to this rule, of course, but this is a general guideline that shows the scales involved.
Network segments can sometimes be referred to as virtual LANs (VLANs), broadcast domains, or subnets, depending upon the context. For the purposes of this article, we'll use these terms interchangeably.
A switch essentially takes a packet that arrives on one interface (i.e., a port on the switch) and "switches" it to another interface. At its most fundamental level, switching is the decision-making process by which an interface is chosen where a received packet will be forwarded.
There are various types of switches with varying levels of capabilities. These capabilities add additional functionality, allowing them to deliver more versatility in deployment network segmentation in the network design.
The fundamental types of switches we will be examining in this article are unmanaged layer 2 switches, managed layer 2 switches, and managed layer 3 switches.
The terms "packet" and "frame" are often used interchangeably when talking about data on a network. However, strictly speaking, and for the purposes of this article, the term "frame" refers to a layer 2 entity, while a packet refers to a layer 3 entity.
Practically, this means that a frame uses MAC addresses for its addressing scheme while a packet uses IP addresses.
In networking, the term "switching" is primarily used to refer to an operation on layer 2 of the OSI model. When an Ethernet frame enters a port on a switch, the switch reads the destination MAC address and then chooses which egress port will be used to forward the frame based on that destination address.
For example, in the following diagram, an Ethernet frame enters port 1 of the switch. The switch reads the destination MAC address, sees that it belongs to endpoint B, and thus sends the frame out of port 3, which connects to endpoint B.
There are some caveats for this layer 2 switching to take place as described. First, one must configure all the ports on the switch to operate on the same VLAN. In other words, the whole switch needs to belong to a single network segment.
Second, all the end-user devices connected to these ports must be configured with IP addresses in the same subnet. If you're not familiar with these terms, that's OK. What this means more simply is that a single switch will serve a single network segment or subnet from all of its ports.
This is the most common scenario when using an unmanaged switch, which is a layer 2 switch with all of its ports on the same VLAN or network segment. This allows all connected devices to communicate on the same network segment or subnet.
In a typical enterprise network, you will have multiple network segments, each given a different IP address space or subnet. If you're using only unmanaged switches, you will need one or more physical switches for each individual network segment.
This may be suitable for small networks (on the order of up to 20 endpoints). However, for larger networks, the restriction of needing a physical device for each subnet can become prohibitively expensive while simultaneously unwieldy and inflexible from a network design point of view.
This is where layer 2 managed switches come in: switches capable of logical network segmentation. A managed layer 2 network switch can logically segment its ports into multiple network segments. For example, this switch has 24 ports configured to operate in three different segments.
Ports 1-6 have been configured as VLAN 10, ports 7 through 16 are VLAN 20, and ports 17 to 24 are VLAN 30. Endpoints connected to these ports will logically be segmented into three different network segments, even though they are connected to the same physical switch.
Such switches are called layer 2 managed switches because they have a management interface—typically a web GUI or command line interface—from which you can configure the VLAN of each individual port.
The management interface also allows you to control and configure additional parameters on the switch, including QoS, multicast, PoE, security parameters, and many other features.
Note that a layer 2 managed switch cannot route traffic from one segment to another by itself. It requires an additional external layer 3 device ― such as a router or layer 3 switch ― connected to the VLANs between which you want to route traffic. An example is below.
One can use an external router to interconnect network segments as described above, but using a layer 3 managed switch may be useful instead. A layer 3 managed switch essentially does all of the tricks that a layer 2 managed switch can perform, with one vital advantage: It can internally route traffic between network segments without needing an external router.
This is why it is called a layer 3 switch: because it is a switch that can perform layer 3 operations, such as routing from one network segment to another.
Once again, this type of device is configured within its management interface. This allows administrators to logically segment their ports while allowing communication between those logical network segments.
So, where would you use each type of switch in a network? The following diagram shows a typical three-tier enterprise network with access, distribution, and core layers.
Managed layer 3 switches are deployed in the core layer of this three-tier network hierarchy. These devices are the high-speed layer 3 switches that deal with sending traffic between the various areas of the network. The core layer is also where the distribution switches connect their uplinks.
The distribution layer may use either managed layer 3 or managed layer 2 switches, depending on the design of the network. For larger networks, layer 3 capability is generally required in the distribution layer, while for somewhat smaller networks, routing may take place in the core layer, so layer 2 switches for the distribution layer may be sufficient.
The access layer will almost always use managed layer 2 switches to deliver connectivity to end devices and to segment individual switches into multiple segments.
Finally, unmanaged layer 2 switches are typically used in areas where an extension of the access layer is necessary—where no network segmentation is needed.
Understanding the various types of network switches and their respective roles enables you to build a robust and efficient network infrastructure. Whether it's an unmanaged layer 2 switch for simple connectivity, a managed layer 2 switch for advanced segmentation, or a managed layer 3 switch for routing and inter-VLAN communication, each type serves a specific purpose.
By strategically deploying these switches, network administrators can create a scalable, secure, and highly efficient network that meets the needs of any enterprise. This guide has aimed to demystify the complexities of switch selection and network segmentation, empowering you to make informed decisions that optimize your network’s performance.
You may also like:
Essential steps for applying QoS on UC networks
Grandstream GCC all-in-one networking convergence solutions
Nine DHCP options that are particularly useful for VoIP and UC