Date: Sat, 27 Mar 1999 08:20:35 -0700 From: Wes Peters <wes@softweyr.com> To: mm@i.cz Cc: freebsd-net@FreeBSD.ORG Subject: Re: switch vs bridge (fwd) Message-ID: <36FCF743.F6530F5C@softweyr.com> References: <XFMail.990327133712.mm@i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin Machacek wrote:
>
> On 26-Mar-99 Mike Jenkins wrote:
> > On Fri, 26 Mar 1999 Martin Machacek wrote:
> >> Layer 4 switch is a pure marketing bullshit.
> >
> > If I understand layer 4 switches correctly, they switch
> > at the tcp/udp port number layer. I could therefore slip
> > a layer 4 switch between my router and my lan, and program
> > it to redirect all incoming 25/tcp smtp connections to a
> > mail filter host. I find that rather useful. I'm sure
> > some folks use them for 80/tcp http redirection for web
> > caching. Aren't these useful applicatons?
>
> Sure, but they can be quite easily achieved with "convetional" router (or a
> good layer 3 switch). The router could be also a PC with decent Unix like for
> example FreeBSD. What these applications require is capability to do
> routing (switching) decisions based on other information than destination IP
> address. This feature is usually called policy routing and you can find it in
> most routers from major vendors. So, I think that so called layer 4 switches
> are just IP routers with policy routing capability. I doubt that layer 4
> switching is being implemented in hardware.
Not yet. It soon will be. You're not going to believe the speed.
> > I realize routers can be programmed to do this but who wants
> > to load down (or misconfigure) the router for this chore.
>
> Policy routing is not a misconfiguration. For sure it can put significant
> load on the router. Who wants to buy another box ...
>
> > A dual-homed unix box such as FreeBSD can also do this using
> > redirection in packet filtering but that usually requires
> > splitting the network into 2 IP networks (yes i've heard
> > of dummynet/bridge but that is work in progress). I think
> > a network appliance like a layer 4 switch would be the right
> > tool for the job.
The realy problem with a layer 4 switch is that it doesn't have any
knowlege of the data stream it's handling, it just doles out packets
based on some really simple rules. A load balancer that has some
understand of the underlying data is probably a much better way of
doing things. In the case of HTTP, a load balancer can keep a client
connection on the same server, in case the server is maintaining some
connection information, and can make decisions on which server is the
least busy when a new connection comes in, based *at least* on which
is handling the fewest number of packets at the moment. Layer 4
switches don't do either of these, they just dole out packets in
(typically) round-robin fashion.
> Why you think you have to split your network and actually what's wrong with
> splitting IP networks anyway?
Nothing is wrong with splitting IP networks, you just don't need to
complicate it with a bunch of goofy routing configurations. If you
want to keep the engineering staff from sniffing packets over in HR,
stick everyone on switch ports and manage your VLANs carefully.
;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36FCF743.F6530F5C>