Network Switches Grow Up

Once just hubs that directed network traffic, network switches have steadily gained intelligence. They can now help with user access control of applications and enable fault tolerance to prevent network downtime. This increased functionality not only makes the corporate network run better; it can relieve some of the administrative load on network administrators as well as other IT professionals.

"Enterprises can do much more with their existing equipment thanks to the increased sophistication and speed of switches," says Jim Kelton, president of Altius Information Technology Inc., an IT consulting firm based in Santa Ana, Calif., that specializes in performing network and security assessments. "And even as speeds go up -- we've seen them rise from 10 megabits to 100 megabits to 1 gigabit -- prices are coming down dramatically. As a result, we see companies rapidly upgrading to the higher-capacity switches."

"IT is very interested in this because many companies are building converged networks, putting IP and telephone traffic on the same network, and in general trying to enable various kinds of traffic using the same infrastructure," says Mary Petrosky, a network analyst based in San Mateo, Calif.

All On Top
The increased functionality is evident in that switches are no longer merely acting as Layer 2 and Layer 3 devices, but have moved up the network topology ladder to being Layer 4 and even Layer 7 devices. (article continues)


Topology is the term used to describe device configuration. Layer 1 switches are rapidly becoming obsolete; not so much switches as simple hubs, they don't manage traffic, but merely pass it from one network device to another. Slightly more sophisticated, Layer 2 switches can interconnect a small number of devices in a home or office. Layer 3 switches are built on a higher topology still. Often referred to as routers, they increase network efficiency by delivering traffic only to those ports that have been configured to "listen" to that traffic.

There are no Layer 5 or Layer 6 switches. The definition of Layer 7 switches varies from vendor to vendor, but these are typically capable of performing packet inspection at a very granular level while controlling quality of service (QoS) as well as a host of security-related functions.

Enterprises are using the more intelligent devices -- specifically, the Layer 4 and Layer 7 switches -- in the following ways:

  • Control user access to applications and other computing resources "The more advanced switches have very granular control over traffic, which allows an enterprise to determine what content goes where and who has access to it," says Petrosky. For example, companies can develop policies that determine which users get access to which applications and databases, and can easily let companies allow or disallow access to specific users very quickly. 
  • Ensure quality of service (QoS)  With the converged voice and data networks that many companies have installed, the more sophisticated (article continues)     


routers can detect and prioritize voice traffic -- which is more sensitive to latency than data traffic -- over data traffic. Likewise, higher priority data traffic can take precedence over less important data.

  • Enable fault tolerance The higher-end switches offer redundant power supplies, cooling and forwarding engines that make networks more fault-tolerant. Manufacturers are also migrating this functionality down to smaller platforms. This is good news, especially in smaller offices using only a single switch; if that switch goes down, the entire office is offline. Yet now even lower-end switches are adding this capability.
  • Aid compliance "Due to regulations such as Sarbanes Oxley, it is very important to show that only certain people have had access to certain data," says Petrosky. "The higher-end switches provide you with a clear audit trail that allows you to do just that."

All this additional capacity and functionality raises even more security issues. "The higher bandwidth these devices deliver allows people to email ever-larger documents of all types. And any time that you connect more people to more information more easily, you up the risk of security breaches," says Kelton.

Still, he says, the pros greatly outweigh the cons. With switches evolving so rapidly, Kelton recommends that enterprises evaluate their networks and upgrade their switches at least every two years. "Everything is changing so rapidly and the increased functionality is so potentially valuable that enterprises need to make a point of keeping up," he says.