As the person responsible for keeping your organization’s network up and running, you’ll probably have to procure some network switch equipment at some point. There’s a lot to consider when evaluating switches. In this Daily Drill Down, I’ll examine the features and terms associated with switches to help you pick the best switch for your needs. I’ll focus on workgroup switches, not core or “big iron” switches.

Make the switch

Of course, you could buy a simple hub instead of a switch. I don’t recommend hubs for a growing organization, primarily because they make much less efficient use of resources than switches do. Switches are replacing hubs as the backbone of network connectivity.

Which switch?
Buying a switch is not as simple as walking into a store and grabbing one off the shelf. When I’m purchasing network equipment or giving advice to others on what they should buy, I like to look a couple of years down the road. Will your network increase significantly in size? Will you be adding devices to your network? A quick look at the future can help you decide what type of switch to buy.

There are a number of specifications that determine how good the switch really is. In the sections that follow, I’ll show you some of the features to look for.

Size does matter
There are basically two types of switch designs: “form factor” switches and modular switches. Which you choose largely depends on the size of your network.

A form factor switch is generally an enclosed chassis with fairly limited upgrade capability, ranging anywhere from a few ports up to 48 ports. Form factor switches are excellent choices for small workgroups of up to 48 devices—including PCs, printers, Internet connections, and so on.

A modular switch, on the other hand, is an excellent choice for larger workgroups that require more flexibility in their port configurations. A modular switch allows a “mix-and-match” approach to determining port configuration since it’s essentially an empty chassis with slots for adapters.

Layer 2 and 3 switching
You’ll also need to determine whether you need layer 2 or layer 3 switches. In the ISO/OSI model, layer 2 is the Data Link layer where the source and destination terminals are identified by MAC addresses in the network packet. A layer 2 switch can use this information to build a switching table to identify which port a particular MAC address/machine is on. This results in much more efficient network traffic patterns than with hubs, which simply broadcast all received traffic.

Conversely, in the ISO/OSI model, layer 3 is the Network layer where IP and routers also operate. As such, a layer 3 switch can perform routing functions since it can make use of the IP information inside the packet.

Layer 3 switches are significantly more expensive than layer 2 units. For smaller networks that are centrally located and located in a single subnet, a layer 2 switch is more than sufficient. As networks begin to grow and users are broken out onto separate subnets in order to improve network efficiency and provide better traffic flow, layer 3 switching/routing becomes the better choice.

Hot swapping
If you plan to regularly swap out modules and you want as little downtime as possible, you can opt for a switch that supports hot swapping. Hot swapping is the ability to replace the various modules of a modular switch while the system is still operational and serving clients. This is useful in 24/7 environments. Note that some hot-swap switches only let you swap modules of the same type. For example, you can’t hot-swap a 10/100 Ethernet module with a gigabit Ethernet module. You’d need to power down the unit for this swap.

Forwarding mode
Most switches offer up to three possible ways for packets to be forwarded through the unit:

  • Store-and-forward mode: This method supports error checking and packet filtering since the entire packet is read into the switch’s memory and read before being forwarded to the appropriate switch port. Because the switch needs to receive the entire packet, this forwarding mode results in the highest transit delay. For 10/100 switches with a mixture of 10-Mbps and 100-Mbps devices, this is the forwarding mode of choice as it also supports the conversion of LAN speeds, which is a bridging function.
  • Cut-through mode: Unlike store-and-forward, this forwarding method skips error checking, and it doesn’t support either packet filtering or switching between different LAN speeds. Enough of the incoming packets are read to determine their destination, and the entire packet is then immediately forwarded to the destination MAC address. Because of the speed at which this mode operates, error packets are forwarded along with good packets.
  • Fragment-free mode: This is cut-through forwarding with limited error correction capability since packets below the minimum allowable size (runts) are discarded.

The mode you look for in a new switch depends on the devices that you’ll be supporting. If you have both 10-Mbps and 100-Mbps devices, you’ll need the support of store-and-forward’s bridging features. If, however, your devices all run at 100 Mbps, you can enjoy the lower latency of cut-through forwarding or fragment-free forwarding for a reduced number of potential errors.

Full-duplex and half-duplex
Older hubs and Ethernet adapters only operate in half-duplex mode. In half-duplex mode, a device can send and receive data, but it can’t do both at the same time. With full-duplex (also called simply “duplex”) equipment, a system can do both simultaneously, effectively eliminating the possibility of collisions on the link.

Most switches support both half- and full-duplex connections. I recommend using full-duplex wherever possible as it makes more efficient use of the infrastructure. Some vendors like to say that their 100-Mbps switch ports operate at 200 Mbps due to full-duplex. This is somewhat misleading as full-duplex only means a full 100 Mbps in both directions simultaneously and not a doubling of the link speed. Be especially careful of this “feature” when looking at backplane speeds. A fair apples-to-apples comparison will use the same duplex factor to compare backplane speeds.

Switching speed
Switching speed is the speed at which a switch can process traffic coming in and send it back out. This is not the same as the bandwidth or backplane speed. Switching speed is generally measured in millions of packets per second—the higher the switching speed, the better.

Backplane speed/switch fabric speed
The backplane speed measures how fast traffic can be transmitted between modules in a switch. Closely related to blocking and nonblocking, this number needs to be sufficient to handle your most extreme loads across the switch.

Blocking and nonblocking
Blocking and nonblocking define whether or not a switch’s internal communication and packet processing power can support all ports transmitting simultaneously at their highest possible speeds. A nonblocking switch has enough horsepower to handle this condition, but a blocking switch may need to throttle back traffic in order to handle it all, resulting in a potential bottleneck.

Which architecture is best for your needs depends on what your users primarily do on the network. If they are constantly transferring large files across the network, a nonblocking architecture is a better choice. If, on the other hand, your users spend their days dealing with e-mail and doing Web research, a lower-speed backplane will more than suit your needs.

Buffer size
Every switch has some sort of buffering mechanism. In most cases, either a fixed amount of storage is dedicated to each port, or every port shares a common buffer storage area. The buffer size can have a direct impact on the speed at which a switch can forward packets. A buffer that is too small will cause a switch to throttle back traffic in an effort to control network congestion.

Management and monitoring capability
Most switches include some method for monitoring their performance so that you can proactively manage situations that may arise. The two most common methods are SNMP (Simple Network Management Protocol) and RMON (Remote MONitoring). SNMP has been around for a long time and is easy to support. Almost every switch that has any kind of management capability supports SNMP.

Adding RMON capability to a switch greatly enhances management ability, however. When a switch has RMON capability, you’ll generally see that it supports a certain number of RMON “groups.” First, there are two versions of RMON, aptly named RMON1 and RMON2. Together they encompass 20 different groups of management statistics:

  • Alarm: Allows a user to configure an alarm for a managed object. A sampling interval and alarm threshold can be set for any counter or integer recorded by the RMON agent.
  • Events: Logs three types of events—rising threshold, falling threshold, and packet match. This group can generate traps for each event.
  • Filters: Includes a buffer for incoming packets as well as any number of user-definable filters. You can set filters to look at a special address, group of addresses, a certain protocol, or any combination desired.
  • History: Provides trend analysis based on information in the statistics group. This group creates a set of counters for a specific time interval for each type of data from which trend information can be obtained.
  • Hosts: Table of statistics based on MAC addresses. There are counters for broadcast packets, multicast packets, error packets, and number of bytes. This includes data for both transmitted and received bytes for each host.
  • Hosts top N: Contains sorted host statistics. It can be configured to keep a table of activity for the 10 busiest nodes communicating to each host. Rather than the management station receiving lots of data from a management module, the management module crunches the data and sends a list of only the busiest nodes across the network to the management station. This keeps traffic low and performance high and allows a high level of proactive management.
  • Matrix: Shows error and utilization information in tabular form based on address pairs, so the operator can retrieve information for any pair of network addresses. This allows the management station to view the network traffic on a conversation basis, showing who is talking to whom and how often.
  • Packet Capture: Allows the operator to define buffers for packet capture, change buffer sizes, and specify conditions for starting and stopping packet capture.
  • Statistics: Maintains low-level utilization and error statistics, such as the number of packets sent, packet sizes, broadcasts, multicasts, network errors, and collisions.
  • Token Ring: Adds token ring counters to RMON statistics.

Some of the RMON2 capabilities include:

  • Address Map: Maps a network layer address to the corresponding Media Access Control (MAC) address.
  • Application-Layer Host: Provides statistics for each network conversation between pairs of network layer addresses.
  • Application-Layer Matrix: Provides statistics on conversations between pairs of network layer addresses for a specified application layer protocol. Traffic broken down by protocols can be recognized by the Protocol Directory group.
  • Network-Layer Host: Provides statistics for each host by network layer address.
  • Network-Layer Matrix: Provides statistics for each network conversation between pairs of network layer addresses.
  • Probe Configuration: Provides remote capability for configuring and querying agent parameters such as resets, software updates, IP address changes, and trap destinations.
  • Protocol Directory: Provides a table of all identifiable protocols and their descriptions.
  • Protocol Distribution: Provides statistics for each protocol that the agent is configured to track.
  • RMON Conformance: Provides information to management software regarding the status of support for the groups.
  • User History: Enables the agent to save samples of RMON2 data for any management information base (MIB) object at specified intervals.

In general, when a switch supports RMON, at a minimum it will support the first four groups of RMON1: statistics, history, alarm, and event.

Make the switch
When I specify new equipment, I like to compare every product as fully as possible. Once you’ve chosen a switch, make sure the choice is a good one with a little specific follow-up research. Vendors aren’t always the best source for objective information, so be sure to check as many sources as you can.

I find that the Tolly Group’s switching reports are an excellent resource to determine if the vendor’s specifications are realistic. Tolly tests almost every switch on the market and can say whether or not the numbers are accurate. Other groups also regularly test network equipment. My favorite resource to locate these kinds of reports is Google.