UNIX System Administration Handbook - Evi Nemeth [227]
Large sites can benefit from switches that can partition their ports (through software configuration) into subgroups called Virtual Local Area Networks or VLANs. A VLAN is a group of ports that belong to the same logical segment, as if the ports were connected to their own dedicated switch. Such partitioning increases the ability of the switch to isolate traffic, and that has salutary effects on both security and performance.
Traffic between VLANs is handled by a router, or in some cases, by a routing module or routing software layer within the switch. An extension of this system known as “VLAN trunking” (such as that provided by the IEEE 802.1Q protocol) allows physically separate switches to service ports on the same logical VLAN.
Choosing a switch can be difficult. The switch market is a very competitive segment of the computing industry, and it’s plagued with marketing claims that aren’t even partially true. When selecting a vendor to buy switches from, you should rely on independent evaluations (“bake offs” such as those that appear in magazine comparisons) rather than any data supplied by vendors themselves. In recent years, it has been common for one vendor to have the “best” product for a few months, but then completely destroy its performance or reliability when trying to make improvements, thus elevating another manufacturer to the top of the heap.
In all cases, make sure that the backplane speed of the switch is adequate—that’s the number that really counts at the end of a very long day. A well-designed switch should have a backplane speed that exceeds the sum of the speeds of all its ports.
Routers
Routers are dedicated computers-in-a-box that contain two or more network interfaces and direct traffic at layer 3 of the ISO protocol stack (the network layer). They shuttle packets to their final destinations based on the information in the TCP/IP protocol headers. In addition to simply moving the packets from one place to another, they may also perform other functions such as packet filtering (for security reasons), prioritization (for quality of service reasons), and big-picture network topology discovery. See all the gory details of how routing really works in Chapter 14.
Hardware interfaces of many different types (e.g., FDDI, Ethernet, and ATM) can be found on a single router. On the software side, some routers can also handle non-IP traffic such as IPX or AppleTalk. In these configurations, the router and its interfaces must be configured for each protocol you want it to handle.
Routers take one of two forms: fixed configuration and modular. Fixed configuration routers have specific network interfaces permanently installed at the factory. They are usually suitable for small, specialized applications. For example, a router with a T1 interface and an Ethernet interface might be a good choice to connect a small company to the Internet.
Modular routers have a slot or bus architecture to which interfaces can be added by the end user. While this approach is usually more expensive, it provides for greater flexibility down the road.
Depending on your reliability needs and expected traffic load, a dedicated router may or may not be cheaper than a UNIX system configured to act as a router. However, the dedicated router will usually provide superior performance and reliability. This is one area of network design in which it’s usually advisable to spend the extra money up front in order to avoid headaches later.
15.3 FDDI: THE DISAPPOINTING AND EXPENSIVE LAN
At 10 Mb/s, the Ethernet of the 1980s didn’t offer enough bandwidth for some networking needs, such as connecting workgroups via a corporate (or campus) backbone. In an effort to provide higher-bandwidth options, the ANSI X3T9.5 committee produced the Fiber Distributed Data Interface (FDDI) standard as an alternative