Layer 4 switching: What it is and isn't

While Layer 2 and Layer 3 switches use brute force to speed up networks, Layer 4 switching attempts to add some finesse. That's the theory, anyway. In practice, the term has become another weapon for vendors waging a new round of "marketecture" wars.

Such weapons often are labeled with misnomers, and "Layer 4 switch" is no exception. In the seven-layer ISO model, packets are switched either to media access control addresses at Layer 2, the data-link layer, or to subnet addresses at Layer 3, the network layer. So-called Layer 4 switches merely look up into the transport layer of the packet to get information they can use to make smarter decisions about Layer 2 and Layer 3 forwarding.

For example, applications communicate with network services via an object called a port ID number. These TCP and User Datagram Protocol (UDP) port numbers tell the switch what type of application is generating the traffic, and the switch can then map the packet classifications into service guarantees.

In short, packets are just packets at Layer 2 and Layer 3. At Layer 4, there is knowledge about the sequence that an individual packet is part of and the application that generated it.

Traditional routers have had this Layer 4 functionality for years, but it degrades their performance so much that Layer 4 is almost never used. Today, some vendors claim their multilayer routing switches can process Layer 4 information and maintain wire-speed forwarding.

Moving further up the stack enables quality of service (QoS) and policy-based network management so administrators can fine-tune the use of the network with firewall-type granularity. For example, SAP R/3 traffic might be given priority over Web traffic, and bandwidth could be reserved for time-sensitive applications such as voice and video. And security policies can be applied at a much higher level, so hackers can't get in by just finding an IP address.

"What this means is that networks will become more services-oriented, and not just infrastructures for forwarding data," says Mary Petrosky, senior analyst with The Burton Group in Salt Lake City. The services that switches can support will depend on their ability to identify applications, which in turn "is what will separate the various vendors that are making claims about their Layer 4 products," she says.

Primitive, stateless applications such as telnet and File Transfer Protocol transmit on well-known TCP or UDP ports and are easy to spot. The same is not true, however, for the applications that really need prioritization, such as voice or enterprise resource planning software. These applications are state-dependent and don't have predefined port identifiers. Rather, the numbers get assigned dynamically by middleware, and the switch has to watch the sessions being established.

"You have exactly the same problem in Ethernet and ATM," says Donal Byrne, vice president of marketing for FDDI switch pioneer Berkeley Networks, Inc. in Milpitas, Calif. Switch manufacturers "don't do enough at Layer 4 to make their products useful to these stateful applications, which are the prominent and important applications on today's networks."

Berkeley Networks is tackling this problem by embedding Microsoft Corp.'s Windows NT operating system in its Gigabit Ethernet switch. This gives the platform access to all of NT's built-in services, including the directory, and creates what Byrne calls an "application-aware switch."

"We can take the thousands of network-based NT applications and services and integrate them on top of our platform according to the needs of our customers and partners," Byrne says. A separate policy server is not necessary. NT provides the translations between the applications and the hardware - a process that can take place at a relatively slow rate as long as the switch is doing the forwarding in hardware at wire speed.

"It's a neat idea, and it may enable Berkeley to implement policy-based networking before any other switch

manufacturer," says David Passmore, president of NetReference, Inc., a consultancy in Sterling, Va. Meanwhile, the big network companies are trying to lock customers in with announcements of their own architectures.

But all that's in the future. For now, Layer 4 switching seems to be a solution looking for a problem.

"Policy-based management? Most network administrators are still racing around on jet-powered skates troubleshooting," says Lynn DeNoia, director of consulting services for Strategic Networks in Rockland, Mass. "And people who are good at troubleshooting are not necessarily good at seeing things in a larger context and figuring out appropriate policies."