RS 2100 Introduction | SoftwareOverview |
2.3.4Layer-4 Switching
In addition to layer-2 bridging and layer-3 routing, the RS 2100 performs layer-4 switching. Layer-4 switching is based on applications and flows.
Layer-4 Applications – The RS 2100 understands the application for which an IP or IPX packet contains data and therefore enables you to manage and control traffic on an application basis. For IP traffic, the RS 2100 looks at the packet’s TCP or UDP port number to determine the application. For IPX packets, the RS 2100 looks at the destination socket to determine the application.
Layer-4 Flows – The RS 2100 can store layer-4 flows on each line card. A layer-4 flow consists of the source and destination addresses in the IP or IPX packet combined with the TCP or UDP source and destination port number (for IP) or the source and destination socket (for IPX). You can therefore manage and control individual flows between hosts on an individual application basis.
A single host can have many individual layer-4 entries in the RS 2100. For example, an IP host might have separate layer-4 application entries for email, FTP, HTTP, and so on, or separate layer-4 flow entries for specific email destinations and for specific FTP and Web connections.
2.3.5Security
The bridging, routing, and application (layer-2, layer-3, and layer-4) support described in previous sections enables you to implement security strategies that meet specific needs. For layer-2, a wide range of bridging filters are available. Additionally, all layers can be protected using Access Control Lists (ACLs) filters. You can implement the following types of filters and ACLs to secure traffic on the RS 2100:
•Layer-2 source filters (block bridge traffic based on source MAC address)
•Layer-2 destination filters (block bridge traffic based on destination MAC address)
•Layer-2 flow filters (block bridge traffic based on specific source-destination pairs)
•Layer-3 source ACLs (block IP or IPX traffic based on source IP or IPX address)
•Layer-3 destination ACLs (block IP or IPX traffic based on destination IP or IPX address)
•Layer-3 flow ACLs (block IP or IPX traffic based on specific source-destination address pairs)
•Layer-4 flow ACLs (block traffic based on application flows)
•Layer-4 application ACLs (block traffic based on UDP or TCP source and destination ports for IP or source and destination sockets for IPX)
In addition to filtering and ACL, the RS also provides login security in the form of TACACS, TACACS+, RADIUS. and Secure Session Shells (SSH) version 1.5.
2.3.6Quality of Service
Although the RS 2100 supplies non-blocking, wire-speed throughput, you can configure the RS 2100 to apply Quality of Service (QoS) policies during peak periods to guarantee service to specific hosts, applications, and flows (source-destination pairs). This is especially useful in networks where the traffic level can exceed the network capacity.
QoS policies can be configured for the following types of traffic:
•Layer-2 prioritization (802.1p)
•Layer-3 source-destination flows
•Layer-4 source-destination flows
