Optimizing access networks with layer 3 switching

What went around has come around again. As Ethernet-based technology continues its advance into access networks, network operators and equipment vendors are facing many of the same decisions that once concerned enterprise and carrier networks. One in particular is whether to base a network on Layer 2 or Layer 3 switching.

Layer 2 switching offers the temptations of easy operation and maintenance; however, just as was the case for enterprise and carrier networks, those temptations are illusions. In fact, Layer 3 architectures are easier to manage, provide better performance and allow significantly greater scalability. The bottom line is that Layer 3 switching creates the optimum architecture for access networks.

Commercial networks, including access networks, must be managed networks, whatever their underlying network architecture. Although Layer 2 and 3 networks require the same amount of Internet Protocol (IP) infrastructure and planning, only Layer 3 architectures can take advantage of automated tools to ease deployment; only Layer 3 architectures provide nearly unlimited flexibility in mixing media and network technologies; and only Layer 3 switching provides built-in isolation between network segments to make troubleshooting and fault management much simpler.

Some Layer 2 proponents claim that its architectures are superior because they don't require planning for and establishing an IP infrastructure, including addressing assignments and subnetwork boundaries. However, the fact is that any network that delivers IP services — Internet access, voice over IP, IP video, etc. — requires an IP infrastructure. To the extent that Layer 3 architectures require operators to plan and engineer their networks, those architectures ultimately result in superior networks and services.

Once network deployments move beyond the planning stage and into actual operation, the benefits of Layer 3 architectures become clear. Layer 3 technology based on IP is very mature and widely deployed by enterprises and carriers. With such a large market to serve, engineers have developed powerful and convenient tools to automate and simplify network configuration and operation, tools that are lacking in Layer 2 environments.

For example, consider how the two architectures distinguish network elements. In Layer 3 networks, the primary identifier is an IP address. Network operators have complete flexibility in assigning these IP addresses to the various systems, so they can assign them in a manner that most appropriately matches their deployment strategy. There are also tools such as the Domain Name System (DNS) that easily map IP addresses into human-readable names. In addition, there are several tools such as the Dynamic Host Configuration Protocol that can assign IP addresses and other IP configuration information to network elements automatically, without manual intervention.

Contrast the flexibility and automation available with IP addressing to that of the Layer 2 system identifier: the Media Access Control (MAC) address. Equipment manufacturers, not network operators, assign MAC addresses, leaving operators no control over the mapping. Unlike an IP address, a device's MAC address often changes when the device is repaired or replaced, significantly increasing the burden on an operator's actively maintaining its network. There is no mechanism similar to DNS to map MAC addresses to names, so operators are forced to use cryptic, 12-digit hexadecimal values to identify systems.

Similar problems face operators attempting to logically segment their Layer 2 networks. While Layer 3 networks are naturally segmented by IP subnetworks without any special work on the operator's part, the Layer 2 equivalent, a virtual LAN (VLAN), must be manually configured in each device.

Another significant advantage of Layer 3 architectures is their inherent support for multiple network technologies. Layer 2 networks are, by definition, confined to a particular Layer 2 technology such as Ethernet or Asynchronous Transfer Mode. Layer 3 architectures, on the other hand, can encompass all network technologies and still provide a common management and operational infrastructure.

Once a network is operational, Layer 3 architectures greatly simplify troubleshooting and fault management. For example, common troubleshooting tools automatically use reverse DNS to display captured network traffic using human-readable names. In contrast, a technician diagnosing Layer 2 architectures is limited to looking at 12-character, hexadecimal MAC addresses.

Troubleshooting is also easier when problems are easier to isolate. Layer 3 architectures consist of many connected subnetworks so they have isolation inherent in their construction. Routers that interconnect subnetworks ensure that only appropriate, Layer 3 traffic passes from one subnetwork to another. Layer 2 networks do not provide this isolation. Isolation is critical when malfunctioning systems generate broadcast packets, especially packets that elicit responses that are also broadcast, a scenario known as a broadcast storm that can be devastating to a network. Often, the only way to recover is to completely power-off all devices on the network. A Layer 2 architecture provides no protection against broadcast storms, the entire access network serving all subscribers would be affected. Layer 3 switches, on the other hand, provide built-in isolation; broadcast storms are limited to a single subscriber.

In addition to better manageability, Layer 3 switching also offers greater network performance. Advances in silicon technology have allowed manufacturers to build Layer 3 switches that can forward packets at wire speed, and Layer 3 isolation significantly limits the overhead created by Layer 2 discovery protocols.

Unlike systems built decades ago, current Layer 3 switches can readily implement forwarding in hardware. Commercially available silicon can forward packets at full wire speeds even on Gigabit and 10 Gigabit interfaces.

An area in which Layer 2 and Layer 3 architectures are decidedly not equal is in the network overhead they create in a large network. Elements on a network regularly use discovery protocols such as the Address Resolution Protocol (ARP) to learn the identity of their neighbors. In a Layer 2 network, a neighbor can be any other system on the network, while on a Layer 3 network the neighbor is almost always the next hop router. Furthermore, discovery protocols like ARP are broadcast protocols. Layer 2 switches do not isolate broadcasts, instead flooding them throughout the network. In a Layer 2 network, whenever any device tries to find another, the network transmits the discovery packets to every device on the network. Layer 3 switches, on the other hand, confine broadcasts to a single subnetwork.

To appreciate the effects of this behavior, consider a subscriber with 256 kbits/second of bandwidth on an access network. The accompanying figure shows how much of that bandwidth is consumed by ARP broadcasts as the number of network subscribers grows. As the graph indicates, the actual number depends on traffic patterns in the network. Peer-to-peer traffic is the worst case, while pure client/server represents the minimum overhead. For all types of traffic, overhead on a Layer 3 network is constant at 0.0035 percent of the subscriber's bandwidth. However, for Layer 2 networks, even in the best case, ARP overhead reaches 35 percent of the subscriber's bandwidth with only 10,000 subscribers active. With peer-to-peer traffic, the Layer 2 architecture completely saturates the 256-kbit/s link with only 338 users active on the network.

The accompnying network performance graph highlights the biggest advantage of a Layer 3 architecture: Layer 3 networks simply scale better than Layer 2 ones. The fundamental reason for this advantage is the built-in partitioning that a Layer 3 network creates. Layer 2 networks are flat networks: they have no hierarchy. Layer 3 architectures, on the other hand, create a hierarchy of subnetworks.

A Layer 2 network has only one dimension in which it can grow: each new device adds to the overall size of the logical Layer 2 network. However, a Layer 3 network can grow in two dimensions. It can expand the number of subnetworks or it can increase the number of devices in a given subnetwork. In both cases, the effects of growth are limited. The addition of more subnetworks has little impact on the subnetworks already present, and growth within a subnetwork affects only the devices within that subnetwork.

The other advantages of Layer 3 networks become more and more evident as the network grows and they all contribute to Layer 3's superior scalability. Consider the effect of each of these qualities as a network increases in size: