.shock - Fotolia


Layer 3 switches explained

Layer 3 switches are important in enterprise networks -- particularly in designs with many subnets and virtual LANs. What is a Layer 3 switch, what can it do for you, and how does it differ from a regular switch or router?

A Layer 3 switch -- also referred to as a multilayer switch -- combines the duties of a switch and a router.

It acts as a switch because it connects devices that are on the same IP subnet or virtual LAN, and it performs at or near wire speed. But it also acts as a router because it has IP routing intelligence built in.

Layer 3 switches are like a high-speed router without the WAN connectivity.

What is the difference between a Layer 3 switch and a router?

Before defining Layer 3 switches, let's understand what a regular switch and a router do.

A switch works at Layer 2 of the OSI model -- the data-link layer. It is a LAN device that can also be called a multiport bridge. A switch forwards Ethernet frames between Ethernet devices. Switches do not care about IP addresses, nor do they even examine IP addresses as the frames flow through the switch. Instead, they forward frames based on the media access control (MAC) address.

Every Ethernet device and port has its own unique 16-digit hexadecimal address. The switch maintains a database of MAC addresses and ports where the MAC addresses were last seen. This is known as a forwarding table. And unlike a network hub that simply duplicates data and broadcasts all frames out of every port, switches maintain their bridge forwarding tables, which makes the forwarding of frames far more efficient.

Let's discuss the forwarding table in a bit more detail. In the Cisco world, the bridge forwarding table is called a CAM table, for content addressable memory. If a switch receives an Ethernet frame for a destination that it doesn't have in its table, it floods that frame out to all ports -- like a hub does all the time.

However, the switch learns from the response of that flood and records which MAC addresses responded on specific switch ports. This dynamic mapping is then maintained in the switch forwarding. By maintaining a forwarding table, switches form collision domains. This is because every port forwards frames out to only the port that the destination device resides in, per the forwarding table. That way, you don't run into problems when multiple devices on a switch attempt to forward frames at the same time. From a logical perspective, each device connected to the switch has its own Ethernet segment and can talk at full speed without risk of collisions.

A router, on the other hand, works at Layer 3 of the OSI model -- the network layer. It is a device that logically segments networks at the IP subnet level. A router is responsible for routing IP packets between different IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamically learned routes.

When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table, the router drops the packet -- unless it has a default route. Routers form broadcast domains -- a logical division of a computer network -- because they drop broadcast packets. Broadcast packets are a way to send a packet destined to all devices within that IP subnet. A broadcast packet cannot be sent between subnets. Therefore, the only way to communicate between subnets is to route traffic from one network to the other.

How does a Layer 3 switch work?

When it comes to Layer 3 switching, there are two kinds: hardware and software. With a hardware-based service, the device is using an application-specific integrated circuit (ASIC) -- a dedicated chip -- to perform the packet-switching function. With the software implementation, the device is using a computer processor and software to perform the function.

Generally, Layer 3 switches and high-end routers route packets use hardware -- ASICs -- and general-purpose routers use software to perform routing functions.

Characteristics of Layer 3 switches

A Layer 3 switch works much like a router because it has the same IP routing table for lookups, and it forms a broadcast domain. However, the switch part of Layer 3 switch is there because:

  • The Layer 3 switch looks like a switch. It has 24-plus Ethernet ports and no WAN interfaces.
  • The Layer 3 switch will act like a switch when it is connecting devices that are on the same network.
  • The Layer 3 switch is the same as a switch with the router's IP routing intelligence built in.
  • The switch works very quickly to switch or route the packets it has sent.

Why use a Layer 3 switch?

Layer 3 switches make the use of virtual local area networks (VLANs) and interVLAN routing easier and faster. They make VLANs easier to configure because a separate router isn't required between each VLAN; all the routing can be done right on the switch. Layer 3 switches also improve VLAN performance because they eliminate the bottleneck that results from a router forming a single link between VLANs.

What is a VLAN?

VLANs are a great way to segment a LAN based on users, device types and functions on the network. For example, an organization can create a server VLAN, which is the subnet where all internal servers reside. In turn, the company can create separate VLANs within the server VLAN: one for wired users, one for wireless users and one for the printers themselves. Without the use of VLANs, this type of organization wouldn't be possible, and all devices would be on the same broadcast domain -- a design that would be particularly inefficient for larger networks.

In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port connected to a router. The router can then route between VLANs. This is known as interVLAN routing. One problem with simply using a router and switch trunk interface is that the trunk port can create a bottleneck because the maximum amount of data that can be routed is based on the Ethernet port limit.

Layer 3 switches, on the other hand, use a switch backplane that has bandwidth capacity far greater than that of a single or multiple Ethernet interfaces combined in a port channel. In other words, Layer 3 switches eliminate the bottlenecks created when attempting to perform interVLAN routing using a standard switch connected to a router.

Sample network using VLANs

Besides the functionality mentioned above, a VLAN has a number of other features, such as:

  • Performance and broadcast control;
  • Segregating departments or project networks; and
  • Security.

Do I need a Layer 3 switch?

Layer 3 switches are tailored for enterprise-class Ethernet networks that need to subnet into smaller networks. Most of the time, this is accomplished by configuring multiple VLANs, with each VLAN representing a different IP subnet.

You should investigate getting a Layer 3 switch if you can answer yes to any of the following questions:

  • Do you have a network with more than 250 devices on a single VLAN?
  • Do you have subnets and/or VLANs that are currently connected via a router using a one-armed router design?
  • Do you need higher-performance VLANs?
  • Do departments need their own broadcast domains for performance or security?
  • Are you considering implementing VLANs?

Dig Deeper on Network infrastructure

Unified Communications
Mobile Computing
Data Center