Layer 3 switches pass early tests

Jim Koda knew his new Layer 3 switch would be fast, but he did not expect to be blown away.

"I think of [Foundry Network, Inc.'s] NetIron box as a router that I can't seem to slow down. It actually passes packets just as fast as our Layer 2 Fast Ethernet switches," said Koda, systems manager in the software services group in the Information Sciences Institute of the University of Southern California in Marina del Rey. "It's just like a Layer 2 switch but it handles IP. What more can you ask for?"

Indeed. It is mostly for that reason that Layer 3 switches - routers with fast frame-forwarding capabilities - will by the end of 1998 displace about 60% of the stand-alone routers being used for LAN segmentation, according to consultancy Gartner Group, Inc. in Stamford, Conn.

Koda said he previously had some very old, slow routers - doing typical IP routing - and he decided to look around for newer technology that could do the routing functions at wire-speed.

"We dropped the NetIron into the network, which is now connected to all our subnets, to replace an existing router," Koda said.

Like Koda, Philip Kwan, manager of network operations and planning at Incyte Pharmaceuticals, Inc., a genetics research firm in Palo Alto, Calif., was looking for some router relief.

"We had a collapsed backbone using a router, and we were pushing anywhere between 800 gigabytes to about 2 terabytes of data through the router each day, causing the router to really be the bottleneck," Kwan said. "We totally rearchitected our network into a distributed mesh using five Layer 3 devices to do the routing."

In fact, Kwan just finished putting 80 to 100 users on the new Layer 3 devices last week and has been playing with the Foundry boxes for the last five months.

"We're estimating that we've already seen between a 10- to twentyfold performance gain in terms of the raw bandwidth," Kwan said. "This totally replaces our existing router, which we've moved out to the edge of the network."

But Steven Wallace, manager of network operations at Indiana University in Bloomington, said the Layer 3 devices he plans to deploy in the next six months may not completely replace his existing Cisco Systems, Inc. routers.

"Since a lot of these Layer 3 switch vendors don't do all the protocols that we need, we may leave the routers in place and put the new routers - or Layer 3 switches - on top of them to provide high-speed IP pipes to the buildings and use our legacy routers for the other protocols," Wallace said.

Although Wallace did point out that 3Com Corp.'s new CoreBuilder 3500 is the first device he has seen so far that supports IP, IPX and AppleTalk.

But speed isn't the only reason to buy a Layer 3 switch, these devices are an attractive option for cost-conscious network administrators, industry observers said. In fact, Bay Networks, Inc. offers its Layer 3 switch (which it acquired from Rapid City Communications) for $650 per Fast Ethernet port while a Fast Ethernet port on Bay's high-end router is priced at about $5,000 per port.

Dream device

Most users agreed that the ideal Layer 3 switch would support multiple routing protocols at wire-speed, provide 10M/100M/1000M bit/sec Ethernet links, and offer some kind of class-of-service feature to prioritize traffic.

"Assuming that we actually get to the point where we congest these new gig pipes, which seems to always happen eventually, it's important to provide better service or consistent service for applications that in the past we really didn't put on the data network, such as telephony services," Wallace said.

Kwan said customers need to match the features on the box with their routing environment. "We looked for [Open Shortest Path First] simply because we wanted to load-sharing and do a mesh network," he said. "Doing things like BOOTP and [Dynamic Host Configuration Protocol] as well as the ability to create VLANs for things like AppleTalk were also important to us."

In addition, Wallace said he is baffled as to why none of the vendors seem to provide secure access to the console on their Layer 3 switches.

"You telnet to these devices to configure them, and so my dream device would support Secure Shell so I could manage my devices without worrying about losing the password to somebody snooping on the network," Wallace said.

Another nice feature to have on the box is a high port count, Koda said. "An added benefit is that our Layer 3 switch has 16 ports . . . but we don't have 16 subnets," he said. "So we can still use the other ports for Layer 2 switching. That's a definite bonus."