Before making the decision to purchase switches for your data center, first be sure what your network needs and where. Network switches fall into four basic categories: those that fit into the classic three-tier enterprise network model, and newer data center-class switches currently used mainly by large enterprises and cloud providers that rely heavily on virtualization. These newer switches have density and performance characteristics that can be deployed throughout the data center or to anchor a two-tier (leaf-spine) or one-tier flat mesh or fabric architecture.
You may hear network administrators say something like, "A switch is just a switch no matter who makes it." In some ways, it's true; in other ways, not so much.
All switches have basic functionality that includes maintaining a media access control (MAC) address-to-port table, which is used to intelligently forward frames out the right ports to the intended destinations. All switches also use standards-based protocols to segment traffic using the concept of virtual local area networks, 802.1q trunks and 802.3ad port aggregation. They also prevent network loops using one of the many variants of the 802.1d spanning-tree protocol.
But if you look beneath the surface, you find different types of switches have unique characteristics that, when used properly, better optimize the network as a whole. The easiest way to look at these differences is to break them up into the following traditional three-tier enterprise-network design:
Note the three-tiered architecture's pyramid design. Core switches interconnect with other core switches and down to the distribution tier. The distribution tier sits in between the core and the access tier. The access tier connects the entire structure to end devices like computers, printers and servers.
Tasks and workloads can be distinct for switches in different tiers. While all switches share universal functions like MAC tables, spanning-tree and trunking, they also have exclusive capabilities performed only within that network tier.
The core switch is the easiest to understand. Core switches are all about speed. If designed properly, the only tasks a core switch should perform are routing at Layer 3 (the network layer) and switching at Layer 2 (the data link layer that moves data across the physical links of a network).
Core switches are high-throughput, high-performance packet and frame movers. Packets and frames are simply moved from one core switch to another core switch, and eventually down to the next tier of switches -- the distribution tier.
The distribution tier addresses a new set of unique switching needs, and is the workhorse of any enterprise network.
First and foremost, distribution switches are used to connect the core and access tiers together on the network. If data needs to be moved from one distribution block to another, the switch pushes that data up to the core switches, which know the optimal path to the destination distribution tier switch.
Secondly, distribution switches also interconnect all network access tier switches. Because there are so many interconnections in a network, distribution switches have higher port density than core switches, which have far fewer interconnections to other switches.
Finally and most importantly, distribution switches enforce all forms of network policies. Access lists are configured and implemented in the distribution tier to permit or deny traffic from one network to another. Quality of service policies are also found here to prioritize packets and put them into pre-defined queues for optimal transport of time-sensitive information. In addition to port density, distribution tier switches must have enough CPU speed and memory to perform all tasks at or near wire speed.
At the bottom of the classic three-tier switch design is the access tier.
Access tier switches are the only ones that directly interact with end-user devices. Because an access switch connects the majority of devices to the network, the access tier typically has the highest port density of all switch types.
Despite the high port-count, however, access switches usually provide the lowest throughput-per-port of all switches. For example, most modern access switches provide a 10/100/1000 Mbps copper Ethernet connection to end devices. By contrast, core and distribution tier switches commonly use between 10 Gbps and 100 Gbps fiber-optic ports.
So in terms of CPU and raw throughput, access switches are on the low end of the scale. But these switches offer many features that cater specifically to end-devices that the upper tiers do not require. For example, access switches commonly support Power over Ethernet, which can power many endpoint devices, including wireless access points and security cameras.
Additionally, access switches are better able to interact with endpoints from a security perspective. Things like port-security, 802.1X authentication and other security mechanisms are built directly onto access switch software.
Changes in data center design affects switches
The three-tiered design connects devices and layers across an enterprise infrastructure with high scalability. Up until a few years ago, only access switches were used to connect servers to the rest of the network using the same 1 Gigabit Ethernet (GbE) ports that desktop computers or networked printers use. Over time, however, changes in data-center server architecture -- paced by developments such as storage area networks (SANs) and the continued growth of virtualization -- ushered in a new breed of high-performance switches that we will refer to as data center-class switches.
These switches provide the physical port capacity and port throughput required to handle both north-south and east-west traffic flows. They allow for connectivity using both standard LAN Ethernet protocol and SAN protocols, such as Fibre Channel over Ethernet and legacy Fibre Channel. Data center-class switches have more extensive high availability and fault tolerance systems built into the hardware and software for better uptime for mission-critical applications. And they provide significantly higher deployment flexibility with both top-of-rack and end-of-row configuration compatibility. Finally, all components of a distributed data center-class switch can be managed from a single management interface for ease of use.