While the common features found on switches are sufficient for the needs of most networks, switches designed for certain networks may provide extra features that are specific to the networks involved. In this chapter, we describe advanced features that may be found in a variety of switches, as well as specialized features found in switches designed for specific networking environments.
Given that they are providing the infrastructure for switching packets, switches can provide useful management data on traffic flows through your network. By collecting data from multiple switches, or by collecting data at the core switches, you can be provided with views of network traffic that are valuable for monitoring network performance and predicting the growth of traffic and the need for more capacity in your network.
As usual in the networking industry, there are multiple standards and methods for collecting data from switches. In Simple Network Management Protocol, we described one widely-used system called the Simple Network Management Protocol, which can be used to collect packet counts on ports, among other uses. However, while counting packets is useful and can provide valuable traffic graphs, sometimes you want further information on the traffic flowing through your network.
There have been two systems developed to provide information on traffic flows, called sFlow and Netflow. SFlow is a freely licensed specification for collecting traffic flow information from switches. Netflow is a protocol developed by Cisco Systems for collecting traffic flow information. The Netflow protocol has evolved to become the Internet Protocol Flow Information Export (IPFIX) protocol, which is being developed as an Internet Engineering Task Force (IETF) protocol standard.
Assuming that your switch supports sFlow, Netflow, or IPFIX, you can collect data on network traffic flows in order to provide visibility into the traffic patterns on your network. The data provided by these protocols can also be used to alert you to unusual traffic flows, including attack traffic that might otherwise not be visible to you.
If your switch does not support traffic flow software, there are still some options available. There are a number of packages that can provide sFlow and Netflow data, using traffic exported from your switch. The traffic is sent to dedicated computers running a software package that turns the traffic from the switch into flow records.
One method used to provide flow data is to “tap” the flows of traffic on the core switch and send the information to an outboard computer running packet flow software. If your switch supports packet mirroring without affecting switch performance, then you could mirror the traffic onto a port and connect that port to the outboard flow analysis computer. If your main network connections are based on fiber optic Ethernet, then another method is to use fiber optic splitters to send a copy of the optical data to an outboard computer for analysis.
Power over Ethernet (PoE) is a standard that provides direct current (DC) electrical power over Ethernet twisted-pair cabling, to operate Ethernet devices at the other end of the cable. For devices with relatively low power requirements, such as wireless access points, VoIP telephones, video cameras, and monitoring devices, PoE can reduce costs by avoiding the need to provide a separate electrical circuit for the device. Switch ports can be equipped to provide PoE, turning a switch into a power management point for network devices.
As you might expect from the name, Power over Ethernet is part of the Ethernet standard. It was developed in the 802.3af supplement and is specified as Clause 33 of the 802.3 standard. The 802.3af version of Clause 33 can provide up to 15.4 watts of DC current over the Ethernet cable. This is the most widely deployed version of the standard. A revision of the PoE standard was developed as part of the 802.3at supplement in 2009, and extends the Clause 33 specifications to provide up to 30 watts.
Many access points, telephones, and video cameras can be powered over the original PoE system that delivers 15 watts. However, newer access points with more electronics, or video cameras with motors for zoom, pan, and tilt functions may draw more wattage. The revision of the PoE standard provides up to 30 watts; some vendors have gone beyond the standard and are providing even higher amounts, up to 60 watts, by sending the DC current over all four pairs of a twisted-pair cable.
While power can be injected into Ethernet cables with an outboard device, a more convenient method is to use the switch port as the power sourcing equipment, or PSE. A standard PSE provides approximately 48 volts of direct current power to the powered device (PD) through two pairs of twisted-pair cabling. There is also a management protocol that makes it possible for the PD to inform the PSE about its requirements, allowing the PSE to avoid sending unnecessary power over the cable.
With multiple switch ports acting as PSEs, there can be a significant increase in the amount of power required by a given switch. If you plan to use a single switch to provide PoE to many devices, you need to investigate the total power requirements, make sure that the power supply on the switch can handle the load, and check that the electrical circuit that the switch uses is able to provide the amount of current required.