Advances in Layer 3 switch technology are boon to LAN security, load balancing

Layer 3 switches are beginning to ship to folks other than beta testers. Now
there’s a much newer technology on the horizon trying to eclipse them: Layer 4

But unlike the obvious role that Layer 3 plays in building faster, more cost-effective
networks, the benefits of Layer 4 aren’t as clear.

Technically speaking, these are not Layer 4 switches. Layer 4 governs the flow of data,
not routing. Layer 3 of the Open Systems Interconnect network model manages network
connections and data relaying. It’s the IP in TCP/IP.

Layer 4, the transport layer, insulates applications from network plumbing by making
sure that data reaches the appropriate TCP application port without error—the TCP in

Routers sometimes use Layer 4 information for security purposes, to filter packets to
and from certain applications. Because Layer 3 Gigabit Ethernet switches are so fast, they
should also be able to handle similar Layer 4 functions very quickly.

A Layer 4 switch could fine-tune quality of service (QOS) by letting network managers
assign priority levels to different types of application traffic. E-mail could be given a
lower priority, and possibly even a slower connection, than a thin-client application that
needed to be in continual contact with the server.

Layer 4 switches could also perform network load balancing chores by assigning packets
to the least busy server providing that type of application. And performance levels could
be kept at near-wirespeed by implementing Layer 4 characteristics in an integrated
circuit, an important point in the mostly Gigabit Ethernet products.

The exclusivity of the many proprietary Gigabit Ethernet products out there has now
extended to Layer 4 switching. A Layer 4 product may work perfectly well on the LAN or
campus level, where one organization controls the buying and deployment. But there’s
no guarantee that the Layer 4 switch on another network will come from the same vendor or
use the same standards. In those cases, the switch’s external QOS determinations
would be largely meaningless.

That could restrict Layer 4 switches to the status of interesting future technology, as
far as enterprise QOS is concerned.

But Layer 4 switching can be valuable as an internal load-balancing device,
particularly if the network maintains multiple Web or File Transfer Protocol servers that
see heavy traffic.

ACE switches from Alteon Networks of San Jose, Calif., offer Layer 4 load-balancing
without the QOS; company engineers say one of the best uses is cache redirection. Using
them, a Web site could, for example, move the most commonly hit Web pages or FTP files to
a separate local server, and ACEswitch 180’s Layer 4 functions could siphon off
incoming requests for those files, redirecting them to the appropriate server.

Major players in the network hardware business are embracing Layer 4 switching. Bay
Networks Inc. of Santa Clara, Calif., offers Layer 4 capabilities in its Accelar product
line, and Cisco Systems Inc. of San Jose, Calif., has added it to high-end Catalyst 5000
switches. Nearly all have announced support, or at least cautious development efforts, of
Layer 4 switch products. 


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected