Hello everyone, my network worker friends.
The series of switches and routers can be described as a C player in our official account. There are a lot of content written, from interesting interpretations that can be understood by 0-basic beginners, to practical commands that veteran network workers love, everything is available. .
But it seems that I have never analyzed it. Regarding the switch, many network workers still have a lot of misunderstandings about it.
Some people suddenly realize that something is wrong after working for a long time, and some have been working for many years and have never understood... Such a mental journey, I believe not an Internet worker has experienced it.
Today's article, from the perspective of security, sorts out the misunderstandings that network workers have encountered, and makes a big collection.
Today's article reading benefits: "Switch Notes (Exclusive) 280 pages"
Friends who want to learn switch technology can private message me and send the password "280" to get this selected note resource.
01 Three big misunderstandings about the switch, have you been shot?
Misunderstanding 1 : Blindly calculate the number of cameras with devices based on the switching capacity
This algorithm is to simply divide the switching capacity of the switch by the bit stream of the camera, and then calculate the number of cameras.
According to this theory, a 24-port full Gigabit unmanaged switch has a rate of 1000 Mbps for each port, and as long as the downlink ports are connected to cameras with no more than 250 channels of 4M streams, there will be no problem, then the entire switch can bring How many thousands of roads?
It is estimated that according to the so-called actual performance, it is generally only 60~70% of the theoretical value. Then there is no problem that each downlink port can connect no more than 150 channels in total. How can the whole machine carry more than 1,000 channels?
But is this the case?
According to this logic, there is no difference in the capacity of a gigabit fool machine and a network management machine. When we analyze the network cause of video freezes according to this theory, we will analyze that you doubt your life.
In the end, it was found that the bandwidth design of each node of the network is completely fine, there is no bottleneck in the flow, and the switch seems to be running normally, but the video is stuttering and mosaic, how to explain it?
Misunderstanding 2 The actual performance of the switch is generally only 60~70% of the theoretical value ?
Many people, even the pre-sales of switch manufacturers, will tell you when making security solutions that the actual forwarding performance of the switch is only 60% to 70% of the theoretical value, so a margin should be left in the calculation of the number of standby.
24-port full Gigabit switching chip, the switching capacity must be ≥ 48Gbps [24 (24 ports) X1G (1000M) X2 (full duplex) = 48G], otherwise it will not be able to achieve wire-speed forwarding, I don’t think there is any chip design The company will make such low-level common-sense mistakes, and no regular switch manufacturer will push a switch that cannot achieve wire-speed forwarding performance to the market (the blocking ratio of the line card of the chassis switch is another matter)
If you have encountered a switch whose switching capacity does not reach the theoretical value, and only has 60~70% performance, then congratulations, you have successfully purchased a defective product.
Regular manufacturers of this kind of defective products can’t do it even if they want to, because only the R&D design or production process has defects, and it is possible for this product to appear in the market directly without professional testing. Similarly, the packet forwarding rate is the same.
Misunderstanding 3 Selecting Switches Based on Experience
At present, when various network equipment manufacturers get involved in security network projects, in addition to selecting models based on port specifications and switching capacity, the most important method is to select models based on past project experience.
However, we often encounter situations where the same switch is used in different projects, and the network scales of these projects are similar, the number of cameras and streams are similar, and the networking scheme is also the same.
Project A is good, and project B is also good, but project C freezes up, why?
Immediately contact the manufacturer to replace it, and it will be fine as soon as it is replaced. Well, it seems that it is really bad luck. But after a while, there is a freeze again, why?
Constantly changing devices, restarting devices, adjusting the network structure, etc., may get better, or may still randomly freeze, exhausting, and ultimately inconclusive, and even the first-line network brand manufacturers cannot give an exact reason.
First of all, let's briefly analyze the basic principles of video streaming:
The video stream is composed of I frame and P frame, and the I frame is a super large frame. In the process of network transmission, if any message of the I frame is lost, the video cannot be imaged. At the same time, due to the real-time requirements of the video, Generally, the UDP transmission mechanism is adopted, that is, packet loss is not retransmitted, so basically, as long as there is packet loss in the network, it will freeze.
Secondly, let’s briefly introduce the switching principle of the switch:
When a 100M port transmits a 1M data flow to another 100M port, it is transmitted at a rate of 100M for 1/100 second. If another 100M port transmits a 1M data flow to the same 100M port during this 1/100th of a second, although the combined data flow of the two ports is only 2M, which is far from reaching the 100M bandwidth bottleneck, it will still be congested.
Similarly, a 1000M port can only accept one 1000M port to transmit data at the same time, but it can accept 10 100M ports to transmit data at the same time, but if more than 10, it will also be congested.
Therefore, traffic (bandwidth) and rate are two concepts and cannot be confused.
No matter how big the transmitted data flow is, the transmission rate is 100M or 1000M, but the length of time required for transmission of different data flow sizes is different.
When the rate is the same, when two or more ports transmit to the same port at the same time, congestion will occur.
At this time, if the cache can store the congested data flow, packets will not be lost, and if the cache cannot store it, packets will be lost.
Through the simple analysis of the above two points, you can understand that when the number of video streams transmitted by the switch is more, the possibility of instantaneous concurrency is greater, and the probability of congestion is higher, which is why the aggregation layer or core layer more likely to cause congestion.
Especially at the core layer, the number of video streams transmitted through is the largest, and hundreds of thousands of channels in the entire network must pass through the core switch for transmission.
Here it is important to emphasize again that most of the stuck packet loss is caused by this kind of congestion, not by forwarding performance. These are two completely different concepts.
02 How to choose a security switch?
In the previous article, we have mentioned how to choose the switch under normal circumstances. Here we will focus on the security switch.
1. According to the code stream and quantity of the camera, select the switch specification and design the networking scheme
With the popularity of the network in security, the technical capabilities of practitioners are gradually enhanced, and network failures caused by specification selection and networking solutions will become less and less.
If this causes a bandwidth bottleneck, it is indeed too low-level.
A network has a total of XX cameras with X streams, how many switches with what port specifications (number of ports and port speed) should be selected for the access layer, how many switches with what port specifications should be selected for the aggregation layer, and how to choose the core layer , I won’t waste pen and ink writing this kind of simple knowledge here, there are many on the Internet.
At the same time, in order to cope with burst traffic, it is recommended that the bandwidth utilization rate of the switch port not exceed 70%, and it is best controlled within 60% during model selection and design. Note: It is not because the actual performance is only 60~70% of the theoretical value, but to prevent sudden traffic, it is not recommended to use too much. Forwarding performance is the first step to ensure, and then consider avoiding congestion.
2. Choose a network managed switch with a large cache as much as possible
The cache can reduce the packet loss caused by congestion. In theory, if the cache is large enough, the packet loss will be zero, and the video will not freeze due to network reasons.
A customer once asked me, how to calculate the buffer switch for the XX channel XX bit stream camera?
In theory, it can be calculated, but in fact, after you finish the calculation, you find that there is currently no switch on the earth that can meet this cache requirement.
Congestion is probabilistic, and it is impossible for every port to be congested at the same time, so chip companies will not design caches in this way, because the cost of caches is too high.
Normally, the higher-end switches and switches with richer service features have larger caches. This is why when we choose a network-managed switch or a layer-3 switch, the probability of packet loss and freeze is lower.
For the same 24-port Gigabit switch, the non-network management cache may only have a few hundred K, while the three-layer switch cache may have dozens of M.
Therefore, when the budget is sufficient and the cost is acceptable, try to choose a managed switch with a large cache, because this is the law of chip companies when designing chips.
Popularize a little knowledge, the same 24-port Gigabit non-network management chip and 24-port Gigabit three-layer chip, the switching capacity is the same, the difference is the capacity of various entries, cache size, service characteristics (functions), etc. For equipment manufacturers, when developing switches, they can only choose chips with as large a cache as possible, and cannot change the size of the cache. This is a hardware characteristic of the chip.
However, no matter how the switch is selected and the network design is designed, no manufacturer can guarantee that its products and solutions will never be stuck in any security project, including the well-known Huawei and H3C. .
Because the transmission of the camera code stream is dynamic, the possibility of congestion exists at any time, and the buffer size of the switch cannot completely solve the needs of all camera congestion.
Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club