Slicing Through the Hype of IP Switching

Not all IP-switching solutions take this path. Hardware-based routers make the more rigorous effort of examining every packet before forwarding it to the destination host. The resulting throughput and latencies are generally equal to those of the cut-through methods. However, unlike cut-through technologies, which can utilize existing network infrastructure, hardware-based routers require a larger upfront investment. So why worry about shortcuts? In short (pun intended), they introduce security flaws into your network. Consider the following example. In the "Security" diagram seen at left, packets are first authenticated to the router using Layer 3 and Layer 4 access control lists. In this example, a user is collecting e-mail via POP. The rout er authenticates the user, then sets up an MPOA or FastIP shortcut through the switched network. The user, who has turned malicious, now attempts to telnet to the mail server to cause damage. Although the router would have prevented Layer 4 telnet traffic from reaching the server, MPOA and FastIP don't reach into Layer 4; thus, the traffic is cut-through, bypassing the router and giving the user direct access to the mail server. 3Com Corp.'s FastIP FastIP started as a venture from Cascade, IBM and 3Com. 3Com was supposed to be responsible for the local-area cut-through technology at the adapter level, with Cascade providing wide-area connectivity via its IP Navigator technology and IBM providing the NHRP (Next Hop Resolution Protocol) connectivity between FastIP and IP Navigator. Not long after these plans were launched, however, Cascade merged with Ascend, and the 3Com-Cascade alliance lost steam. IBM's contribution likewise became a less pressing issue without Casc ade's support. 3Com hasn't thrown in the towel, however. FastIP is alive and kicking in the LAN workplace. We know because we tested the first version of 3Com's FastIP software in our University of Wisconsin lab. FastIP utilizes a modified version of the NHRP protocol to establish cut-through Layer 2 paths through a Layer 3 network. The "Traditional Routed Network" diagram on page 54 illustrates the operation of a typical network. In a traditional routed network, a client wanting to speak with a server on another subnet sends an ARP (Address Resolution Protocol) request to its default router. The router replies with its MAC (Media Access Control) address, and serves as a proxy for the server with which the client wishes to communicate. All traffic from the client is forwarded to the router, and the router forwards the traffic to the appropriate destination, enforcing policy decisions on a per-packet basis. In this traditional network, there is no Layer 2 path to the destination host; all traffic must be forwarded via the router.

For the Side Bar on How We Tested Other Features Networking in the 21st Century: The Sky's the Limit By Christy Hudgins-Bonafield