A data center contains uses many different network devices to keep the data flowing. In this video, you’ll learn about routers, unmanaged and managed switches, access points, patch panels, firewalls, power over Ethernet, cable and DSL modems, ONTs, and NICs.
If you’ve ever walked into a computer room or a data center, then you’ve seen rack after rack of different devices, servers, and other components. Each one of those devices performs a particular function on that network, and they all have their role that they play.
Sometimes these devices are standalone components. But often, we will combine these components together into one single device. For example, at home, you probably are connected to the internet using some type of wireless router. That’s a router, a switch, an access point, and security software all in the same device.
In this video, we will show you the separate devices, and we’ll talk about how each device is used to connect the entire network together.
To be able to communicate from one IP subnet to another, we need a router. Routers are devices that make forwarding decisions based on the destination IP address contained within a packet. The router has a table inside that tells it where it should be sending traffic. It then evaluates that destination IP address and then sends it out the appropriate interface.
Some organizations will use devices that are both routers and switches in the same device. And since routers operate at OSI layer 3, those devices are often referred to as “layer 3 switches.”
You might also see routers used to connect different types of networks together, so it’s not unusual to connect an Ethernet network to a wireless network, a wireless network to a serial network, a fiber network to a copper network, and so on. So not only are we routing between different IP subnets, we may also be converting to different topologies using our router.
If you’re plugged into the wired access on a network, then you’re probably connected to a switch. A switch is a way to connect all of these end devices and be able to forward traffic based on the destination MAC address. These switches often operate very quickly, and they’re able to do that because they do all of this switching in the hardware of the switch itself.
Very often, this hardware is an Application-Specific Integrated Circuit, or an ASIC. And this gives that switch the speed that it needs to keep up with our high-speed local area networks.
Since most of the wired devices on your network are connected to a switch, these switches have to have a large number of interfaces on them. They might be a 24 or 48-port switch in the case of a workgroup switch. And in the core of our network, we might have switches with hundreds of interfaces on them.
This is also where you might have power over Ethernet capabilities, so that you would run both Ethernet data and power over those same wires. This allows you to connect phones, wireless access points, and even laptops to an Ethernet connection and have it not only use that Ethernet connection for data, but also power the device itself.
And as we’ve mentioned, many switches not only have the switching functionality, but might also have routing functionality in that same device. We often refer to these as layer 3 switches or multilayer switches.
Some switches are relatively simple. You plug them in, provide power, and then you connect all of the devices you need to that particular switch. There’s no way to differentiate between different VLANs on the switch. The switch may not even have any management functionality or configuration settings. It is effectively a plug-and-play device.
We refer to these relatively simple switches as unmanaged switches, which means there’s no management that you need to do to be able to get the switch to operate. But this also means there’s no additional configurations you could make. For example, you can’t configure the switch to have different VLANs on different interfaces. Effectively, the entire switch is one big VLAN.
This also means there’s no way to configure the switch to communicate back to any of your management stations. So there’s probably no SNMP, or Simple Network Management Protocol functionality. There’s no logs that’s being stored on this switch. It is effectively an unmanaged switch.
But one of the advantages of not having a lot of different configuration settings and options is that there’s usually a lower price point. So if you’re looking for a simple connectivity device that doesn’t have a lot of configuration options, you probably want to use an unmanaged switch.
On an enterprise network, however, you need a switch that you’re able to manage remotely, configure with advanced settings. And if that’s the case, then you need a managed switch. A managed switch is usually a larger device. This often has VLAN functionality, so you can configure different VLANs on different interfaces. It might have a way to prioritize different traffic patterns so that your web traffic might have a higher priority than your FTP traffic.
These might also provide with redundancy support, so you can have multiple switches on your network at the same time and configure them in a way so that they are redundant to each other. If you lose one of the switches, you have a power failure, or the switch itself fails, you have another switch on the network that can take up the additional load.
Many managed switches also allow you to perform port mirroring. That means you can plug in a protocol analysis tool or other security device to any of these interfaces and then redirect or mirror traffic from one interface to that monitoring device. So if you are in an enterprise and you need remote management functionality through SNMP or a direct configuration option, you might want to use a managed switch.
If you have devices that need to connect to the network over a wireless connection, then you need an access point. This is a bit different than the wireless router that you might have in a small office or home office configuration. Because this is not a router, it’s simply switches between a wired network on one side and a wireless network on the other.
We often refer to this as a “bridged communication” because there’s no translation of IP addresses. There’s no routing that’s taking place. We are effectively switching between a wireless network and a wired network on the other side.
Because of that, an access point is making its forwarding decision very similar to a switch because it’s looking at the destination MAC address. That means the access point will evaluate a frame and determine if that frame needs to go out the wireless network or if it should be forwarded onto the wired network.
If you were to look at a corporate network, you would see a lot of cubes and offices that are out on the floor of a building. Each one of those desks is probably connected back to a central closet using an Ethernet cable.
That cable is usually terminated inside of that closet onto a punch-down block. This allows you to run that cable between the desk and the closet and lock everything down onto that punch-down block. This greatly simplifies cable management because we know that cable between the desk and the closet is never going to move.
But there may be times where a person in one desk may need to connect to a different switch or different VLAN. For that reason, on the other side of the patch panel, we may have RJ45 connectors, where we can move things around whenever we’d like.
For example, we might plug in to a particular switch, using those RJ45 connectors on the patch panel. But if we ever need to change any of these connections, we leave the entire run between the desk and the patch panel in place, and we simply change where things are plugged in on the other side of the patch panel. If you need connectivity to a different switch or a different VLAN, you can do all of that from inside the closet, without ever touching that extended connection between the desk and the closet itself.
Here’s one side of a patch panel. You can see there are different connections coming from the desks, and they’re numbered so that we know exactly what desk that cable is going to. That connection to the desk is probably punched down on the other side of this connector. And then there’s the RJ45 connectors on our side that we would then use to connect to a switch interface.
This is why we have permanent connections between the desk and the closet. So we know that that Ethernet connection is always going to be static and will be unlikely to have any type of wiring issue. And on the inside of our closet, we can change this configuration anytime we’d like with a relatively short cable that we could swap out if we ever run into a problem.
This also allows us to extend the functionality inside of our closet to add or remove different switches, and then we simply connect to different interfaces using this side of the patch panel.
Here’s a very simplified view of this, where we have a patch panel at the top, coming from desk 9, desk 10, desk 11. And you can see a very short cable is used to then connect those desks to the appropriate interface on the network switch.
Another important device, especially for our security, is a firewall. A traditional firewall makes decisions about allowing or disallowing traffic based on the port number of traffic that’s traversing the firewall. So a firewall will look at the TCP or UDP port number and then compare that to a set of access lists inside of the firewall that determine whether that traffic is allowed or disallowed.
Our more modern firewalls are next-generation firewalls, and they make these forwarding decisions based on the application in use. So a firewall might allow web traffic to traverse the firewall but block any type of remote access software. That decision is not being made based on the port number, but is instead looking at the application traffic itself.
Many firewalls can also be used as a VPN concentrator. So you can use this as a front end to have site-to-site VPNs or have it as a centralized concentrator for remote access VPNs.
Some firewalls might also act as a proxy, where they sit in the middle of a conversation, take a request from a client, pass that request on to the server, examine the response from the server, and only then provide that data back to the client. And in many organizations, these firewalls are installed as routers. So not only are they providing this security function. They’re also routing between different IP subnets. And on larger firewalls, you might have many different interfaces where you can connect tens or even hundreds of networks to each other, all managed and controlled through the security built into this firewall.
Our Ethernet networks used to pass only data through those wires. But these days, we can include data and power over the same wire, all running over that Ethernet connection. We refer to this as Power over Ethernet or PoE. We often use PoE to power our telephones on our desk, any type of access point that we would hang on the ceiling, or any other devices that connect to this network.
This can certainly simplify the process of installing some of these components, especially when you have wireless access points that are in difficult places to get to in the ceiling. You would only need to run a single Ethernet connection that is providing both the data and the power for that access point.
Many switches have power over Ethernet built into the switch itself. But if your switch doesn’t support any type of PoE, you can use an injector, like the one you see here. You would disconnect your Ethernet cable, put the injector in the middle, and then plug the injector into a power source to provide PoE over that connection.
When the PoE power is coming from the switch itself, we refer to that as an endspan. And if you’re using an injector, it’s referred to as a midspan.
If you’re not sure if your switch supports PoE, it’s usually marked on the switch itself. On this switch, you can see it does have a PoE, and it shows that all of the interfaces that are marked in blue can be used for power over Ethernet.
You might also look at your switch documentation to see what type of PoE is supported. The one that is simply PoE is the original PoE specification that provides 15.4 watts of DC power over a maximum current of 350 milliamps.
That original specification was great for powering things like phones and other smaller devices. But we quickly found that we needed a bit more power for our remote devices. That’s why we created PoE+. That’s 25.5 watts of DC power, with a maximum current of 600 milliamps.
With PoE+, we can connect larger devices that require a bit more power, things like a pan, tilt, and zoom camera, for example. And these days, we can use PoE to even power our laptops with PoE++. That’s 51 watts at 600 milliamps current, or 71.3 watts with 960 milliamps current, depending on the capabilities of your switch. PoE++ is the version that was introduced with 10-gig Ethernet running over copper cables.
And although these PoE standards are downward compatible, they obviously are not upwards compatible. For example, if you have a device that needs a lot of power, for example, it needs a PoE++ type connection, you will not be able to power that device with PoE+ or lower. This allows you to power many different types of devices on your network, without having to worry about wiring, where the power may be coming from, or changing anything with your Ethernet network.
If your internet connection comes from a traditional cable television provider, then you’re probably getting your data connection from a cable modem. This uses a broadband connection, usually provided over a coax link. And that is providing an Ethernet connection on the other side. So we’re able to connect to the same network that sends our television signals and also send our data across that same line.
You’ll sometimes see these cable modem devices referred to as a DOCSIS device. This is referring to the standard used to transmit that signal across the cable network. This is referring to Data Over Cable Service Interface Specification.
We commonly see 1-gig communication and higher on these cable modem connections. And this is something that is a common connection for people that already have cable television in their home. And since you are getting such high throughputs over these connections, it’s also very common to see these in a corporate environment as well. Although you may not even be using the television or the voice communication, having that high-speed data on a cable modem can be very valuable in almost any data center.
Not everyone has the connectivity of a cable network. So instead, you may be using a traditional telephone network. And you can run a digital internet connection over that using DSL, or Digital Subscriber Line. This uses the same wires that you use for your analog telephone, but also sends digital signals across it at the same time.
DSL can give you reasonably good throughput as well. It’s not uncommon to see 200 megabits downstream and 20 megabits upstream on many DSL networks. That throughput is affected by your distance from the central office, and there is a limitation of approximately 10,000 feet. You have to be sure that that central office is at least somewhat close to where you will be connecting to the network. Because of that, you’ll find the closer you get to the central office, the faster the download and upload speeds will be on this DSL network.
You might be lucky enough to have fiber that’s in the ground outside of your home or office. And in that case, you may connect to that network using an ONT. That’s an Optical Network Terminal that converts the fiber coming into your home or business into copper connections that you can use on a traditional network.
This ONT device is usually in a central place or a demarcation point, or demarc. This may be in the data center itself, or it may be in a box that’s on the outside or just inside of your building.
We refer to this as the demarcation point because this is where we determine what part of the network is the responsibility of the user and what part of the network is the responsibility of the service provider. This ONT effectively creates that demarcation point so that any of the wiring on the inside of your building is your responsibility, but any problems with the network outside of your building are the responsibility of your internet service provider.
Here’s a better view of this ONT. There’s a fiber connection coming into this link that’s on the ONT. And you can see, there’s not only RJ11 connections that would be used for voice communication. This is probably a voice over IP that has phone numbers associated with it. And there’s also a data connection that has an RJ45 connector. And that’s probably outputting an Ethernet link that you could then plug into a router.
This ONT can also be used for video. So you’ll notice there’s an F-connector on this as well that you can plug in a coax connector that would then go to a cable box or directly to a television.
And of course, we’ll eventually need to connect devices and servers directly to the Ethernet network. And we do that by using a Network Interface Card, or a NIC. This is what we have built into system boards that are in our laptops and desktop systems. Or we might have a separate interface card, like the one you see here, that can provide multiple Ethernet connections on a single card.
There are many different types of network interface cards. You can get one for a 100-megabit Ethernet, a gig Ethernet over copper. Maybe this network interface card has fiber connectors on the back of it, so you’ll need to make sure you’re using the right kind of network interface card for the network that you’re connecting to.
These separate expansion cards allow you to extend the functionality of your existing device. If there’s no Ethernet connection on your motherboard, you can add Ethernet connections that way. Even if there is an Ethernet connection built into the motherboard, you can add additional Ethernet interfaces by simply adding one of these expansion cards.
And since this is an Ethernet device, each one of these interfaces has its own Media Access Control address, or MAC address, so that we can individually reference each of these interfaces across the network.