Switch vs Router: What’s the Difference?

military tank networking

Does your application need a router? Is a switch with routing protocols sufficient? What’s the difference between a “router” and an “L3 switch”? What is a “multi-layer switch”? As networking products have become more complex, the definitions of “switch” and “router” have evolved. Understanding what distinguishes between these different roles is key to selecting the right networking solution.

In the past, the distinction between switches and routers was simple – it was all about “layers” as defined by the OSI model, which breaks down end-to-end communication into various roles (see more information). Switches forward using the “Layer 2” (data link) address, whereas routers forward using the “Layer 3” (network) address. For example, an Ethernet switch would forward based on the destination address in the header of the Ethernet frame; a router would forward using the destination IP address in the IP packet header. This sounds like a small difference, and indeed it is. In both cases, the switch or router must look up the destination address in a data structure to figure out which interface to use for the next hop. In practice, however, the nature of Layer 2 and Layer 3 addressing schemes made the process substantially different.

An Ethernet switch forwards traffic based on learning which MAC address is connected to which interface. Then, any time it receives a frame, it looks up that address to determine what to do. The key is that Ethernet switches are designed to operate on a local-area network, which has a limited number of hosts (usually less than 2,000, even for large campus networks). Because of this limitation, Ethernet switches can be designed using hardware optimized for fast lookups in a small table (typically using content addressable memory, known as CAM). As long as the number of hosts on the network is limited, switches can typically do lookups in hardware and forward at line-rate.

A router that forwards based on destination IP address cannot look up destination host addresses in a small table – it must be able to look up any IP address for any host, anywhere. For an Internet router, this means storing tables that represent all the IP addresses in use globally. And not only must the router do a lookup for each packet to forward, it must also fill its forwarding tables, using routing protocols. For this reason, routers were originally specialized computers running software to manage the complex algorithms and data structures required for large IP networks.

NFV replaces network appliances with virtualized applications image



Figure 1: NFV replaces network appliances with virtualized applications

In recent years, the line between switches and routers has been blurred. Advances in CAM technology allow core routers to store large routing tables and do lookups in hardware, a technique that was originally known as “IP switching”. Meanwhile, Ethernet switches have gained the ability to do lookups based on IP address, both for forwarding and to apply policies. Switches with the ability to apply features based on more than just the Layer-2 header are sometimes known as “multi-layer switches”.

Further blurring the line between switches and routers are switches that implement dynamic routing protocols. These products have the ability to serve as a “router” in a fundamental sense, exchanging route information with other routers and making various forwarding and policy decisions based on Layer-3 addresses. In an application that requires the use of routing protocols, but where the IP routing map can fit into a table on the switch/router, a multi-layer switch with support for routing protocols can be used as a router. Examples of this include enterprise campus networks where routing is used to link the various LANs, and other federated networks with a few hundred host connected over local fixed links.

Today’s routers do much more than offer support for routing protocols, however. A modern enterprise branch router that sits at the edge of a network and connects an office to a WAN is often tasked with dozens of specialized functions not found in an Ethernet switch. Features required for connecting to the WAN can include security functions to protect the local network from outside threats, policy enforcement to block unauthorized applications, and grooming features that optimize the use of slow long-distance links. Many routers incorporate an IPSec VPN endpoint or gateway capability, advanced firewall features, and support for redundancy architectures that can direct traffic dynamically based on the state of multiple WAN links.

Considering what modern networking equipment can deliver - does your application need a router? Today, this decision is mostly about advanced WAN features. Multi-layer switches with routing support can provide forwarding based on IP address, and a variety of filtering and other policies based on L2-L4 headers. This means that even large local-area networks with sophisticated network policy requirements can often be satisfied by a switch. Connecting to external networks, however can drive the need for sophisticated features only found in WAN routers. When an application needs VPN, stateful firewall, or link optimization, a WAN edge router is likely the answer.

Download Linking Outside the Box: Connecting Embedded Systems to Wide-Area Networks to learn more about: