What is a network switch?

A network switch is equipment that allows two or more IT devices, such as computers, to communicate with one another. Connecting multiple IT devices together creates a communications network. Compute, print, server, file storage, Internet access, and other IT resources can be shared across the network.

IT devices communicate by exchanging “packets” of data over the network. Basic switches forward packets from one device to another, while more complicated operations (such as deciding if a packet is allowed to reach its intended destination) are traditionally the domain of other types of network devices.

Switches can take the form of a dedicated appliance or they can be a component of other equipment, such as network routers and wireless access points (APs), that performs operations on data packets. Basic switching technology has been around for decades and is one of the fundamental building blocks of all modern IT networks, including the Internet.

What problems do switches solve?

A network switch connects users, applications, and equipment across a network so that they can communicate with one another and share resources. The simplest network switches offer connectivity exclusively to devices on a single local-area network (LAN). More advanced switches can connect devices from multiple LANs and may even incorporate basic data security functions.

In the more advanced switches, functions beyond simple LAN interconnection are often a subset of those typically found in other network devices, such as routers and firewalls. Despite these switches’ advanced capabilities, they continue to be referred to as “switches,” because their primary purpose is to connect devices to one another as part of an IT network.

An important role of an advanced switch is the ability to create “virtual networks.” Virtual networks isolate groups of networked systems from one another based on configurations provided by network administrators. This capability allows large numbers of systems to be connected to a single physical network while securely segmenting certain systems from the rest. Virtual network types include virtual private networks (VPNs), virtual LANs (VLANs), and Ethernet VPN-virtual eXtensible LANs (EVPN-VXLANs), all of which are regularly used in midsized and large networks. EVPN-VXLAN is an increasingly common implementation of network segmentation in modern enterprise networks.

Network switches come in a wide variety of speeds, capabilities, and sizes. They can support anywhere from three devices to thousands of them. Multiple network switches can be connected together to support still more devices. The details of how these switches are connected is referred to as a “network topology.”

A modern “spine-leaf” topology using high-speed switches with high port density could easily connect tens of thousands of devices into a single physical network. In a spine-leaf data center network, leaf switches aggregate traffic from servers and connect directly to spine switches, which interconnect all leaf switches in a full-mesh topology. These large networks are typically segmented into a large number of virtual networks using EVPN-VXLAN, with leaf switches providing access to (and routing for) different network segments.

This type of network is common in data centers shared by many customers (called “multitenant” data centers), as well as those used by governments and large enterprises.

How does a switch work?

The way a network switch enables inter-device communication is that all connected systems, including the switch itself, follow a standard set of communications protocols. These standards are defined and maintained by international standards organizations, such as the Institute of Electrical and Electronics Engineers (IEEE) and the Internet Engineering Task Force (IETF).

There are three primary ways for devices to connect to a network: radio (such as Wi-Fi), electrical (such as RJ-45 Ethernet), and light-based optics. Each connection method uses a different means of physical network interconnection—RF spectrum, copper cabling, and fiber-optic cabling, respectively—over which IT devices communicate by sending each other a stream of 1s and 0s.

Network standards allow these streams of 1s and 0s to be interpreted into packets. Packets contain a header and a payload. Packet headers contain information such as the source and destination address of the devices that are participating in this communication. Payloads contain the data that the networked devices are actually attempting to exchange. Each device on a network has one or more addresses to which packets can be addressed.

Groups of packets exchanged by two or more addresses are called “data flows.” Data flows are roughly equivalent to individual conversations among networked devices. A switch reads the addresses from the packet headers and then forwards the packets toward their destination.

Switches maintain records, called lookup tables (LUTs). LUTs contain a list of which addresses can be reached using specific switch ports. Some switches, as well as all routers, can be configured with “routes.” Routes are a type of LUT that directs switches to send all packets with certain destinations to an intermediary switch or router. Using routes allows switches to send packets to devices for which the switch doesn’t have address information.

For example, let’s consider how a smartphone might use a home Wi-Fi network to access a web page. The smartphone connects via Wi-Fi to an AP. The AP has a built-in RJ-45/Ethernet switch, which is connected to an Internet router.