What is a smart switch?

Smart switches in networking

Smart network switches, whether deployed in campus and branch networks or across data centers, provide the high performance, low latency, and built-in security capabilities required to support modern AI, agentic, and machine-learning applications. Working together, smart switches create a distributed system, connected through a cloud-delivered management plane, able to enforce policy at any point across the network. The first use cases for smart switches are focused on network security, but a smart networking switch architecture is not limited to just security. Other network services can be delivered across a distributed array of advanced processing that is integrated into the network.

Smart switches can run AI workloads and often pair custom-designed application-specific integrated circuits (ASICs) with powerful data processing unit (DPU) and graphics processing unit (GPU) processors to accelerate networking, security, and assurance. Understanding their capabilities and applications is vital for anyone aiming to enhance their network infrastructure for the AI era.

Understanding smart switches in enterprise and data center networking

A defining feature of a true smart switch is that it has two processing elements: one for the network and one for security or other network services. This design is tightly integrated but loosely coupled, which means a single device has two parallel but very different life cycle management capabilities.

To accomplish this, a smart switch depends on more advanced architectural capabilities, often including multiple types of chips (a CPU, a GPU, or a DPU), the ability to host multiple parallel workloads, and incorporation of intelligent energy management capabilities. When combined, these smart switches enable the isolation of security and network processing, distributed security enforcement, and fine-grained control, and they are uniquely suited to protect AI applications.

Key features include virtual local area network (VLAN) support for network segmentation and improved security, Quality of Service (QoS) settings for prioritizing traffic in time-sensitive applications, and basic management capabilities like Simple Network Management Protocol (SNMP) for monitoring performance. Features like port mirroring and link aggregation enhance visibility and bandwidth, empowering organizations to maintain robust network operations.

Use cases for smart switches

Smart switches in the data center

Smart switches utilize Layer 4 firewalling to simplify security enforcement while reducing architectural complexity, making network operations more efficient and scalable.

• Zone-based segmentation: Replace expensive, complex firewalls with automated, consistent security policies across network zones to ensure seamless protection without added complexity.
• Secure data center interconnect (DCI): Reduce costs, enhance efficiency, and enforce consistent security policies across interconnected data centers.
• Secure cloud edge: Integrate networking and security in a single solution to enable cloud edge scalability through streamlining hybrid cloud connectivity, reducing latency and costs, and enabling a scalable, resilient architecture.
• Top-of-rack (ToR) segmentation and enforcement: Provide distributed stateful segmentation and Layer 4 security on every port. Traffic is seamlessly redirected from the switching ASIC to the DPU, ensuring high-performance, scalable security enforcement within the network fabric.

Smart switches in campus and branch

In campus and branch environments, smart switches deliver increased performance, distributed security enforcement, and intelligent energy efficiency to scale AI workloads. An architecture built on smart switches helps protect against emerging threats, helping to reduce operational costs and enabling real-time application experiences.

• Powering the AI-ready campus: Deliver the performance, scalability, and flexibility needed to optimize application experiences and prepare for the demands of AI workloads.
• Securing devices, data, and connected clients: Embed security directly into the network, creating a multi-layered architecture with security woven into every data flow.
• Unifying management: Deliver operational flexibility and simplicity across on-premises and cloud-based management with built-in assurance, programmability, and full-stack operational intelligence.

Isolation of security processing and network processing

Security enforcement software is very dynamic, requiring near-constant updates to keep pace with the ever-changing threat landscape. The operating system on a network switch is the opposite—to achieve stability, simplicity, and performance requires a relatively slow pace of update. The security capabilities in a smart switch run in independent memory space and are updated independently from the network operating system. The network is responsible for steering traffic in and out of the security process. If for some reason the security system stops responding, it does not impact the network processing—a smart switch can keep passing traffic even when other services are disrupted or updating.

This is a critical characteristic of a smart switch, because it enables the deployment of a massively distributed security system deeply integrated into the network while being managed independently.

Distributed security enforcement

The smart switch design allows security to be infused into the entire network fabric, which allows for a new way of thinking about network security. Traditionally, network security lived in an appliance that was inserted into a few places in the network, at edges like a VLAN boundary (say separating a development environment from a production environment), or in a demilitarized zone (DMZ) where a private network meets the internet. In this new smart networking switch architecture, security can live literally everywhere.

Each of the individual services that make up an application can each be protected by its own “micro-perimeter.” The micro-perimeter defines which other services communicate with this particular service. Unfortunately, attackers have become very adept at either stealing a credential or exploiting application vulnerabilities so that they can move through legitimate application pathways (such as SQL queries into that database) that segmentation will not stop. But the micro-perimeter is a fully qualified Layer 7 network security device.

More effective and fine-grained controls

These security enforcement points need to evolve over time as well. Each time a new smart switch is added to the network or an existing device is upgraded, a new enforcement point is created. This means that an infrastructure built on smart switches can be adopted without requiring a rip-and-replace of existing network gear. Policy and security can be more easily adopted as the business changes without requiring a massive infrastructure overhaul.

Designed to protect AI applications

With the rapid adoption of AI capabilities in applications, security controls need to adapt significantly. A model can learn and absorb massive quantities of data, but once a model learns something, it is very difficult to get it to “forget.” For this reason, application developers will put “guardrails” into a model to limit its behavior to a narrower set of topics. The network is the ideal place to insert these guardrails because it is fully transparent to the application, but core security policies can always be assured. A smart switch is a very powerful enforcement point for AI defense because it has access to the east-west application programming interface (API) traffic that needs to be analyzed for security and it has the powerful processing necessary to run these security models. This is just one of the many security use cases for a smart switch.

When to use smart switches in your network

Integrate smart switches into your network to optimize AI workloads and enhance operational efficiency. Smart switches integrate smoothly with existing network systems, ensuring minimal disruption during deployment. They also have simple management interfaces and compatibility with common protocols, facilitating incorporation into established infrastructures. By choosing smart switches, businesses enhance capabilities while maintaining straightforward management.

Summary

An intelligent network needs smart switches for enhanced performance, improved security, and simplified operations. If you’re leveraging AI, IoT, or edge computing, smart switches provide advanced processing and distributed security enforcement for modern workloads. By incorporating smart switches, businesses can future-proof their networks while still maintaining high levels of efficiency, reliability, and manageability.