Chapter 7 Ethernet Lan Switching concepts

LAN switches perform the same basic core functions as bridges, but with many enhanced features. Like bridges, switches segment a LAN into separate parts, each part being a separate collision domain. Switches have potentially large numbers of interfaces, with highly optimized hardware, allowing even small Enterprise switches to forward millions of Ethernet frames per second. By creating a separate collision domain for each interface, switches multiply the amount of available bandwidth in the network. And, as mentioned in Chapter 3, if a switch port connects to a single device, that Ethernet segment can use fullduplex logic, essentially doubling the speed on that segment. A switchs effect of segmenting an Ethernet LAN into one collision domain per interface is sometimes called microsegmentation.

Although using 10BASE-T with a hub improved Ethernet as compared to the older standards, several drawbacks continued to exist, even with 10BASE-T using hubs: Any device sending a frame could have the frame collide with a frame sent by any other device attached to that LAN segment.

Only one device could send a frame at a time, so the devices shared the (10-Mbps) bandwidth.

Broadcasts sent by one device were heard by, and processed by, all other devices on the LAN.

Ethernet bridges were created to solve some of the performance issues. Bridges solved the growing Ethernet congestion problem in two ways:

They reduced the number of collisions that occurred in the network. They added bandwidth to the network. The IEEE defines three general categories of Ethernet MAC addresses:

Shows the network after it has been segmented using a bridge. The bridge creates two separate collision domains.

Unicast addresses: MAC addresses that identify a single LAN interface card.

Broadcast addresses: A frame sent with a destination address of the broadcast address (FFFF.FFFF.FFFF) implies that all devices on the LAN should receive and process the frame. Multicast addresses: Multicast MAC addresses are used to allow a dynamic subset of devices on a LAN to communicate.

The IP protocol supports the multicasting of IP packets. When IP multicast packets are sent over an Ethernet, the multicast MAC addresses used in the Ethernet frame follow this format: 0100.5exx.xxxx, where a value between 00.0000 and 7f.ffff can be used in the last half of the address. bridges perform three actions:
1. Deciding

when to forward a frame or when to filter (not forward) a frame, based on the

destination MAC address

MAC addresses by examining the source MAC address of each frame received by the bridge
3. Creating

a (Layer 2) loop-free environment with other bridges by using Spanning Tree Protocol (STP) To decide whether to forward a frame, a switch uses a dynamically built table that lists MAC addresses and outgoing interfaces. Switches compare the frames destination MAC address to this table to decide whether the switch should forward a frame or simply ignore it. A switchs MAC address table is also called the switching table, or bridging table, or even the Content Addressable Memory (CAM), in reference to the type of physical memory used to store the table.

Switches build the address table by listening to incoming frames and examining the source MAC address in the frame. If a frame enters the switch and the source MAC address is not in the MAC address table, the switch creates an entry in the table. The MAC address is placed in the table, along with the interface from which the frame arrived. that occurred when there were no entries in the MAC address table? As it turns out, when there is no matching entry in the table, switches forward the frame out all interfaces (except the incoming interface). Switches forward these unknown unicast frames (frames whose destination MAC addresses are not yet in the bridging table) out all other interfaces, with the hope that the unknown device will be on some other Ethernet segment and will reply, allowing the switch to build a correct entry in the address table. The process of sending frames out all other interfaces, except the interface on which the frame arrived, is called flooding. Switches flood unknown unicast frames as well as broadcast frames. Switches also flood LAN multicast frames out all ports, unless the switch has been configured to use some multicast optimization tools Switches keep a timer for each entry in the MAC address table, called an inactivity timer. The switch sets the timer to 0 for new entries. Each time the switch receives another frame with that same source MAC address, the timer is reset to 0. The timer counts upward, so the switch can tell which entries have gone the longest time since receiving a frame from that device. If the switch ever runs out of space for entries in the MAC address table, the

switch can then remove table entries with the oldest (largest) inactivity timers. STP The third primary feature of LAN switches is loop prevention, as implemented by Spanning Tree Protocol (STP). Without STP, frames would loop for an indefinite period of time in Ethernet networks with physically redundant links. To prevent looping frames, STP blocks some ports from forwarding frames so that only one active path exists between any pair of LAN segments (collision domains). The result of STP is good: frames do not loop infinitely, which makes the LAN usable. However, although the network can use some redundant links in case of a failure, the LAN does not load-balance the traffic. To avoid Layer 2 loops, all switches need to use STP. STP causes each interface on a switch to settle into either a blocking state or a forwarding state. Blocking means that the interface cannot forward or receive data frames. Forwarding means that the interface can send and receive data frames. If a correct subset of the interfaces is blocked, a single currently active logical path exists between each pair of LANs.

Fragment-free processing works similarly to cut-through, but it tries to reduce the number of errored frames that it forwards. One interesting fact about Ethernet carrier sense multiple access with collision detection (CSMA/CD) logic is that collisions should be detected within the first 64 bytes of a frame. LAN switches provide the following benefits: Switch ports connected to a single device microsegment the LAN, providing dedicated bandwidth to that single device.

Switches allow multiple simultaneous conversations between devices on different ports.

Switch ports connected to a single device support full duplex, in effect doubling the amount of bandwidth available to the device. Larry sends a single unicast frame to Bobs MAC address, but Bob is powered off, so none of the switches has learned Bobs MAC address yet. Bobs MAC address would be an unknown unicast address at this point in time. Therefore, frames destined for Bobs MAC address are forwarded by each switch out every port. These frames loop indefinitely. Because the switches never learn Bobs MAC address (remember, hes powered off and can send no frames), they keep forwarding the frame out all ports, and copies of the frame go around and around. Internal processing on Cisco Switches. Because the destination MAC address occurs very early in the Ethernet header, a switch can make a forwarding decision long before the switch has received all the bits in the frame With cut-through processing, the switch starts sending the frame out the output port as soon as possible. Although this might reduce latency, it also propagates errors. Because the frame check sequence (FCS) is in the Ethernet trailer, the switch cannot determine if the frame had any errors before starting to forward the frame. So, the switch reduces the frames latency, but with the price of having forwarded some frames that contain errors. Switches support rate adaptation, which means that devices that use different Ethernet speeds can communicate through the switch (hubs cannot).

Switches use Layer 2 logic, examining the Ethernet data-link header to choose how to process frames. In particular, switches make decisions to forward and filter frames, learn MAC addresses, and use STP to avoid loops, as follows:
Step 1 Switches forward frames based on the destination address:

a. If the destination address is a broadcast, multicast, or unknown destination unicast (a unicast not listed in the MAC table), the switch floods the frame. b. If the destination address is a known unicast address (a unicast address found in the MAC table): i. If the outgoing interface listed in the MAC address table is different from the interface in which the frame was received, the switch forwards the frame out the outgoing interface. ii. If the outgoing interface is the same as the interface in which the frame was received, the switch filters the frame, meaning that the switch simply ignores the frame and does not forward it. Step 2 Switches use the following logic to learn MAC address table entries:

a. For each received frame, examine the source MAC address and note the interface from which the frame was received. b. If they are not already in the table, add the address and interface, setting the inactivity timer to 0. c. If it is already in the table, reset the inactivity timer for the entry to 0.
Step 3 Switches use STP to prevent loops by causing some interfaces to block,

A broadcast domain is a set of NICs for which a broadcast frame sent by one NIC is received by all other NICs in the same broadcast domain.

meaning that they do not send or receive frames. Collision Domains: As mentioned earlier, a collision domain is the set of LAN interfaces whose frames could collide with each other, but not with frames sent by any other devices in the network.

For a single collision domain: The devices share the available bandwidth. The devices may inefficiently use that bandwidth due to the effects of collisions, particularly under higher utilization.

The switch on the right separates the LAN into different collision domains for each port. Likewise, both bridges and routers also separate LANs into different collision domains (although this effect with routers was not covered earlier in this book). Of all the devices in the figure, only the hub near the center of the network does not create multiple collision domains for each interface. Broadcast domain: The term broadcast domain relates to where broadcasts can be forwarded. A broadcast domain encompasses a set of devices for which, when one of the devices sends a broadcast, all the other devices receive a copy of the broadcast. Broadcasts sent by a device in one broadcast domain are not forwarded to devices in another broadcast domain. the router does not forward a LAN broadcast sent by a PC on the left to the network segment on the right. A collision domain is a set of network interface cards (NIC) for which a frame sent by one NIC could result in a collision with a frame sent by any other NIC in the same collision domain.

Virtual LAN: Although you can think about and define the term LAN from many perspectives, one perspective in particular will help you understand VLANs: A LAN consists of all devices in the same broadcast domain. Without VLANs, a switch considers all interfaces on the switch to be in the same broadcast domain. In other words, all connected devices are in the same LAN. (Cisco switches accomplish this by putting all interfaces in VLAN 1 by default.) With VLANs, a switch can put some interfaces into one broadcast domain and some into another based on some simple configuration. Essentially, the switch creates multiple broadcast domains by putting some interfaces into one VLAN and other interfaces into other VLANs. These individual

broadcast domains created by the switch are called virtual LANs.

there are many motivations for using VLANs, including the following: To create more flexible designs that group users by department, or by groups that work together, instead of by physical location

To segment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN

To reduce the workload for STP by limiting a VLAN to a single access switch

To enforce better security by keeping hosts that work with sensitive data on a separate VLAN

To separate traffic sent by an IP phone from traffic sent by PCs connected to the phones

Campus LAN design terminology Access: Provides a connection point (access) for end-user devices. Does not forward frames between two other access switches under normal circumstances.

Distribution: Provides an aggregation point for access switches, forwarding frames between switches, but not connecting directly to end-user devices.

Core: Aggregates distribution switches in very large campus LANs, providing very high forwarding rates.