Resource Library

Detailed Explanation for Operating Principles of Ethernet Switches in Each Layer

Time：2022-06-13 Source：UTEPO

Operating Principles of Ethernet Switches

1. The switch establishes a mapping of the source MAC address in the received data frame to the switch port and writes it to the MAC address table.

2. The switch compares the destination MAC address in the data frame with the established MAC address table to determine which port will forward it.

3. If the destination MAC address in the frame is not in the MAC address table, it is forwarded to all ports. This process is called flooding.

4. Broadcast frames and multicast frames are forwarded to all ports.

The Three Main Functions of Ethernet Switches

Learning. The Ethernet switch learns the MAC address of the device connected to each port and maps the address to the corresponding port in the MAC address table of the cache.

Forwarding /Filtering. When the destination address of a data frame is mapped in the MAC address table, it is forwarded to the port of the connected destination node instead of to all ports (or to all ports if the data frame is a broadcast/multicast frame).

Loop elimination. When a switch includes a redundant loop, the Ethernet switch avoids the creation of loops through the Spanning Tree protocol while allowing the existence of a fallback path.

Operating Characteristics of Ethernet Switches

The segment that is connected to each port of the Ethernet switch is a separate conflict domain.

The devices connected to the Ethernet switch are still in the same broadcast domain, i.e., the Ethernet switch is not isolated from broadcasts (the only exception is in a VLAN environment).

Ethernet switches are forwarded based on the information in the frame header, so they are network devices that work at the data link layer (in this case, switches are only traditional Layer 2 switching devices).

Classification of Ethernet Switches

Ethernet switches can be classified into two main categories according to their different modes of operation when processing frames.

Store-and-forward. The Ethernet switch must receive the whole frame before forwarding it, check for errors, and send the zero-error frame to the destination address. The forwarding delay through the Ethernet switch varies with the length of the frame.

Straight-through. The Ethernet switch forwards the frame as soon as it checks the destination address in its header without receiving the whole frame and error checking. Since the length of the Ethernet frame header is fixed, the forwarding delay through the Ethernet switch remains the same.

L2/L3/L4 Switches

There are multiple perceptions for the above statements.

Perception 1

Layer 2 switching is also known as hardware-based bridging. Packets are forwarded based on the unique MAC address of each end site. The high performance of Layer 2 switching can produce network designs that increase the number of hosts on each subnet. It still has the same characteristics and limitations that bridging has.

Layer 3 switching is hardware-based routing. The main difference between a router and a Layer 3 switch for packet switching operations is the physical implementation. The packet switching is performed by network processor-based or multi-core routing engines in a router, while it is performed through hardware in a layer 3 switch.

Layer 4 switching is simply defined as the ability to perform forwarding based on not only MAC (Layer 2) or source/destination IP addresses (Layer 3) but also TCP/UDP application ports. It enables the network to differentiate between applications when performing routing. And the ability to prioritize data flows based on specific applications. It provides a more granular solution to the policy-based quality of service techniques and a way to differentiate between application types.

Perception 2

Layer 2 switches: MAC address based

Layer 3 switches: Support VLAN, with switching and routing. Or IP-based

Layer 4 switches: Port-based

Perception 3

Layer 2 switching technology has evolved from bridges to VLANs (Virtual Local Area Networks) and has been widely used in LAN construction and transformation. Layer 2 switching technology works on the second layer of the seven-layer OSI network model, i.e., the data link layer. It forwards packets according to the destination MAC address of the received packets and is transparent to the network layer or higher layer protocols. It does not deal with the IP address of the network layer or the port address of higher-layer protocols such as TCP and UDP. And it only needs the physical address of the packet, such as the MAC address, and the data exchange is realized by hardware. Its speed is quite fast, which is a significant advantage of Layer 2 switching. However, it cannot handle data exchange between different IP subnets. Traditional routers can handle lots of packets across IP subnets, but their forwarding efficiency is lower than that of Layer 2. Therefore, Layer 3 switching technology was born to take advantage of the high forwarding efficiency of Layer 2 and handle Layer 3 IP packets.

The operating principle of Layer 3 switching technology. Layer 3 switching works in the third layer of the OSI seven-layer network model, the network layer. It uses the header information of IP packets in the Layer 3 protocol to mark the subsequent data service flow. Follow-up messages of the same marked service flow would be exchanged to the link layer (layer 2) and create a path between the source IP address and the destination IP address through the link layer. With this path, the Layer 3 switch does not need to unpack the received packets each time to determine the route but forwards directly and exchanges the data streams.

Perception 4

Layer 2 switching technology

Layer 2 switching technology is more maturely developed. Layer 2 switches are devices in the data link layer that can identify the MAC address information in packets, forward them according to the MAC address, and record these MAC addresses with the corresponding ports in an internal address table of their own. The specific workflow is as follows.

When a switch receives a packet from a port, it first reads the source MAC address in the packet header so that it knows to which port the machine with the source MAC address is connected. Then the switch goes and reads the destination MAC address in the packet header and looks up the corresponding port in the address table. If there is a port in the table corresponding to this destination MAC address, the packet is copied directly to this port. If the corresponding port is not found in the table, the packet is broadcast to all ports. When the destination machine responds to the source machine, the switch can learn which port corresponds to the MAC address of the destination and no longer needs to broadcast to all ports when transmitting data next time.

By continuously cycling through this process, the MAC address information for the entire network can be learned, and this is how the Layer 2 switch builds and maintains its address table.

It can deduce three pieces of information from the working principle of a Layer 2 switch.

Since the switch exchanges data on most ports simultaneously, this requires a quite wide switching bus bandwidth. If a Layer 2 switch has N ports, each with a bandwidth of M, and the switch bus bandwidth exceeds N x M. Then, this switch can achieve wire-speed switching.

Learning the MAC address of the machine connected to the port, written to the address table, the size of the address table (Generally two representations: one for the BUFFER RAM, one for the MAC table entry value). And the size of the address table affects the access capacity of the switch.

Another is that Layer 2 switches generally contain ASIC (Application Specific Integrated Circuit) chips specifically designed to handle packet forwarding. As a result, the forwarding speed can be super fast. As each manufacturer uses a different ASIC, it directly affects the performance.

The above three points are also the main technical parameters for judging the performance of layer 2 and 3 switches. Please pay attention to the comparison when choosing the equipment.

Routing technology

Routers work at the third layer of the OSI model - the network layer, and their mode of operation is similar to layer 2 switching, while routers work at layer 3. And this difference determines that routing and switching use different control information when forwarding packets and the way they achieve their functions is different. The working principle is that there is also a table inside the router. The routing process usually directs forwarding on the basis of routing tables, which directs network packets from their source toward their destination.

Routing technology essentially has two functions:

There is various information in the routing table. It calculates the best path to the destination address through the specific packet forwarding mechanisms and sends the packet via simple direct-straight forwarding. And the next router that receives the data continues to forward it in the same way and so on until reaching the destination router.

The routing table is also maintained in two different ways.

Distance Vector Routing Protocols. Routers learn some or all published routing information from each other to grasp the topology of the whole network. Distance Vector routing protocols base their decisions on the best path to a given destination based on the distance. Distance is usually measured in hops, though the distance metric could be delay, packets lost, or something similar. If the distance metric is hop, then each time a packet goes through a router, a hop is considered to have traversed. The route with the least number of hops to a given network is concluded to be the best route towards that network.

Link State Routing Protocols. Routers broadcast their link state information and learn the routing information of the whole network from each other to calculate the best forwarding path. Link state protocols are also called shortest-path-first protocols. Link state routing protocols have a complete picture of the network topology. Hence they know more about the whole network than any distance vector protocol. Since routers need to do a lot of path calculation work, the general processor's working ability directly determines its performance. Of course, this judgment is still for semi-high-end routers because high-end routers often use distributed process systems (DPS).

Layer 3 Switching Technology

In recent years, the propaganda of three-layer technology, ears can be cocooned, everywhere shouting three-layer technology, some people say that this is a very new technology, others say, three-layer switching, is not a router and two layer switch stack, there is nothing new things, the truth is really so? The following is a simple network to see the work of the three-layer switch process. Networking is relatively simple. IP Device A ---- Layer 3 switch ---- IP Device B

For example, suppose data needs to be sent from A to B, and the destination IP is known. So the A uses the subnet mask to obtain the network address and determine if the destination IP is in the same network segment. If it is in the same network segment but does not know the MAC address needed to forward the data, A sends an ARP request, and B returns its MAC address. A uses this MAC address to encapsulate the packet and sends it to the switch, which starts using the Layer 2 switching module to look up the MAC address table and forwards it to the appropriate port. If the destination IP addresses are not in the same network segment, then A wants to achieve communication with B. If there is no corresponding MAC address entry in the stream cache, the first normal packet would be sent to a default gateway, which is generally already set in the operating system and corresponds to the Layer 3 routing module. So it shows that for data not in the same subnet, the first to be placed in the MAC address of the default gateway is put in the MAC table first. After that, this packet is received by the Layer 3 module. And the module would query the routing table to determine the route to B and create a new frame header, in which the MAC address of the default gateway is used as the source MAC address, and the MAC address of host B is used as the destination MAC address. The correspondence between the MAC address and forwarding port of hosts A and B is established and recorded into the flow cache entry table through the identification mechanism. And the later data from A to B is directly handed over to the Layer 2 switching module for completion. This is commonly referred to as a single route multiple forwarding.

The above is a summary of the working process of a Layer 3 switch, which shows the characteristics of Layer 3 switching.

The combination of hardware to achieve high-speed data forwarding.

This is not simply a Layer 2 switch and router overlay. The layer 3 routing modules are directly overlaid on the high-speed backplane bus of the Layer 2 switch, breaking the interface rate limit of traditional routers, with rates up to tens of Gbit/s. Counting the backplane bandwidth, these are two important parameters of Layer 3 switch performance.

Simple routing software simplifies the routing process.

Most of the data forwarding, except for the necessary route selection to the routing software, is forwarded at high speed by the layer 2 module. And the routing software is mostly processed and efficiently optimized, not simply copied from the software in the router. The advantages of rich interfaces and powerful functions of layer 3, routing, load-sharing, link back up, etc., make the routers the ideal choice for large-scale networks.

Conclusion

Layer 2 switches are used for small local area networks. Broadcast packets have little impact on small LANs. The fast switching capabilities, multiple access ports, and low modest price of Layer 2 switches provide a quite complete solution for small network users. The most important function of a Layer 3 switch is to speed up the forwarding of data within a large-scale local area network, and adding routing capabilities serves this purpose.

If a large-scale network is divided into small LANs according to departments and regions, this will lead to a large number of inter-network accesses. And if using layer 2 switches, it can not achieve inter-network access, while it will limit the network speed and size due to the limited number of interfaces and the forwarding speed if using routers. Therefore, the layer 3 switches with routing function become the ideal choice.

Generally speaking, if you only deploy the layer 3 switches for conducting routing in the fast forwarding response required network of high intranet data traffic, it will cause the overburden of the switch and affect the response speed. It is an ideal networking strategy to give full play to the advantages of different devices and use the router to complete the process. Of course, this requires a sufficient budget.

Layer 4 Switching Technology

A simple definition of layer 4 switching is that it is a function that determines transmissions based not only on MAC addresses (Layer 2 bridges) or source/destination IP addresses (Layer 3 routing) but also on TCP/UDP (Layer 4) application port numbers.

The layer 4 switching, like the virtual IP, points to a physical server. It transmits services obeying a variety of protocols, such as HTTP, FTP, NFS, Telnet or others. These services are based on physical servers and require complex load balancing algorithms. In the IP world, the service type is determined by the endpoint TCP or UDP port address. And the application interval in layer 4 switching is determined by a combination of source and endpoint IP addresses, TCP and UDP ports.

Virtual IP addresses (VIPs) are established in layer 4 switching for each group of servers used for searching, and each group of servers supports a certain application. Each application server address stored in the Domain Name Server (DNS) is the VIP, not the real server address. When a user requests an application, a request for a VIP connection with the target server group (e.g., a TCP SYN packet) is sent to the server switch. The server switch selects the best server in the group, replaces the VIP in the endpoint address with the IP of the actual server, and passes the connection request to the server. In this way, all packets in the same zone are mapped by the server switch and transmitted between the user and the same server.

The principle of Layer 4 switching

The fourth layer of the OSI model is the transport layer. The transport layer is responsible for end-to-end communication, i.e., coordinating communication between network sources and target systems. In the IP stack this is the protocol layer where TCP (a transport protocol) and UDP (User Datagram Protocol) are located. Layer 4 switches (L4 switches) are capable of identifying which application protocols (HTTP, SNTP, FTP, and so forth) are included with each packet, and they use this information to hand off the packet to the appropriate higher-layer software. Layer 4 switches make packet-forwarding decisions based on the MAC address, IP address, and the application to which a packet belongs.

Because Layer 4 devices enable you to establish priorities for network traffic based on application, you can assign a high priority to packets belonging to vital in-house applications, such as PeopleSoft. Additionally, you can assign different forwarding rules to low-priority packets, such as generic HTTP-based internet traffic.

Layer 4 switches also provide an effective wire-speed security shield for your network because any company- or industry-specific protocols can be confined to only authorized switched ports or users. This security feature is often reinforced with traffic filtering and forwarding features.

RELATED PRODUCTS