EN 
06.10.2024 Hanuš WELCOME IN MY WORLD

This website is originally written in the Czech language. Only part of the content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Tento článek si můžete zobrazit v originální české verzi. You can view this article in the original Czech version.
Víte, jak pracuje switch?

Do you know how the switch works?

| Petr Bouška - Samuraj |
If we want to understand how communications work in computer networks, or networks in general, we have to start from the bottom. From a physical point of view, it is about cabling and basic active elements (switches), from a logical point of view, it is about communication at the smallest logical unit, i.e. within a subnet (direct communication). Both of these areas are defined and included in the Ethernet family of technologies.
displayed: 83 994x (83 971 CZ, 23 EN) | Comments [8]

I wrote this article for Connect magazine and it was published in issue Connect 05/10. I'm publishing it here with the kind permission of the editorial staff.
This is the second part of a series on computer networks. A content-wise identical (and more extensive) series already exists on this website: Computer networks, but I wrote this article with some time distance and from a slightly different perspective.

Ethernet as the foundation of LAN networks

In the last issue of the magazine, we briefly summarized various technologies, methods, and protocols that together form what we call a computer network in the introductory part of our series. Today, we'll take a closer look at what forms the basis of the most widespread LAN networks, namely Ethernet technology. We'll examine how communication works within Ethernet and how the most common active element, the switch, operates.

OSI model

At the beginning, we'll mention a bit more about the Open System Interconnection Reference Model (OSI model), which we compared last time with the TCP/IP Reference Model. This standardized description is very often used in practice when describing certain network technologies. The OSI model is based on layers. In practice, we often say that something works on L2, meaning on the 2nd layer of the OSI model. Each layer of the OSI model ensures a group of conceptually similar functions and provides services to the layer above it and receives services from the layer below it.

layer name unit layer function example
L7 Application Data Network processes for applications, user authentication, everything dependent on the application. HTTP, DNS
L6 Presentation Data Data representation and encryption. Resolves differences in data representation between the application and network format - encodes data for transmission. SSL, MPEG
L5 Session Data Connection between applications, session management. Communication between one application and another, sending multiple data in sequence. Maintains the entire connection between two computers. NetBIOS
L4 Transport Segments End-to-end connection of systems, reliability - ensures complete data transfer, quality of service. Solves reliable sending of all data from source to destination using segmentation and acknowledgment. TCP, UDP
L3 Network Packets Logical addressing - routing - determining packet path, point-to-point data transfer, uses IP addresses, fragmentation. Communication between source and destination devices using IP addresses. IP, ICMP, OSPF
L2 Data Link Frames Physical addressing, MAC - media access control and LLC - logical link control, data flow, frame synchronization, 1 hop communication, uses MAC addresses. Error detection, flow control, and media access control. Communication between two devices in one subnet (or to the gateway) using MAC addresses. Creates frames (header + data + footer). Ethernet, 802.1q, PPP, ARP
L1 Physical Bits Physical parameters of the link - media (cables, radio, light), signals, and binary transmission. Deals with physical data transmission (doesn't assign any meaning to transmitted bits). 100BaseT, 802.11g

Overview of Ethernet

Nowadays, almost all local networks are based on a family of network technologies called Ethernet. So when we want to learn how communication in a computer network works, we must first familiarize ourselves with the properties of Ethernet.

Ethernet is standardized in the group of norms IEEE 802.3. It defines parameters of the transmission medium and signals for the physical layer (L1) and also the general addressing format and Media Access Control (MAC) for the data link layer (L2). From the perspective of the TCP/IP Model, the entire Ethernet is in the first layer, the link layer. This connection is important because TCP/IP most often works over Ethernet.

Kolizní domény na switchi

The use of coaxial cable as a transmission medium, as well as connection to a shared bus, is probably not used by anyone for a wired network today. So, only for reference, we'll mention the method of access to a shared network Carrier Sense Multiple Access With Collision Detection (CSMA/CD), which solved collisions during transmission. For this, the term collision domain is important, which is a part of the network where a collision of transmissions from multiple stations can occur. If we use a switch, the collision domain is terminated at each port. So when we connect only one device to a port, no collisions occur. However, if we use a hub or connection to a shared bus, collisions can occur.

As a medium today, we almost always use twisted pair or fiber optic cable. And for connection, we use point-to-point links via a switch, i.e., star topology.

Topologie hvězda

Ethernet Variants

There are several variants of Ethernet that differ in transmission speed and type of physical medium. However, it's important that the frame format (Ethernet frame) remains the same. The original Ethernet, which we hardly encounter today, reached speeds of 10 Mbps. Its successor with a speed of 100 Mbps is referred to as Fast Ethernet, and if it uses category 5 or better twisted pair, it's designated as 100Base-TX; when using fiber optic, it depends on its type, it could be, for example, 100Base-FX. Further speed increase is brought by Gigabit Ethernet, on twisted pair it's 1000Base-T. There are also several faster variants.

We won't delve into the details of cabling, just a brief mention. The most commonly used is twisted pair (TP), which can be either unshielded (Unshielded TP – UTP) or with protection against interference shielded (Shielded TP – STP). Furthermore, TP cables are divided into certain categories according to defined criteria. Such as the still widely used category 5e (Cat-5e) or the new category 6a (Cat-6a).

In Ethernet, we can use Half Duplex, where transmission is only in one direction, or Full Duplex, i.e., simultaneous transmission in both directions. This utilizes the fact that twisted pair contains multiple conductors and communication in different directions runs on different pairs. The condition for using Full Duplex is that we don't use hubs, but switches. The advantage of Full Duplex is that it theoretically doubles the throughput.

MAC address

Ethernet stations communicate by sending frames, which is the unit of communication on L2 (i.e., what is sent over the network). It's a certain block of data that has a header and footer (checksum) added. The frame header contains the source and destination MAC addresses and EtherType, which determines what protocol is used on the higher layer (most often 0x0800 for IPv4). There are multiple types of Ethernet frames, but we most often encounter version 2. To distinguish individual frames, a special introduction (preamble) composed of a sequence of alternating ones and zeros and SFD - start frame delimiter is transmitted at the beginning.

Ethernet rámec

The MAC address, otherwise referred to as physical address or Ethernet address, is a 48-bit unique serial number. Hardware manufacturers are assigned a certain range of addresses that they use. The MAC address is usually encoded in the device by the manufacturer, but nowadays it can often be changed. This is how attacks with MAC address spoofing, MAC spoofing, are carried out.

The MAC address should identify a device in the network, but it doesn't say anything about its location. Moreover, MAC addresses are used only for communication within the same subnet, i.e., on L2. The notation of MAC addresses is commonly done in three different ways, either using pairs separated by colons or hyphens, or using quartets separated by dots. Example: 01:23:45:67:89:ab, 01-23-45-67-89-ab, or 0123.4567.89ab.

In normal unicast communication, the network adapter should only receive frames that have its MAC address as the destination address. In case we want to monitor traffic, for example, we must switch the network card to the so-called promiscuous mode, where it doesn't filter traffic, but sends everything to the higher layer (processor) for processing.

How a switch works

A switch replaced the older device hub and also bridge. A hub works on L1 and is very simple, all traffic (frames) that comes on one port is sent to all other ports (except the incoming one). Nowadays, we probably don't encounter hubs in practice anymore. The advantage of a switch is that it no longer sends most traffic everywhere, but only where the recipient is located.

A switch already works on L2, so it accesses MAC addresses and distributes traffic according to them. When a frame arrives, it reads the source MAC address and builds a table of ports and MAC addresses behind them in memory. This table is referred to as the CAM table (Content Addressable Memory). Then it looks at the destination MAC address and searches for it in the CAM table. If it finds it, it sends the frame to that port. If it doesn't have a record for this address, it sends the frame to all ports except the incoming one (usually the response comes soon, so there aren't many frames sent this way).

The above description concerns unicast. If it's a broadcast, which is recognized on L2 by the MAC address with all binary ones, i.e., FF:FF:FF:FF:FF:FF, then the frame is always sent to all ports except the incoming one. If it's a multicast, the MAC address starts with 01:00:5e and it's a group MAC address, such a frame is distributed the same as broadcast. This is because there's never any incoming traffic from this address, so there's no record in the CAM table. More optimal multicast distribution on L2 can be solved using IGMP Snooping.

The use of switches is somewhat safer than connection to a shared medium because traffic should not spread everywhere across the subnet. But security is relative because there are simple attacks like flooding the switch with MAC addresses MAC flooding, which ensures that the switch starts behaving like a hub. But there's also defense against this.

For speed reasons, there are several methods by which a switch forwards frames. The most common is cut-through, where the switch forwards the frame immediately as soon as it knows the destination MAC address, which is fast but errors are not checked. And store-and-forward, where the entire frame is first received and stored in a buffer, the checksum is verified, and only then is it forwarded (or discarded).

Interconnection of switches

One thing in the principle of communication on L2 is important, and that is that the switch is completely transparent. This means that it doesn't change the passing data (frames) in any way and we don't address it in any way during communication. It can only check frames and discard the damaged ones.

When connecting, we can use multiple switches and interconnect them. Through the connecting link, which we will call uplink, all communication that needs to reach devices on the second switch will flow. The principle remains the same, only the uplink port will have more entries in the CAM table. However, it is not optimal to connect switches in a series, but rather in a tree structure ideally with one or two levels.

Dvojitá hvězda nebo Hub and spoke

The physical network structure created by connecting multiple switches (there can be dozens) forms an area where direct communication between all connected devices is possible. From a logical perspective, we can refer to this structure as a LAN, but it can also consist of multiple such interconnected areas (via a router). A better term would be subnet, because within a subnet we can communicate directly on L2. However, we create a subnet using L3 addressing. Within a group of interconnected switches, we can define multiple subnets (this is not done in practice!). Devices from different subnets cannot communicate on L3, but they can still communicate on L2, which is usually not desired when designing a network.

If we want to have physically separated subnets, we have two options. Either build separate groups of switches that are not directly connected (they can only be connected via a router). Or use a technology called Virtual LAN (VLAN), which must be supported by the switches. VLAN operates on L2 and creates logical separation into groups on the physical switch structure (creating virtual switches). We will describe VLAN technology in detail in one of the following sections.

Aggregation and Redundancy

When connecting switches to each other, the uplink port carries a larger amount of data, so this port usually has a higher speed than other ports to prevent slowing down the entire communication. We can also use Link Aggregation technology, where we connect multiple ports and combine them into one logical port, which can have a higher speed.

The second thing we need to address is the possibility of a device failure, which can cause the entire network to go down. Therefore, it is good to use redundant links that lead to different switches. This, however, changes the original star (tree) structure and creates loops. When we have a large number of switches, a loop can also occur accidentally when two switches are unintentionally connected.

Smyčka v síti

Loops in the network are a big problem because there is no longer just one path to the destination, but several different paths. This leads to broadcast storms when sending broadcasts (usually the same with multicast), which is such a network overload with broadcasts that regular traffic stops being sent. Another problem is multiple deliveries and instability of the CAM table, where frames with the same source address arrive at the switch from different ports.

We can solve loops using the aforementioned link aggregation, which must be configured and does not prevent accidental switch connections. Or automatically using the Spanning Tree Protocol (STP), which is included in all modern manageable switches and is enabled by default (today newer versions of this protocol, Rapid STP and Multiple STP, are used). This protocol ensures the blocking of redundant paths and activates the backup path in case of an active path failure.

Author:

Related articles:

Basics of computer networks

I wrote this series for Connect magazine. It contains most of the same information as my older series Computer networks, but it is written in a slightly different way. Computer network technologies are first briefly summarized and then discussed in a little more detail from the lowest layers up.

If you want write something about this article use comments.

Comments
  1. [1] mats

    Parádní článek, zrovna se učím do Cisca a tohle mi vážně pomohlo. Díky :-)

    Saturday, 12.06.2010 16:50 | answer
  2. [2] Karel Vais

    Ahoj lidi.

    Mám problém připojit druhé PC k prvnímu přes 5ti portový switcher ONE LEVEL FSW-0511. První PC mám připojené k NETu přes tento switcher. Modem je až u providera. Chci aby druhý comp pracoval jako prac. stanice v LAN síti, s přístupem do internetu přes první PC. K switcheru je připojen přes síť kartu. Ledky svítí, ale nejede to. Mám WIN98SE. Porty: 1- adapter LINKSYS na IP telefon, 2- druhé PC, 3- první PC, 4- volný, 5- ethernetová přípojka. V druhém PC jsem zadal adresu IP 192.168.1.1 a masku podsítě 255.255.255.0. Nemám zadat i výchozí bránu a IP obou DNS serverů? Není to blokováno providerem? Dík za jakoukoliv odpověď. Pište na Spacekarlos@email.cz. Sem se nebudu asi vracet. Karel.

    Saturday, 31.07.2010 16:10 | answer
  3. [3] hepterida

    @Karel: pokud budete chtít použít jedno PC jako internetovou bránu, pak jeho IP musí být branou druhého PC. V registrech lze ještě nastavit parametr "HKLM\system\currentcontrolset\services\tcpip\parameters\ IPEnableRouter" na hodnotu "1", aby se Windows chovala jako router.

    http://hepterida.wordpress.com

    Saturday, 18.09.2010 02:02 | answer
  4. [4] had

    možná bych dodal, že MAC adresa už bohužel není jednoznačným identifikátorem (celosvětově), může se stát, že se na jedné síti sejdou dvě stejné MAC a pak je problém...ale v rámci jedné sítě by měla být unikátní.

    Wednesday, 29.06.2011 10:23 | answer
  5. [5] vencour

    Dostal jsem se ke switchům DCN (made in China, neuměly ani tacacs s OTP), defaultně STP zapnuté neměly ... bylo to poprvé, co jsem se k takovému mgmt switchi dostal.

    Monday, 15.04.2013 05:19 | answer
  6. [6] oglop

    Ahoj, mam takovy dotaz ohledně te kolize.

    Mam zapojeni asi takto

    Do SW1 je pripojeno PC1 a PC2

    ramec z PC1 bude mit cil FF:FF:FF:FF:FF:FF

    Co se stane když ve stejnou chvili začne vysilat PC2?

    Dojde tam ke kolizi nebo ne?

    Tuesday, 22.10.2013 14:41 | answer
  7. [7] Aron

    Super práce!! Díky moc

    Tuesday, 13.10.2020 11:54 | answer
  8. [8] Exner

    respond to [7]Aron: Souhlas, je to bombastický

    Tuesday, 13.10.2020 11:55 | answer
Add comment

Insert tag: strong em link

Insert Smiley: :-) ;-) :-( :-O

Help:
  • maximum length of comment is 2000 characters
  • HTML tags are not allowed (they will be removed), you can use only the special tags listed above the input field
  • new line (ENTER) ends paragraph and start new one
  • when you respond to a comment, put the original comment number in squar brackets at the beginning of the paragraph (line)