Switching

Topic 1Basic concepts

Agenda• Ethernet 802.3• CSMA/CD and duplex• Frames and MACs• Switching process– Store, forward and buffers

• Issues– Collisions and broadcasts– Latency and congestion

• Layer 3 switches• Switchport security• Switch boot sequence

Ethernet standard IEEE 802.3• LAN standard• Layer 2 data link (OSI)• CSMA/CD technology for multi-access segments

(shared links)• Frames:– Unicast– Broadcast– Multicast

• Switches and access points and NICs, twisted pair or fiber (mm or sm) and star topology and point-to-point links

CSMA/CD• Carrier sense:

– Listen before transmitting, if no traffic transmit message– Keep listening for collisions

• Multi-access:– If two devices transmit at the same time, signals collide

• Collision detection:– All devices listen for collisions – an increase signal amplitude– Transmitting devices continue to transmit until minimum packet time is

reached (jam signal) to ensure that all devices detect the collision– All devices start a back-off algorithm and wait for a random of time (no

transmitting)– Back to listening mode – No device has priority to resend

• Multi-access hub based, half duplex communications only

Duplex• Half duplex – link shared by many hosts via a hub

– Data can travel in both directions but only one direction at a time (1 lane bridge)

– Uses CSMA/CD to detect and manage collisions– Hub based networks– Lower performance – lots of waiting for the media– 50–60% efficiency

• Full duplex – only one host at each end of link– Data can be sent and received at the same time (2 lane bridge)– Uses two pairs of wires (Cat 5e uses four pairs), one to transmit and one

to receive– No collisions, sending and receiving done on two separate circuits– CSMA/CD not required, collision detect circuit is disabled– Host is attached to a dedicated switchport– Point-to-point connection– 100% efficiency in both directions (100 Mbps transmit and 100 Mbps

receive for FastEthernet)

Switchport duplex settings• Auto

– Both nodes negotiate the duplex setting to use– Default for FastEthernet ports and 10/100/1000 NICs

• Full– Default for 100Base-FX ports and for Gigabit ports

• Half– Default mode if auto negotiation fails (unsupported by other host)

• Duplex mismatch– Switch configured for full duplex and host only supports half duplex– FCS errors on full duplex port (show interface)– Random ping packets succeed and most fail

• Auto-MDIX– Switch detects the cable type for copper Ethernet connections and

configures the interface to match– Use either crossover or straight-through cables between hosts and

switches and switches and switches– Enabled by default on Cisco® IOS 12.2(18) and later

Ethernet frames

• Packet is encapsulated into a frame• Frame is transmitted onto the media• Frames use MAC addresses– 48 bits, 12 hex digits, burned into NIC – OUI |Vendor assigned

Mac-address-table

• MAC address table maps the switchports and the MAC addresses of the hosts connected to the switchport

• MAC addresses are learned and added to the MAC address table by checking the source MAC in the header of frames arriving on the switchport

• Mappings age out to keep data current• Also called CAM table

MAC address table

• Demo

Switching process• Switch receives an incoming frame through an arriving port• Switch adds source MAC address to MAC address table if not known• Flood, forward or filter?

– If a broadcast frame FF-FF-FF-FF-FF-FF, switch forwards out of all ports except arriving port

– If unicast frame switch does a lookup on MAC address table for the destination MAC and its associated port• If not found, the frame is broadcast

– If the associated port is the same as the arriving port the frame is dropped

• Frame is switched to the destination MAC port(s) and forwarded• Uplink ports have multiple MAC addresses associated with them

– as all the destinations on the upstream switch are learned from arriving frames they are added to the MAC address table

Switch forwarding• Store and forward – high integrity

– As a frame arrives it is stored in a buffer until fully received– Switch does error check, computes and verifies CRC value in trailer– If CRC integrity check is successful, MAC address table lookup on destination

address for destination port and frame is forwarded, if not then frame is dropped

– Store and forward switching is required for QoS analysis for prioritisation– Store and forward is now the only forwarding method on new Cisco® devices

• Cut through (fast forward) – fast and low latency– Switch does not perform error checking– Switch buffers first few bytes, determines the destination MAC address, looks

up the destination port and begins forwarding through the outgoing port– Faster but frames with errors can be forwarded

• Variants– Fragment-free switching

• Switch stores the first 64 bytes and does an error check, then starts forwarding

Switching symmetry

• Symmetric switching– All ports have the same bandwidth– Optimised for distributed traffic load such as peer-to-

peer desktops• Asymmetric switching– Ports have different bandwidths– More bandwidth dedicated to server switchports and

to uplink ports to prevent bottlenecks– Requires memory buffering to match the different

data rates

Memory buffering• Port-based memory buffering

– Arriving frame is queued in the arriving port buffer– Frame is not moved to the destination port until the all frames

ahead in the queue are transmitted– Delayed even when the destination port is open

• Shared memory buffering– All frames from all ports are stored in a common memory buffer– Frames are linked to their destination port with a map of frame

to port links– Frames can be transmitted as soon as the destination port is idle– Larger frames are transmitted with fewer dropped frames as

memory is allocated dynamically

Collision Issues• Shared media environments have the potential for

collisions– All connections on a hub belong to one collision domain– Don’t use hubs (200% reduced to 50% efficiency)

• Host connecting to a switch is a dedicated connection – An individual collision domain, a microsegment– There is no potential for collisions– Separate wires are used to transmit and receive– 24 port switch has 24 collision domains

• Switches increase the number of collision domains (and reduce the size of collision domains )

• Switches improve efficiency as all bandwidth is available to the host

Broadcast issues• Many protocols must broadcast

– ARP (who has 192.168.1.1?) to determine a destination host MAC– DHCP (are you a DHCP server?) to locate a DHCP server

• Switches forward broadcast frames– Broadcasts are sent through all switchports including links to other

switches except the originating switchport• All hosts receive and process broadcasts

– Bandwidth used up– CPU processing time used up

• As more switches and hosts are added there are more broadcasts on the network– More than 20% broadcast traffic on a host and the network is too large

• Too much broadcast traffic reduces performance, uses bandwidth and CPU cycles

• Routers divide networks and define broadcast domains– Routers do not forward broadcasts

Segmentation

• Segmentation is creating a boundary around a physical grouping of hosts

• Routers segment the broadcast domain– Creating smaller broadcast domains reduces broadcast

traffic and makes more bandwidth and processing available to applications

– Each router interface connects to a different LAN network (different broadcast domain)

• Switches segment the collision domain– Reduces the size of the collision domain– Each switchport connects to a different segment

(collision domain)

Broadcast and collision domains

Latency• Latency or delay is the time a frame or packet takes to travel

from the source to the destination• Sources of latency:

– NIC delay – time to encode and transmit signals or receive and decode frames– Propagation delay – time for a signal to move down the link to the destination– Transmission delay – time it takes the switch to process, buffer and forward the

frame• Switches have less latency than routers because:

– Routers have more complex and processor intensive functions (ACLS and routing) – Routers strip frame headers to read packet headers

• Switches support high forwarding rates – By using ASICS application specific integrated circuits to provide hardware

support for wire speed• Access layer switches can be oversubscribed

– Full bandwidth on all ports is more than the internal forwarding rate

Congestion• Causes of network congestion:– More powerful hosts which send and process data at

higher rates – Increasing volumes of network traffic:

• due in part to broadcast traffic • due in part to 80/20 rule changing to 20/80 • now 80% of resources are located outside the LAN and

require crossing the core• High bandwidth applications– such as desktop publishing, engineering design, video

on demand, e-learning and streaming video (video and multimedia)

Network bottlenecks• How many ports are required for hosts? For

uplinks?• What speed is the host sending at? • 48 ports running at 1 Gbps in full duplex requires

an internal forwarding rate of 96 Gbps– What is the internal throughput of the device? – Can it handle the anticipated traffic loads considering

its placement in the network?• Latency is greater on routers but routers split

broadcast domains• Do the maths and aggregate multiple links

Security issues• Limits the number of valid MAC addresses allowed on the port

– Port will not forward traffic from disallowed addresses– Authorised MAC address is assured full bandwidth on the port

• Static secure MAC addresses: Manually configured in address table• Dynamic secure MAC addresses: Learned dynamically (removed when switch restarts)• Sticky secure MAC addresses: Dynamically learn MAC addresses and saved to the

running configuration• Security violation mode:

– If more than the maximum allowed MAC addresses attempts to access the interface OR, if an address learned or configured on a secure interface is seen on another secure interface in the same VLAN a violation occurs

• Actions taken when violation occurs:– Protect: drop frame and no notification sent– Restrict: drop frame and send notification, SNMP trap or syslog message– Shutdown: interface is disabled and LED turns off, SNMP trap and syslog message

sent and violation counter incremented. (Release with shutdown and no shutdown commands).

Layer 3 switching

• Layer 3 switches can examine IP addresses and route traffic at switch speeds – Layer 3 switches can route between VLANs

• Layer 3 switching is faster than routing• Layer 3 switches do not support WAN

interfaces• Layer 3 switches do not support advanced

routing functions such as remote access connections VPNs

Switch boot sequence

• Loads boot loader from ROM• Boot loader – initialises CPU registers– performs POST– initialises flash file system– loads the default IOS image into memory– initialises interfaces with commands from config.text stored

in flash• POST completes– SYST LED blinks green or amber if POST fails

• Boot loader provides a command line to format flash file system, reinstall IOS image or recover a password

Agenda• Ethernet 802.3• CSMA/CD and duplex• Frames and MACs• Switching process– Store, forward and buffers

• Issues– Collisions and broadcasts– Latency and congestion

• Layer 3 switches• Switchport security• Switch boot sequence

Switching

Topic 1Basic concepts