How Switching Works Network Fundamentals Part 11

To understand switching we need to look back through the mists of time after all the need to send information from one place to another is not new electronic communication itself have been around since the mid 19th century and has never stopped improving think of the old telephone system, they needed an operator to manage a switchboard when someone is needed to place a call of the operator would manually connect the cables to make an electronic path for the phone call and creating paths is what switching is all about but it’s a little more sophisticated these days so stay with me and I’ll bring you up to date piece by piece :
we’re going to come forward a few decades now to a time, when computers are starting to be more common in offices they started as standalone computers, but they needed to share to data so networking functions had to be added but unlike the old telephones creating manual circuits or using physical cables between every single computer was not an option one solution that they came up with being to daisy-chain every computer together it could be open-ended which is called the bus topology or the ends could be connected to form a loop which is called a ring topology, and this is OK for a few computers but it gets difficult when the number of computers in the office starts to grow imagine trying to add a new computer somewhere in the middle we’d have to break the network apart, and insert the computer in there also if there’s a break in the cable the network has now been broken into two separate parts, and in addition to physical, connections there need to be a protocol we’ve talked about these before the protocol is an intelligent way of sending data from one location to another without needing physical circuits like the old phone system, for example, the protocol needs to work out how to share this network how to take turns sending messages and how to work out which messages go where and on top of all this the network needs to figure out how to handle errors what happens if two computers transmit at the same time, and their messages get all mixed up this specific scenario is called a collision, and it is a real concern when sharing the physical medium like we see here.

Ethernet

Ethernet is a very common protocol, and we’ve spoken about this before too but now it’s time to add more detail Ethernet uses MAC addresses to identify each computer on the network there is one MAC address per network interface so a router, for example with more than one interface will have more than one Mac each MAC address is always 48 bits long and it is written in hexadecimal there are different ways you can Write a MAC address both of these that you see here are the same address that is written down differently the addresses are burned into the network card, so they’re not something that we can change these helps to make them unique which is absolutely required for MAC addresses to make this work they’re broken into two, halves the first 24 bits is called the O UI or organizationally unique identifier, and there’s an organization out there called the Triple E and it assigns this o UI portion of the MAC address to the hardware manufacturers the manufacturers then assign the second half of this address to their products as they see fit the point behind all this is there is no two devices or should be no two devices across the entire world that has the same MAC address now aside from these MAC addresses there are also some special addresses the first is the broadcast address which is all F s– no device owns this address it just simply means deliver this frame to every device on the local network as a local network as routers will not forward broadcast frames to other networks another type of address is a multicast address there are a lot of these, so I can’t list them all but you can look them up if you want to they these are also not owned by one particular device they’re used to sending frames to a group of devices for a particular purpose multicast in general is something that we look at in a different video Ethernet frames follow a well-known form that look like this there’s always a header before the data and always a trailer after the source and destination are probably the most interesting fields when a frame is sent the sender embeds its own source address and of course it will have to put the destination address in there too at the very start of the header is the preamble this is a fixed pattern of ones and zeros which lasts for seven bytes,, and this pattern shows that this is the start of the frame the eighth bite is the sfd or start frame delimiter this is also a pattern although a different one it is one byte long and that show that the very next byte will be the destination address the type field tells us which protocol is in the data section of the frame remember encapsulation that we’ve talked about a few times already well this tells us which protocol has been encapsulated inside this Ethernet frame these days these are most likely going to be ipv4 or ipv6 ipv4 is probably the one you’re more familiar with, and we’re looking to ipv6 some more in some future videos and at the very end of the frame is a trailer and this trailer contains the frame check sequence or FCS this is used to determine if any part of the frame has become corrupted during transit when the frame is first assembled the sender will run a mathematical formula over the frame contents it takes the result of this, and puts it in the trailer when the frame arrives the receiver runs the same formula over the contents of the frame without the trailer of course if the result matches the contents of the trailer than clearly the data is the same as it was when it was first sent that means there’s been no corruption but if the results are different from there must have been a change in the data somewhere that means that the frame is corrupt, and it will be discarded Ethernet will not try to recover this data. However, as we’ve seen in past videos higher-level protocols like TCP may try to recover the data in is older style of network when frames are sent every device will receive a copy when a device receives the frame he will look at the destination MAC address in the Ethernet header if it owns that address it will accept and process the frame if not it should discard the frame this raises two problems firstly there’s a lot of unnecessary traffic flowing around which uses up more resources secondly this has potential to be a security risk if every device can see your traffic then they might also be able to see your private information.

Hubs

the older networks have their limitations as we’ve discussed so around the mid-80s the idea of a hub was introduced much like the one we’re showing here this is probably getting a lot closer to what you’re used to seeing it’s a box that you can connect your computer to rather than needing to chain all your computers up this makes it so much easier to add and remove devices as you need to and if you run out of ports you can buy an extra hub, and you can daisy chain those to get the extra ports, you need on the inside hubs arent really doing anything different they’re still using the same bus networks connecting all the ports in a chain that means that the ports are part of the same land and any data received on one port is sent to all the other ports for this reason hubs are sometimes called port repeaters so there’s a lot of extra traffic flowing around, and every device can see every other devices traffic hubs were definitely an improvement, but they haven’t added any intelligence, or data processing from a network perspective they’re not much more than a bundle of wires puts inside a box, and that makes them layer one device and as this is still a bus network inside the hub a device cannot send and receive at the same time we have a term for this, and they are half duplex for that matter only one device on the network can send at one time if two devices try to send at the same time they cause a collision, and because a collision could happen at any point in stop ology the entire network that we’re looking at is called a collision domain, and the larger the network the larger the collision domain that is the more devices the more chances there are of a collision occurring and the more collisions that happen mean we need to spend more time waiting and resending frames, and that lowers the overall performance of the network sadly in a network like this we can’t just eliminate collisions Bart Ethernet being very clever as it is can minimize them and to do this it uses I guess is an algorithm or may be a protocol called carrier sense multiple access or CSMA there are two parts to this first collision avoidance, it attempts to determine when the network is idle, and it will only transmit than these helps to avoid a lot of collisions before they even happen but on occasion two devices will determine that the network is idle and at the exact same time they will try to transmit and yes, you guessed it that causes a collision so the second part is collision detection which is able to just as it sounds detect these collisions when the two devices detect the collision they both decide to wait a short random amount of time before attempting again and because these times are random they shouldn’t be the same which lowers the chance of them both transmitting at once which lowers the chance of collisions right if you’ve been reading these articles for a while you’ll know that I like to challenge you with a few quizzes this time you may need to do some of your own research to work some of these out, but the time will be well-spent as it will deepen your understanding my answers are available on the website as a thank you to patreon supporters.

Bridges

Well we’ve seen that hubs were an improvement, but they still do have some downsides all devices are in the same collision domain they use half duplex communication and data is sent out every single port all this adds up to limiting how far the network can grow so to address some of these concerns network bridges were created we can take our large bus topology network, and we can break it into two or smaller networks we then connect them using a bridge the bridge is a physical device that would look very much like a hub maybe with fewer ports typically hubs would connect to bridges and other devices would connect to the hubs while all of this is still in one network or LAN we have now broken this into smaller segments unlike hubs bridges have a bit of intelligence they keep a table of the network’s MAC addresses in memory as well as which segment these MAC addresses belong to when a frame arrives at a bridge interface the bridge looks at the destination MAC field in the Ethernet header it will then look at its MAC table, and it will see which network segment this MAC belongs to it knows about each segment as it has an interface connected to everyone if the MAC address is in the same segment that a frame came from it will not be forward the frame on it assumes that the sender is already closer to the destination than it is so, it doesnt need to forward the frame on if the MAC address for the destination devices is on a different network segment the bridge will forward the frame out if there’s a hub connected that then will of course replicate its frame to all of us port as normal, and the destination will ultimately get the frame this process really cuts down on the amount of data that’s flooded through the network it also breaks one large collision domain into a few smaller collision domains and remember that the smaller the collision domain better as there’s a smaller chance of collisions and fewer collisions means better performance the network as a whole can now grow larger before the term we use for this is scalability and because bridges are intelligent, and they look at the MAC addresses these are layer 2 devices now if you’re really thinking you will be wondering how does a bridge know where all these MAC addresses are and that’s a very good question I’m so glad you asked the bridge doesnt just magically know where all these addresses are it needs to learn them so let’s just imagine that the bridge in this diagram here has just been turned on right now there are no entries in the MAC table so a device sends out a frame, and it arrives at the bridge does a Mac lookup on both the source and the destination MAC addresses and it finds that neither are in the table yet so the first thing it will do is it will add the source MAC address to the table as now it knows where to find the device that owns that address the destination is still unknown so without this information that bridge has no choice but to flood the frame out all interfaces they are except the one that the frame was received on let’s say that the destination is in the network to the right, and it has now received the frame it wants to respond by sending a frame of its own, and that arrives at the bridge does a Mac table lookup just like it did before and it sees a new source address which it learns fortunately now it already knows where the destination MAC is as it had learned it earlier, and it can send it out of the correct interface avoiding the need to flood the frame every we’re sending the frame out is called forwarding being selective and not forwarding it out every single interface is called filtering let’s imagine though that we’ve picked up a computer and moved it from one segment to another what problems might we face here the problem is the entry in the MAC table is now incorrect from this we can see that the MAC table entries should not be permanent the next time it sends a frame the bridge will see the MAC address on a different interface, and it will update the entry in the table take careful note of this a MAC address can only be learned on one single interface, and what would happen if we turn the device off all perhaps has failed or it was a guest laptop connected to our network well each entry in the table has an aging timer when the MAC address was learned this timer starts counting whenever traffic from the device is seen the timer resets if no traffic is seen before the timer expires the entry will be removed from the table this helps keep the table nice and small after all these tables have a limit to their size as well in summary bridges have five very important functions they flood traffic out their interfaces if they dont know where to send it they learn which interfaces to use for certain destinations, and they forward traffic on these interfaces they filter traffic from interfaces that they dont need to send the traffic on, and they age our entries in the MAC table as they become stale I highly recommend that you try to remember these functions especially if you’re planning on doing a networking exam.

Switches

Now let’s move completely into modern networking around the mid-1990s switching was developed and it became popular by around the year 2000 so witches are the devices that we use Today, they bring the best features of hubs and bridges together into a single device they have a lot of ports like hubs do, so we would typically connect devices directly into the switches there’s also no dumb bus topology inside the switches either every single port behaves like a bridge port so this topology is no longer a bus topology but a star topology this also means that frames do not get flooded out the ports as often in addition to these switches are intelligent, and they support the same functions that bridges do like learning forwarding aging, and so on like bridges, and they’re intelligent and look at the MAC addresses they operate at layer 2 a very special advantage to this is that every single port is part of a separate collision domain that now means that multiple devices can send at one time, and there’s very little chance of collisions anymore this vastly improves efficiency and performance, and for that matter this isnt a shared bus network devices can send and receive at the same time which we call full duplex keep in mind though that if you take an old hub if you can even find one anymore and you connect it to a switch port then everything on that hub it’s still part of the same collision domain it’s still half duplex and so on the important thing to learn from this is dont use hops use switches the switches handle frames in three, different possible ways the first method is called store-and-forward the first few bits of a frame arrive at the switch and the switch stores them in memory in fact it will keep storing these bits in memory until the entire frame has arrived once it’s fully there it will then send the frame out one of its sports store forward is the safe switching method as the entire frame be checked for errors before it sent out the second method is called cut through the switch starts receiving a few bits of a frame, and it wastes just long enough to see the destination MAC address once, it’s got the address it does the required lookups to work out which interface to use and then will immediately start forwarded out the bits this method does not use any form of error checking at least not by the switch all the error checking is left up to the destination device this makes it by far the fastest method of switching the third method is a compromise between these two it’s called fragment free the switch stores the first 64 bits of the frame as they received because this is the part that’s most likely to have errors if there arent any errors here then all the bits are sent out immediately as soon as they’re received generally we dont choose what type of switching we use it’s chosen by the manufacturer of the switch themselves it’s not something that you generally think about every day it might be something you think about if you’re buying a switch though so what do you think why do we call these switches I kind of think it’s like having an old telephone switchboard operator in a little box when frames come in they create the path for these frames to take just like they did with old telephone calls and really that’s what switching is all about its about dynamically creating paths to forward frames hubs are pretty rare these days two bridges are still around, but they’re a bit different to what I’ve described here these days really switching is the king he’s not a few quiz questions for you to try stop reading the articles here and see how you go.

LAB

hey guess what it’s time for a lab I told you we do a few of these I’m running this lab here on viral I’ll make these lab files available on the website, and I’ll put the link to that in the description they’ll include the running config files so you can use them in any lab you dont have to use viral just because I am right we’re going to start with the simple topology there’s just two switches they’re connected together, and there’s two Linux servers connected to everyone only one server is turned on at the moment I haven’t put any special configure here they’re just a few defaults that viral has put on for me and will be working just on switch one throughout this lab let’s start by getting an overview of our interfaces with show interface status there’s not too many interfaces here after all it is only a lab real switch would have plenty more you can see the port which matches the diagram over on the Left GI is short for gigabit Cisco name their interfaces after the faster speed that the interface can handle so these can do one gigabit of throughput each on some older switches you might see interfaces labeled FA and that’s short for Fast Ethernet which is only 100 megabits per second on some switches like these one here there is only one type of interface while others you might find a mixture of different speeds you might find some fast Ethernet some gigabit you might even find some tang gigabit interfaces the name here that’s the interface description we discussed that in the last article so nothing fancy there the status column shows that all airports are connected if they were disconnecting their status would show up as not connect dont worry about this VLAN column for now villains are very important to us, but we won’t get to that till the next article so just ignore everything VLAN related for now and finally notice that these ports are all full duplex that’s normally what you see with switches if you connected an old hub here you would see that change to half duplex all right so moving on let’s have a look at the MAC address table we’ve talked about this table a lot in this article and now you finally get to see one it’s a bit boring right now it’s only learned one single MAC address the type column confirms that we’ve learned it dynamically that means that we didnt manually configure this MAC address in the table the interesting part is the port that this was learned on we can see that this is GI 1 1 which is the port that the second switch is connected to this brings up an interesting question do switch ports have MAC addresses after all they just say to forward the traffic right in most cases yet switch ports do have MAC addresses, but that depends on the features that the switch supports some features require one switch to communicate directly with another switch, so they need MAC addresses we’ll see some of these features throughout the series, but that’s not the whole picture switch ports may have MAC addresses, but they dont need MAC addresses to forward frames take a frame that server one is sending to server 2 as an example in the Ethernet header the source address will be server one’s Mac the destination address will be server to smack the switch port does not need a MAC address to forward the frame does that make sense I hope it does let me know in the comments if it really doesnt so the next question, we have where is server one’s Mac it’s missing because of the aging timer let’s see what this timer is set to with show MAC address table aging time and here we can see that the timer is 300 that’s 300 seconds when a new entry is put into the table it’s given a timer the timer starts at 0 and starts counting up so her server one’s Mac was learned and the timer counted up to 300 seconds and it’s Mac was removed from the table behind the scenes I am going to access server one, and I’m going to generate a little of traffic now if we look at the MAC address table again there it is server one’s MAC address and the port it was learned on so just for a bit of fun let’s change the aging timer will go into configuration mode and enter the command MAC address table aging time 900 that sets timer as you guessed 900 seconds and let me just say I dont normally recommend changing this timer unless you’ve got a pretty good reason mainly I’m just trying to show you that you can now less than on server 2, and we’ll see what happens it might take a while, so I’m going to use some special video editing to speed this up, and it’s on wasnt that quick where you can see the entry in the map table so what does this teaches us it shows us that most devices will start sending traffic of some sort as soon as they turn on and as soon as they do this the switch learns their addresses now going to fire up the remaining two servers and when they come online they’re added to the Mac table too and notice that they both appear on interface gi1 one this is the interface that’s connected to the second switch this happens because the second switch has forwarded traffic from these servers perhaps they were trying to send traffic to a Mac that doesnt exist for example and the frames would have been flooded out all ports therefore switch one will have seen the traffic and it will have learned from it something that we can learn from this is there is no problem at all learning more than one MAC address for a single interface how about we try adding some entries to the Mac table ourselves it’s not something you do very often in fact I can’t even remember the last time, I’ve had to do this but it’s good to see that you can and of course you want to have a bit of a play with this so let’s give it a go while we’re in configuration mode enter MAC address table, and then static as we’re entering a manual or static entry then we need the MAC address itself I’m just making up a fake address here we need to tell the switch which VLAN this Mac belongs in once again dont worry about this too much for now we’ll go through that in the next article and finally we add the interface that this switch should use when sending frames to the Mac and here’s something just a little interesting that I’ll bring out while we’re seeing it do you notice that the command with type II is too long to fit on the screen the CLI adds a dollar symbol to the start of the line to show there’s more in the line then it can show on screen just thought I would bring that up while we’re seeing it live here because I know that many of you will be new to the CLI and might not be sure what that’s all about, so I hope that makes sense if you see that now in the real world, and now if we go and have a look at the Mack table again we can see our new entry but imagine there are hundreds of entries in this Mack table and this is a very possible scenario on real switches it can be difficult to find a particular mark that you’re searching for what we can do is we can show you the Mack table, and we can add the address keyword followed by the MAC address that we’re looking for and the CLI will filter the output to show only the MAC we’re searching for isnt it clever and speaking of having hundreds of entries in the Mack table the table doesnt have an infinite size in fact it’s a data structure in memory called the kam table kam means content addressable memory, and it’s a special storage space in memory which is optimized for this kind of data as this is limited in size there’s a limit to how many entries will fit in there, and we can see this with show MAC address table count and right at the bottom of the screen you can see how many entries can fit into the table it’s quite a large number in the lab, but a lot of real devices will have a number significantly lower if you do run out of entry space and then a new MAC address is learned the oldest entry will be prematurely aged out to make space if this is something you’re seeing in the real world you either need to redesign your network or buy bigger switches let’s try manually clearing this table once again dont generally do this in a production network because the then it would have to learn all the MAC addresses again, but you know sometimes you might have a good reason so it’s good to know that you can do it all right we have 6 entries here 5 dynamic and 1 static so let’s clear those out hang on a moment I can’t find the command that I’m looking for oh yeah okay sorry I’m using a show command what I really need is to type in clear MAC address table dynamic you’ll notice there’s no option for static entry clearing if we look at the table we can confirm that the static entry is a still there while the rest are gone in fact this can be your homework work out how to clear this static entry out of the table download lab or build your own and have a go, and that brings us to the end of our lab let’s finish off with a few quiz questions I’ve tried to make these a bit like something you might see in the exam so hopefully this will help you out and hopefully after we’ve been through all this you can see why we have been switching and how it works we will take this further in the next article we’re going to have a look at the concept of VLANs also known as virtual LANs I highly recommend reading this is something you will definitely need to know please like the article if it has been helpful and share it with someone else who can benefit thank you I will see you in the next article.

Add Comment