-

How Switches Work.

 


If you have been in IT for some time you might have heard the statement, “switches operate at layer 2”, but what does that really mean ?

In the TCP/IP reference model, the first “layer” is known as the Network Interface Layer, which is made up of “L1” and “L2”. Layer 2 refers to frames, and the addressing that is used to communicate between devices is known as the MAC address. MAC addresses are 48-bit addresses that are separated with colons(:). An example would look like this: aa:aa:aa:bb:bb:bb. The first 6 a’s(first 24-bits) is known as the Organizational Unique Identifier(OUI) and the last 6 b’s(last 24-bits) make up the unique host portion of the address. Each network device will have a MAC address.

Switches are by default a single broadcast domain(VLAN) and they need a way of forwarding these frames to the correct host efficiently. In order for the switch to be able to do this it keeps a table called the CAM(content addressable memory) table. The CAM table will learn every source MAC address that is on a connected interface and associate it with the interface that it is on and the VLAN associated with the port. Since the switch has a table with all of the mac addresses on each port then it can efficiently forward the frames to the correct destination address. Before we go into what the switch does if it doesn’t have an entry in its CAM table for a destination MAC address we need to talk about BUM. BUM? Broadcast, Unknown Unicast, Multicast. That is the traffic that switches flood out every port that is apart of the same broadcast domain(VLAN) except the port it came in on. So what happens if a switch receives a frame for a destination MAC that is not in its CAM ? It treats it like BUM and sends it out all ports in the same broadcast domain(VLAN) except the port it came in on. So how does it stay efficient ? The switch has a timer that it keeps for every entry in the CAM table. The default aging timer is 300 seconds(5 min). If 300 seconds expire then the switch drops the MAC out of its table. This ensures that only the most up to date MAC addresses get kept in the table. This is a brief overview of how switches store MAC’s and forward frames efficiently.

Comments

Post a Comment

Popular posts from this blog

AWS Identity and Access Management(IAM)

-
Image
 IAM   With the cloud becoming more and more prevalent, how do we secure who can access cloud resources and which resources can speak to each other. This very important problem is solved with AWS Identity and Access Management(IAM) resource.  IAM enables you to control who can access your AWS environment, what actions they can perform, and which resources they can interact with. It allows you to set fine-grained permissions and policies to meet your security and compliance requirements. So what are the parts that make up Identity and Access Management(IAM) ? - User groups - Users - Roles - Policies - Identity Provider Lets go into more detail about each resource that makes up IAM. User groups are groups you can define to logically group users together that perform similar functions in job. This is kind of like having different groups for different job roles. Users are just the manually configured users created for use on the management console. This is where you define all the diffe
Read more

AWS Virtual Private Clouds(VPCs)

-
Image
   In the spirit of my last blog on cloud computing, we will discuss VPC's in this blog.  What are VPC's ? Before I answer this question I need to explain this picture and the terms used. In AWS(and other cloud providers) we have several things that make up the global cloud infrastructure. Those things are Regions, Availability Zones, and Edge Locations(not pictured). A region is a geographical area around the world that consist of multiple availability zones. An availability zone can be thought of as multiple discrete data centers that have separate power, cooling, networking, and housed in separate buildings. Edge locations are places where CloudFront caches your content to provide ultra-low latency delivery of your content. According to AWS they currently have 32 regions, 102 availability zones, and more than 550 PoP's(points of presence). These things together make it possible to create global resources in minutes that serve millions of customers.  A VPC or Virtual Pri
Read more

IPSec VPN - Fundamentals

-
A VPN, or Virtual Private Network, is a way to establish a tunnel between two endpoints, like two routers or two endpoints. VPN’s are used to provide a way of secure communication over an unsecure medium. A simple example would be secure communication between two branch offices over the unsecure internet. This is important because we need secure communication so that people can’t eavesdrop and steal important company information. Oftentimes, people misunderstand VPN's and think just because "private" is in the name that it's secure. This is not always the case, especially in the service provider world where there are different types of VPN's that do not provide any sort of encryption. IPSec VPN's do however provide encryption and other features. There are several different types of VPN’s that can be deployed. The most common ones are Site-To-Site and Remote Access, although there are many more and depending on the use case, the most common could be differe
Read more