4.3 Switch Operation 4.3.4 How switches and bridges filter frames Bridges are capable of filtering frames based on any Layer 2 fields. For example, a bridge can be programmed to reject, not forward, all frames sourced from a particular network. Because link layer information often includes a reference to an upper-layer protocol, bridges can usually filter on this parameter. Furthermore, filters can be helpful in dealing with unnecessary broadcast and multicast packets. Once the bridge has built the local address table, it is ready to operate. When it receives a frame, it examines the destination address. If the frame address is local, the bridge ignores it. If the frame is addressed for another LAN segment, the bridge copies the frame onto the second segment. Basic filtering keeps local frames local and sends remote frames to another LAN segment. Filtering on specific source and destination addresses performs the following actions: Both types of filtering provide some control over internetwork traffic and can offer improved security. Most Ethernet bridges can filter broadcast and multicast frames. Occasionally, a device will malfunction and continually send out broadcast frames, which are continuously copied around the network. A broadcast storm, as it is called, can bring network performance to zero. If a bridge can filter broadcast frames, a broadcast storm has less opportunity to act. Today, bridges are also able to filter according to the network-layer protocol. This blurs the demarcation between bridges and routers. A router operates on the network layer using a routing protocol to direct traffic around the network. A bridge that implements advanced filtering techniques is usually called a brouter. Brouters filter by looking at network layer information but they do not use a routing protocol. Web Links LAN Switching and VLANs http://www.cisco.com/univercd/cc/
td/doc/cisintwk/ito_doc/lanswtch.htm
Content 4.3 Switch Operation 4.3.5 LAN segmentation using bridging Ethernet LANs that use a bridge to segment the LAN provide more bandwidth per user because there are fewer users on each segment. In contrast, LANs that do not use bridges for segmentation provide less bandwidth per user because there are more users on a non-segmented LAN. Bridges segment a network by building address tables that contain the address of each network device and which segment to use to reach that device. Bridges are Layer 2 devices that forward data frames based on MAC addresses of the frame. In addition, bridges are transparent to the other devices on the network. Bridges increase the latency in a network by 10 to 30 percent. This latency is due to the decision-making required of the bridge or bridges in transmitting data. A bridge is considered a store-and-forward device because it must examine the destination address field and calculate the CRC in the frame check sequence field, before forwarding the frame. If the destination port is busy, the bridge can temporarily store the frame until the port is available. The time it takes to perform these tasks slows the network transmissions causing increased latency. Web Links LAN Switching and VLANs http://www.cisco.com/univercd/cc/
td/doc/cisintwk/ito_doc/lanswtch.htm
Content 4.3 Switch Operation 4.3.6 Why segment LANs? There are two primary reasons for segmenting a LAN. The first is to isolate traffic between segments. The second reason is to achieve more bandwidth per user by creating smaller collision domains. Without LAN segmentation, LANs larger than a small workgroup could quickly become clogged with traffic and collisions. LAN segmentation can be implemented through the utilization of bridges, switches, and routers. Each of these devices has particular pros and cons. With the addition of devices like bridges, switches, and routers the LAN is segmented into a number of smaller collision domains. In the example shown, four collision domains have been created. By dividing large networks into self-contained units, bridges and switches provide several advantages. Bridges and switches will diminish the traffic experienced by devices on all connected segments, because only a certain percentage of traffic is forwarded. Bridges and switches reduce the collision domain but not the broadcast domain. Each interface on the router connects to a separate network. Therefore the insertion of the router into a LAN will create smaller collision domains and smaller broadcast domains. This occurs because routers do not forward broadcasts unless programmed to do so. A switch employs “microsegmentation” to reduce the collision domain on a LAN. The switch does this by creating dedicated network segments, or point-to-point connections. The switch connects these segments in a virtual network within the switch. This virtual network circuit exists only when two nodes need to communicate. This is called a virtual circuit as it exists only when needed, and is established within the switch.
Content 4.3 Switch Operation 4.3.7 Microsegmentation implementation LAN switches are considered multi-port bridges with no collision domain, because of microsegmentation. Data is exchanged at high speeds by switching the frame to its destination. By reading the destination MAC address Layer 2 information, switches can achieve high-speed data transfers, much like a bridge does. The frame is sent to the port of the receiving station prior to the entire frame entering the switch. This process leads to low latency levels and a high rate of speed for frame forwarding. Ethernet switching increases the bandwidth available on a network. It does this by creating dedicated network segments, or point-to-point connections, and connecting these segments in a virtual network within the switch. This virtual network circuit exists only when two nodes need to communicate. This is called a virtual circuit because it exists only when needed, and is established within the switch. Even though the LAN switch reduces the size of collision domains, all hosts connected to the switch are still in the same broadcast domain. Therefore, a broadcast from one node will still be seen by all the other nodes connected through the LAN switch. Switches are data link layer devices that, like bridges, enable multiple physical LAN segments to be interconnected into a single larger network. Similar to bridges, switches forward and flood traffic based on MAC addresses. Because switching is performed in hardware instead of in software, it is significantly faster. Each switch port can be considered a micro-bridge acting as a separate bridge and gives the full bandwidth of the medium to each host.
Content 4.3 Switch Operation 4.3.8 Switches and collision domains A major disadvantage of Ethernet 802.3 networks is collisions. Collisions occur when two hosts transmit frames simultaneously. When a collision occurs, the transmitted frames are corrupted or destroyed in the collision. The sending hosts stop sending further transmissions for a random period of time, based on the Ethernet 802.3 rules of CSMA/CD. Excessive collisions cause networks to be unproductive. The network area where frames originate and collide is called the collision domain. All shared media environments are collision domains. When a host is connected to a switch port, the switch creates a dedicated 10 Mbps bandwidth connection. This connection is considered to be an individual collision domain. For example, if a twelve-port switch has a device connected to each port then twelve collision domains are created. A switch builds a switching table by learning the MAC addresses of the hosts that are