4.3 Switch Operation
4.3.4 How switches and bridges filter frames Bridges are
capable of filtering frames based on any Layer 2 fields. For
example, a bridge can be programmed to reject, not forward, all
frames sourced from a particular network. Because link layer
information often includes a reference to an upper-layer
protocol, bridges can usually filter on this parameter.
Furthermore, filters can be helpful in dealing with unnecessary
broadcast and multicast packets. Once the bridge has built the
local address table, it is ready to operate. When it receives a
frame, it examines the destination address. If the frame
address is local, the bridge ignores it. If the frame is
addressed for another LAN segment, the bridge copies the frame
onto the second segment. - Ignoring a frame is called
filtering.
- Copying the frame is called forwarding.
Basic filtering keeps local frames local and sends
remote frames to another LAN segment. Filtering on specific
source and destination addresses performs the following
actions: - Stopping one station from sending frames
outside of its local LAN segment
- Stopping all
"outside" frames destined for a particular station,
thereby restricting the other stations with which it can
communicate
Both types of filtering provide some
control over internetwork traffic and can offer improved
security. Most Ethernet bridges can filter broadcast and
multicast frames. Occasionally, a device will malfunction and
continually send out broadcast frames, which are continuously
copied around the network. A broadcast storm, as it is called,
can bring network performance to zero. If a bridge can filter
broadcast frames, a broadcast storm has less opportunity to
act. Today, bridges are also able to filter according to the
network-layer protocol. This blurs the demarcation between
bridges and routers. A router operates on the network layer
using a routing protocol to direct traffic around the network.
A bridge that implements advanced filtering techniques is
usually called a brouter. Brouters filter by looking at network
layer information but they do not use a routing protocol.
Web Links LAN Switching and VLANs
http://www.cisco.com/univercd/cc/
td/doc/cisintwk/ito_doc/lanswtch.htm
Content
4.3 Switch Operation 4.3.5 LAN
segmentation using bridging Ethernet LANs that use a bridge to
segment the LAN provide more bandwidth per user because there
are fewer users on each segment. In contrast, LANs that do not
use bridges for segmentation provide less bandwidth per user
because there are more users on a non-segmented LAN. Bridges
segment a network by building address tables that contain the
address of each network device and which segment to use to
reach that device. Bridges are Layer 2 devices that forward
data frames based on MAC addresses of the frame. In addition,
bridges are transparent to the other devices on the network.
Bridges increase the latency in a network by 10 to 30 percent.
This latency is due to the decision-making required of the
bridge or bridges in transmitting data. A bridge is considered
a store-and-forward device because it must examine the
destination address field and calculate the CRC in the frame
check sequence field, before forwarding the frame. If the
destination port is busy, the bridge can temporarily store the
frame until the port is available. The time it takes to perform
these tasks slows the network transmissions causing increased
latency. Web Links LAN Switching and VLANs
http://www.cisco.com/univercd/cc/
td/doc/cisintwk/ito_doc/lanswtch.htm
Content
4.3 Switch Operation 4.3.6 Why
segment LANs? There are two primary reasons for segmenting a
LAN. The first is to isolate traffic between segments. The
second reason is to achieve more bandwidth per user by creating
smaller collision domains. Without LAN segmentation, LANs
larger than a small workgroup could quickly become clogged with
traffic and collisions. LAN segmentation can be implemented
through the utilization of bridges, switches, and routers. Each
of these devices has particular pros and cons. With the
addition of devices like bridges, switches, and routers the LAN
is segmented into a number of smaller collision domains. In the
example shown, four collision domains have been created. By
dividing large networks into self-contained units, bridges and
switches provide several advantages. Bridges and switches will
diminish the traffic experienced by devices on all connected
segments, because only a certain percentage of traffic is
forwarded. Bridges and switches reduce the collision domain but
not the broadcast domain. Each interface on the router connects
to a separate network. Therefore the insertion of the router
into a LAN will create smaller collision domains and smaller
broadcast domains. This occurs because routers do not forward
broadcasts unless programmed to do so. A switch employs
“microsegmentation” to reduce the collision domain on a LAN.
The switch does this by creating dedicated network segments, or
point-to-point connections. The switch connects these segments
in a virtual network within the switch. This virtual network
circuit exists only when two nodes need to communicate. This is
called a virtual circuit as it exists only when needed, and is
established within the switch.
Content 4.3
Switch Operation 4.3.7 Microsegmentation
implementation LAN switches are considered multi-port bridges
with no collision domain, because of microsegmentation. Data is
exchanged at high speeds by switching the frame to its
destination. By reading the destination MAC address Layer 2
information, switches can achieve high-speed data transfers,
much like a bridge does. The frame is sent to the port of the
receiving station prior to the entire frame entering the
switch. This process leads to low latency levels and a high
rate of speed for frame forwarding. Ethernet switching
increases the bandwidth available on a network. It does this by
creating dedicated network segments, or point-to-point
connections, and connecting these segments in a virtual network
within the switch. This virtual network circuit exists only
when two nodes need to communicate. This is called a virtual
circuit because it exists only when needed, and is established
within the switch. Even though the LAN switch reduces the size
of collision domains, all hosts connected to the switch are
still in the same broadcast domain. Therefore, a broadcast from
one node will still be seen by all the other nodes connected
through the LAN switch. Switches are data link layer devices
that, like bridges, enable multiple physical LAN segments to be
interconnected into a single larger network. Similar to
bridges, switches forward and flood traffic based on MAC
addresses. Because switching is performed in hardware instead
of in software, it is significantly faster. Each switch port
can be considered a micro-bridge acting as a separate bridge
and gives the full bandwidth of the medium to each host.
Content 4.3 Switch Operation
4.3.8 Switches and collision domains A major disadvantage
of Ethernet 802.3 networks is collisions. Collisions occur when
two hosts transmit frames simultaneously. When a collision
occurs, the transmitted frames are corrupted or destroyed in
the collision. The sending hosts stop sending further
transmissions for a random period of time, based on the
Ethernet 802.3 rules of CSMA/CD. Excessive collisions cause
networks to be unproductive. The network area where frames
originate and collide is called the collision domain. All
shared media environments are collision domains. When a host is
connected to a switch port, the switch creates a dedicated 10
Mbps bandwidth connection. This connection is considered to be
an individual collision domain. For example, if a twelve-port
switch has a device connected to each port then twelve
collision domains are created. A switch builds a switching
table by learning the MAC addresses of the hosts that are