Layer 2 Switch Operation
An ethernet switch decides where to forward incoming frames based on the destination MAC address contained within the received frame. Using this method means that the ethernet media is no longer shared between all connected devices. A switch will not forward a frame unless it knows which switch port the destination MAC address is connected to. Each switch port is it’s own isolated Ethernet LAN segment. The switch isolates connected devices in the following ways:
- collision domains are limited and made up of the switch port itself and either a single host or a connected hub
- all devices can operate in full duplex mode
- each device has dedicated bandwidth across the switching fabric to another switch port
- “store and forward” = frames are checked for errors, if OK the frame is regenerated when forwarded or transmitted. Receive / Store & Inspect / Forward
- broadcast traffic is limited to a volume threshold
- intelligent filtering and forwarding becomes possible
MAC address / switch port mappings can either be statically configured via the CLI, or learned by the switch dynamically. To learn dynamically the switch checks the source MAC address of incoming frames and adds the MAC address, switch port and VLAN on which it arrived into a table (if it isn’t already in the table). The switch also checks the destination MAC address of the incoming frame, and then checks the table for a match to find the switchport and VLAN that the destination MAC is attached to. If there is a match, the frame is then forwarded out of the corresponding switch port. If there is no match then the frame is flooded out of all switch ports assigned to the source VLAN – known as unknown unicast flooding. A switch port will only listen and learn source MAC addresses if allowed to do so by STP (Spanning Tree Protocol), ie. the port is not in a blocking state.
Frames destined for broadcast or multicast MAC addresses are also flooded by the switch to all ports in the same VLAN as the port that the frame originated on.
Layer 2 Frame Forwarding Decision Process
RX ports —> Ingress Queue —> Inbound & Outbound Security ACL’s (TCAM) —> Egress Queues —>TX ports
—> Qos ACL’s Clasification & Policing (TCAM) —>
—> L2 Fowarding Table (CAM) —>
CAM Table – contains: MAC Address | Egress Port | VLAN
Incoming frames are placed into one of the receiving port’s Ingress queues. Each queue has a different priority or service level, allowing the ports to be configured so that important frames get priority treament and are processed and forwarded before less important frames.
Frames are pulled of the ingress queue to be processed and at this point the switch needs to work out where to forward the frame to, and also whether or not it should be forwarded and if it should, then how to forward it. In other words, the the switch asks itself where is this frame destined for? (destination MAC address), is it allowed to be forwarded there? (security ACL’s) if so how do I get it there? (Qos ACL’s, switch port, egress queue) . These decisions are made simultaneoulsy by separate elementrs of the switching hardware:
- L2 Fowarding Table – The CAM (Content-Addressable Memory) table contains MAC Address | Egress Port | VLAN records and is searched using the destination MAC address as the key. If there’s a match, then the egress port and VLAN ID are read from the table. No match means the frame is marked for floooding out of every port in the VLAN.
- Security ACL’s – The TCAM (Ternary Content-Addressable Memory) table stores ACL’s and a single look up will determine if a frame can be forwarded or not. Security ACL’s can use MAC address, protocol types (non IP), IP addresses layer 4 port numbers to match frames.
- Qos ACL’s – As with security ACL’s, a single TCAM table look up can determine if Qos should be applied to frames. This will effect which egress queue a frame is placed into.
Multilayer Switch Operation
Multilayer switching is defined as the ability to forward frames based on layer 3 and 4 data contained in packets. The fact that the layer 3 and 4 encapsulations are contained in ethernet frames means that layer 2 switching happens at the same time. There are 2 types of MLS:
- Route Caching – first generation technology, no longer used by Cisco Catalyst switches.
- Topology Based – second generation, uses a database built from layer 3 routing information, that contains the entire network topology. The database is updated dynamically as the topolgoy changes. Longest match found = correct layer 3 destination. Also known as Cisco Express Forwarding (CEF). The routing process runnning on the switch downloads the current routing table database into the Forward Information Base (FIB) area of hardware.
Layer 3 Packet Forwarding Decision Process
RX ports —> Ingress Queue —> Inbound & Outbound Security ACL’s (TCAM) —> L3 Packet Rewrite —> Egress Queues —>TX ports
—> Qos ACL’s Clasification & Policing (TCAM) —>
—> L3 Fowarding Table (FIB) —>
—> L2 Fowarding Table (CAM) —>
FIB Table – contains: IP address | Next Hop IP address | Next Hop MAC address | Egress Port
Incoming packets are placed into one of the receiving port’s Ingress queues, and both the L2 and L3 destination addresses are checked. This means that the forwarding decision is based on two address tables, and the decision of how to forward is based on the Security and Qos access lists as with layer 2 switching. The L3 Fowarding Table is searched using the destination IP address as the key, the longest match (IP and netmask) is found which then results in the next hop IP address being obtained. The FIB also has a record of the next hop MAC address and VLAN ID.
The final step before the packet is placed in the appropriate egress queue is to to re-write the packet, because it has gone through a routing process so therefore the destination MAC address needs to be changed to the next hop MAC address, the source MAC address is changed to that of the switch, and the TTL value is decremented by one. Also both the layer 2 and layer 3 header checksums must be recalculated as the contents of the frame/packet have changed.
Some packets cannot be handled by CEF and have to be forwarded to the switch CPU for “procsess switching”. Example packet types are: ARP, IP packets needing a response from a router, IP broadcasts relayed as unicasts (DHCP, IP helper-address), routing protocol updates, CDP, IPX, packets to be NAT’ed or encrypted, Appletalk, DecNet etc.
Content Addressable Memory (CAM)
Used by all Catalyst switches for L2 switching. As a frame arrives into a switchport it’s source MAC address, port and VLAN ID are all recorded in the CAM table. One extra item recorded is a timestamp – if a MAC addreses is already recorded in the CAM table then only the time stamp is updated. Also if a device has moved and it’s MAC address is learned on a new switchport then the most recent port and timestamp is recorded, and the old entry removed from the table. Stale entries (by default >300 seconds old) are aged out and deleted from the table. If a MAC address is being learned on alternating switchports then the switch generates an error.
Add a static CAM table entry:
Switch(config)# mac address-table static mac-address vlan vlan-id interface type mod/num.
Change the aging time via the CLI:
Switch(config)# mac address-table aging-time seconds
View contents of the CAM table:
Switch# show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id ]
Check the size of the CAM table:
Switch# show mac address-table count (shows results per VLAN)
Clear an entry from the CAM table:
Switch# clear mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id ]
Ternary Content Addressable Memory (TCAM)
An extension of the CAM table concept, with entries composed of Value, Mask and Result (VMR) combinations. Multilayer switches check for matching Access Control Entities (ACE’s) in ACL’s is done in hardaware – as opposed to routers where evaluating traffic against ACL’s can add latency to packets. TCAM allows a packet to be evaluated against an entire ACL in a single table lookup. Multiple TCAM’s allow this process to happen for both inbound and outbound traffic simultaneously. There are 2 components of TCAM:
- Feature Manager (FM) – merges ACE’s into the TCAM table
- Switching Database Manager (SMD) – configures/tunes the TCAM. On some switch models the TCAM can be partitioned (not on 45/6500 platform)