Switching

advertisement
Switching
Topic 1
Basic concepts
Agenda
•
•
•
•
Ethernet 802.3
CSMA/CD and duplex
Frames and MACs
Switching process
– Store, forward and buffers
• Issues
– Collisions and broadcasts
– Latency and congestion
• Layer 3 switches
• Switchport security
• Switch boot sequence
Ethernet standard IEEE 802.3
• LAN standard
• Layer 2 data link (OSI)
• CSMA/CD technology for multi-access segments
(shared links)
• Frames:
– Unicast
– Broadcast
– Multicast
• Switches and access points and NICs, twisted pair
or fiber (mm or sm) and star topology and pointto-point links
CSMA/CD
• Carrier sense:
– Listen before transmitting, if no traffic transmit message
– Keep listening for collisions
• Multi-access:
– If two devices transmit at the same time, signals collide
• Collision detection:
– All devices listen for collisions – an increase signal amplitude
– Transmitting devices continue to transmit until minimum packet time is
reached (jam signal) to ensure that all devices detect the collision
– All devices start a back-off algorithm and wait for a random of time (no
transmitting)
– Back to listening mode
– No device has priority to resend
• Multi-access hub based, half duplex communications only
Duplex
• Half duplex – link shared by many hosts via a hub
– Data can travel in both directions but only one direction at a time (1
lane bridge)
– Uses CSMA/CD to detect and manage collisions
– Hub based networks
– Lower performance – lots of waiting for the media
– 50–60% efficiency
• Full duplex – only one host at each end of link
– Data can be sent and received at the same time (2 lane bridge)
– Uses two pairs of wires (Cat 5e uses four pairs), one to transmit and one
to receive
– No collisions, sending and receiving done on two separate circuits
– CSMA/CD not required, collision detect circuit is disabled
– Host is attached to a dedicated switchport
– Point-to-point connection
– 100% efficiency in both directions (100 Mbps transmit and 100 Mbps
receive for FastEthernet)
Switchport duplex settings
• Auto
– Both nodes negotiate the duplex setting to use
– Default for FastEthernet ports and 10/100/1000 NICs
• Full
– Default for 100Base-FX ports and for Gigabit ports
• Half
– Default mode if auto negotiation fails (unsupported by other host)
• Duplex mismatch
– Switch configured for full duplex and host only supports half duplex
– FCS errors on full duplex port (show interface)
– Random ping packets succeed and most fail
• Auto-MDIX
– Switch detects the cable type for copper Ethernet connections and
configures the interface to match
– Use either crossover or straight-through cables between hosts and
switches and switches and switches
– Enabled by default on Cisco® IOS 12.2(18) and later
Ethernet frames
• Packet is encapsulated into a frame
• Frame is transmitted onto the media
• Frames use MAC addresses
– 48 bits, 12 hex digits, burned into NIC
– OUI |Vendor assigned
Mac-address-table
• MAC address table maps the switchports and
the MAC addresses of the hosts connected to
the switchport
• MAC addresses are learned and added to the
MAC address table by checking the source
MAC in the header of frames arriving on the
switchport
• Mappings age out to keep data current
• Also called CAM table
MAC address table
• Demo
Switching process
• Switch receives an incoming frame through an arriving port
• Switch adds source MAC address to MAC address table if not known
• Flood, forward or filter?
– If a broadcast frame FF-FF-FF-FF-FF-FF, switch forwards out of all
ports except arriving port
– If unicast frame switch does a lookup on MAC address table for
the destination MAC and its associated port
• If not found, the frame is broadcast
– If the associated port is the same as the arriving port the frame
is dropped
• Frame is switched to the destination MAC port(s) and forwarded
• Uplink ports have multiple MAC addresses associated with them
– as all the destinations on the upstream switch are learned from
arriving frames they are added to the MAC address table
Switch forwarding
• Store and forward – high integrity
– As a frame arrives it is stored in a buffer until fully received
– Switch does error check, computes and verifies CRC value in trailer
– If CRC integrity check is successful, MAC address table lookup on destination
address for destination port and frame is forwarded, if not then frame is
dropped
– Store and forward switching is required for QoS analysis for prioritisation
– Store and forward is now the only forwarding method on new Cisco® devices
• Cut through (fast forward) – fast and low latency
– Switch does not perform error checking
– Switch buffers first few bytes, determines the destination MAC address, looks
up the destination port and begins forwarding through the outgoing port
– Faster but frames with errors can be forwarded
• Variants
– Fragment-free switching
• Switch stores the first 64 bytes and does an error check, then starts
forwarding
Switching symmetry
• Symmetric switching
– All ports have the same bandwidth
– Optimised for distributed traffic load such as peer-topeer desktops
• Asymmetric switching
– Ports have different bandwidths
– More bandwidth dedicated to server switchports and
to uplink ports to prevent bottlenecks
– Requires memory buffering to match the different
data rates
Memory buffering
• Port-based memory buffering
– Arriving frame is queued in the arriving port buffer
– Frame is not moved to the destination port until the all frames
ahead in the queue are transmitted
– Delayed even when the destination port is open
• Shared memory buffering
– All frames from all ports are stored in a common memory buffer
– Frames are linked to their destination port with a map of frame
to port links
– Frames can be transmitted as soon as the destination port is idle
– Larger frames are transmitted with fewer dropped frames as
memory is allocated dynamically
Collision Issues
• Shared media environments have the potential for
collisions
– All connections on a hub belong to one collision domain
– Don’t use hubs (200% reduced to 50% efficiency)
• Host connecting to a switch is a dedicated connection
–
–
–
–
An individual collision domain, a microsegment
There is no potential for collisions
Separate wires are used to transmit and receive
24 port switch has 24 collision domains
• Switches increase the number of collision domains (and
reduce the size of collision domains )
• Switches improve efficiency as all bandwidth is available to
the host
Broadcast issues
• Many protocols must broadcast
– ARP (who has 192.168.1.1?) to determine a destination host MAC
– DHCP (are you a DHCP server?) to locate a DHCP server
• Switches forward broadcast frames
– Broadcasts are sent through all switchports including links to other
switches except the originating switchport
• All hosts receive and process broadcasts
– Bandwidth used up
– CPU processing time used up
• As more switches and hosts are added there are more broadcasts on
the network
– More than 20% broadcast traffic on a host and the network is too large
• Too much broadcast traffic reduces performance, uses bandwidth
and CPU cycles
• Routers divide networks and define broadcast domains
– Routers do not forward broadcasts
Segmentation
• Segmentation is creating a boundary around a
physical grouping of hosts
• Routers segment the broadcast domain
– Creating smaller broadcast domains reduces broadcast
traffic and makes more bandwidth and processing
available to applications
– Each router interface connects to a different LAN
network (different broadcast domain)
• Switches segment the collision domain
– Reduces the size of the collision domain
– Each switchport connects to a different segment
(collision domain)
Broadcast and collision domains
Latency
• Latency or delay is the time a frame or packet takes to travel
from the source to the destination
• Sources of latency:
– NIC delay – time to encode and transmit signals or receive and decode frames
– Propagation delay – time for a signal to move down the link to the destination
– Transmission delay – time it takes the switch to process, buffer and forward the
frame
• Switches have less latency than routers because:
– Routers have more complex and processor intensive functions (ACLS and routing)
– Routers strip frame headers to read packet headers
• Switches support high forwarding rates
– By using ASICS application specific integrated circuits to provide hardware
support for wire speed
• Access layer switches can be oversubscribed
– Full bandwidth on all ports is more than the internal forwarding rate
Congestion
• Causes of network congestion:
– More powerful hosts which send and process data at
higher rates
– Increasing volumes of network traffic:
• due in part to broadcast traffic
• due in part to 80/20 rule changing to 20/80
• now 80% of resources are located outside the LAN and
require crossing the core
• High bandwidth applications
– such as desktop publishing, engineering design, video
on demand, e-learning and streaming video (video
and multimedia)
Network bottlenecks
• How many ports are required for hosts? For
uplinks?
• What speed is the host sending at?
• 48 ports running at 1 Gbps in full duplex requires
an internal forwarding rate of 96 Gbps
– What is the internal throughput of the device?
– Can it handle the anticipated traffic loads considering
its placement in the network?
• Latency is greater on routers but routers split
broadcast domains
• Do the maths and aggregate multiple links
Security issues
•
•
•
•
•
•
Limits the number of valid MAC addresses allowed on the port
– Port will not forward traffic from disallowed addresses
– Authorised MAC address is assured full bandwidth on the port
Static secure MAC addresses: Manually configured in address table
Dynamic secure MAC addresses: Learned dynamically (removed when switch restarts)
Sticky secure MAC addresses: Dynamically learn MAC addresses and saved to the
running configuration
Security violation mode:
– If more than the maximum allowed MAC addresses attempts to access the interface
OR, if an address learned or configured on a secure interface is seen on another
secure interface in the same VLAN a violation occurs
Actions taken when violation occurs:
– Protect: drop frame and no notification sent
– Restrict: drop frame and send notification, SNMP trap or syslog message
– Shutdown: interface is disabled and LED turns off, SNMP trap and syslog message
sent and violation counter incremented. (Release with shutdown and no shutdown
commands).
Layer 3 switching
• Layer 3 switches can examine IP addresses and
route traffic at switch speeds
– Layer 3 switches can route between VLANs
• Layer 3 switching is faster than routing
• Layer 3 switches do not support WAN
interfaces
• Layer 3 switches do not support advanced
routing functions such as remote access
connections VPNs
Switch boot sequence
• Loads boot loader from ROM
• Boot loader
–
–
–
–
–
initialises CPU registers
performs POST
initialises flash file system
loads the default IOS image into memory
initialises interfaces with commands from config.text stored
in flash
• POST completes
– SYST LED blinks green or amber if POST fails
• Boot loader provides a command line to format flash file
system, reinstall IOS image or recover a password
Agenda
•
•
•
•
Ethernet 802.3
CSMA/CD and duplex
Frames and MACs
Switching process
– Store, forward and buffers
• Issues
– Collisions and broadcasts
– Latency and congestion
• Layer 3 switches
• Switchport security
• Switch boot sequence
Switching
Topic 1
Basic concepts
Download