Ch. 4 – Switching Concepts CCNA 3 version 3.0 Overview Routers Switches, Bridges Hub, Repeaters • Ethernet networks used to be built using repeaters. • When the performance of these networks began to suffer because too • • many devices shared the same segment, network engineers added bridges to create multiple collision domains. As networks grew in size and complexity, the bridge evolved into the modern switch, allowing microsegmentation of the network. Today’s networks typically are built using switches and routers, often with the routing and switching function in the same device. Ethernet/802.3 LAN development • • • • • • Distance limitations Ethernet is fundamentally a shared technology where all users on a given LAN segment compete for the same available bandwidth. This situation is analogous to a number of cars all trying to access a one-lane road at the same time. Because the road has only one lane, only one car can access it at a time. The introduction of hubs into a network resulted in more users competing for the same bandwidth. Collisions are a by-product of Ethernet networks. Bridges • A bridge is a Layer 2 device used to divide, or segment, a network. • A bridge is capable of collecting and selectively passing data frames • • • between two network segments. Bridges do this by learning the MAC address of all devices on each connected segment. Using this information, the bridge builds a bridging table and forwards or blocks traffic based on that table. This results in smaller collision domains and greater network efficiency. Bridges do NOT restrict broadcast traffic. Switches • Switches create a virtual circuit between two connected devices, • • • • establishing a dedicated communication path between two devices. Switches on the network provide microsegmentation. This allows maximum utilization of the available bandwidth. A switch is also able to facilitate multiple, simultaneous virtual circuit connections. Broadcast frames to all connected devices on the network. Router • A router is a Layer 3 device. • Used to “route” traffic between two or more Layer 3 networks. • Routers make decisions based on groups of network addresses, or • • classes, as opposed to individual Layer 2 MAC addresses. Routers use routing tables to record the Layer 3 addresses of the networks that are directly connected to the local interfaces and network paths learned from neighboring routers. Routers are not compelled to forward broadcasts. Factors that impact network performance Elements of Ethernet/802.3 networks • Broadcast data frame delivery of Ethernet/802.3 • The carrier sense multiple access/collision detect (CSMA/CD) method • • • allows only one station to transmit at a time. Multimedia applications with higher bandwidth demand such as video and the Internet, coupled with the broadcast nature of Ethernet, can create network congestion. Normal latency as the frames travel across the layers Extending the distances and increasing latency of the Ethernet/802.3 LANs by using Layer 1 repeaters. Half-Duplex • Originally Ethernet was a half-duplex technology. • Using half-duplex, a host could either transmit or receive at one time, • • • • • but not both. If the network is already in use, the transmission is delayed. When a collision occurs, the host that first detects the collision will send out a jam signal to the other hosts. Upon receiving the jam signal, each host will stop sending data, then wait for a random period of time before attempting to retransmit. The back-off algorithm generates this random delay. As more hosts are added to the network and begin transmitting, collisions are more likely to occur. Duplex Transmissions • Simplex Transmission: One way and one way only. – One way street • Half-duplex Transmission: Either way, but only one way at a time. – Two way street, but only one way at a time (land slide). • Full-duplex Transmission: Both ways at the same time. – Two way street Network Congestion • Today's networks are experiencing an increase in the transmission of many forms of media: – Large graphics files – Images – Full-motion video – Multimedia applications Network Latency • Latency, or delay, is the time a frame or a packet takes to travel from • • the source station to the final destination. It is important to quantify the total latency of the path between the source and the destination for LANs and WANs. Latency has at least three sources: – First, there is the time it takes the source NIC to place voltage pulses on the wire and the time it takes the receiving NIC to interpret these pulses. This is sometimes called NIC delay. – Second, there is the actual propagation delay as the signal takes time to travel along the cable. – Third, latency is added according to which networking devices, whether they are Layer 1, Layer 2, or Layer 3, are added to the path between the two communicating computers. Ethernet 10 BASE-T transmission time • Transmission time equals the number of bits being sent times the bit • • • time for a given technology. Another way to think about transmission time is the time it takes a frame to be transmitted. Small frames take a shorter amount of time. Large frames take a longer amount of time. Each 10 Mbps Ethernet bit has a 100 ns transmission window. – Therefore, 1 byte takes a minimum of 800 ns to transmit. – A 64-byte frame, the smallest 10BASE-T frame allowing CSMA/CD to function properly, takes 51,200 ns ( 51.2 microseconds). – Transmission of an entire 1000-byte frame from the source station requires 800 microseconds. The benefits of using repeaters • The distance that a LAN can cover is limited due to attenuation. • Attenuation means that the signal weakens as it travels through the • • network. The resistance in the cable or medium through which the signal travels causes the loss of signal strength. An Ethernet repeater is a physical layer device on the network that boosts or regenerates the signal on an Ethernet LAN. Full-duplex transmitting • Full-duplex Ethernet allows the transmission of a packet and the • • • • • reception of a different packet at the same time. To transmit and receive simultaneously, a dedicated switch port is required for each node. The full-duplex Ethernet switch takes advantage of the two pairs of wires in the cable by creating a direct connection between the transmit (TX) at one end of the circuit and the receive (RX) at the other end. Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth because of collisions and latency. Full-duplex Ethernet offers 100% of the bandwidth in both directions. This produces a potential 20 Mbps throughput, which results from 10 Mbps TX and 10 Mbps RX. Duplex Transmissions • Simplex Transmission: One way and one way only. – One way street • Half-duplex Transmission: Either way, but only one way at a time. – Two way street, but only one way at a time (land slide). • Full-duplex Transmission: Both ways at the same time. – Two way street LAN segmentation • Not the best diagram, let’s look at some examples… Sending and receiving Ethernet frames on a bus 1111 2222 3333 nnnn Abbreviated MAC Addresses 3333 1111 • • When an Ethernet frame is sent out on the “bus” all devices on the bus receive it. What do they do with it? Sending and receiving Ethernet frames on a bus Nope 1111 2222 Hey, that’s me! 3333 Nope nnnn Abbreviated MAC Addresses 3333 1111 • Each NIC card compares its own MAC address with the Destination • • MAC Address. If it matches, it copies in the rest of the frame. If it does NOT match, it ignores the rest of the frame. – Unless you are running a Sniffer program Sending and receiving Ethernet frames on a bus 1111 • 2222 3333 nnnn Abbreviated MAC Addresses So, what happens when multiple computers try to transmit at the same time? Sending and receiving Ethernet frames on a bus 1111 2222 3333 nnnn X Collision! Abbreviated MAC Addresses Access Methods Two common types of access methods for LANs include • Non-Deterministic: Contention methods (Ethernet, IEEE 802.3) – Only one signal can be on a network segment at one time. – Collisions are a normal occurrence on an Ethernet/802.3 LAN • Deterministic: Token Passing (Token Ring) • CSMA/CD CSMA/CD (Carrier Sense Multiple Access with Collision Detection) • Common contention method used with Ethernet and IEEE 802.3 • “Let everyone have access whenever they want and we will work it out somehow.” • CSMA/CD and Collisions CSMA/CD (Carrier Sense Multiple Access with Collision Detection) • Listens to the network’s shared media to see if any other users on “on the line” by trying to sense a neutral electrical signal or carrier. • If no transmission is sensed, then multiple access allows anyone onto the media without any further permission required. • If two PCs detect a neutral signal and access the shared media at the exact same time, a collision occurs and is detected. • The PCs sense the collision by being unable to deliver the entire frame (coming soon) onto the network. (This is why there are minimum frame lengths along with cable distance and speed limitations. This includes the 5-4-3 rule.) • When a collision occurs, a jamming signal is sent out by the first PC to detect the collision. • Using either a priority or random backoff scheme, the PCs wait certain amount of time before retransmitting. • If collisions continue to occur, the PCs random interval is doubled, lessening the chances of a collision. • CSMA/CD and Collisions Nope 1111 Notice the location of the DA! 2222 Hey, that’s me! 3333 Nope nnnn Abbreviated MAC Addresses 3333 1111 And as we said, • When information (frame) is transmitted, every PC/NIC on the shared media copies part of the transmitted frame to see if the destination address matches the address of the NIC. • If there is a match, the rest of the frame is copied • If there is NOT a match the rest of the frame is ignored. • Sending and receiving Ethernet frames via a hub 3333 1111 1111 ? 2222 • • 5555 3333 4444 So, what does a hub do when it receives information? Remember, a hub is nothing more than a multiport repeater. • Sending and receiving Ethernet frames via a hub Hub or • Sending and receiving Ethernet frames via a hub 3333 1111 • The hub will flood it out all 1111 2222 Nope • • 5555 Nope • • 3333 For me! 4444 Nope • ports except for the incoming port. Hub is a layer 1 device. A hub does NOT look at layer 2 addresses, so it is fast in transmitting data. Disadvantage with hubs: A hub or series of hubs is a single collision domain. A collision will occur if any two or more devices transmit at the same time within the collision domain. More on this later. • Sending and receiving Ethernet frames via a hub 2222 1111 • Another disadvantage with 1111 2222 For me! 5555 Nope 3333 Nope 4444 Nope hubs is that is take up unnecessary bandwidth on other links. Wasted bandwidth • Sending and receiving Ethernet frames via a switch • Sending and receiving Ethernet frames via a switch Source Address Table Port Source MAC Add. Port Source MAC Add. 3333 1111 • Switches are also known as switch • • 1111 3333 • Abbreviated MAC addresses 2222 4444 • learning bridges or learning switches. A switch has a source address table in cache (RAM) where it stores source MAC address after it learns about them. A switch receives an Ethernet frame it searches the source address table for the Destination MAC address. If it finds a match, it filters the frame by only sending it out that port. If there is not a match if floods it out all ports. • No Destination Address in table, Flood Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 3333 1111 • How does it learn source MAC switch • • • 1111 3333 • Next, in our scenario, the Abbreviated MAC addresses 2222 addresses? First, the switch will see if the SA (1111) is in it’s table. If it is, it resets the timer (more in a moment). If it is NOT in the table it adds it, with the port number. 4444 switch will flood the frame out all other ports, because the DA is not in the source address table. • Destination Address in table, Filter Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1111 3333 • Most communications involve switch • • 1111 • 3333 Abbreviated MAC addresses • 2222 4444 some sort of client-server relationship or exchange of information. (You will understand this more as you learn about TCP/IP.) Now 3333 sends data back to 1111. The switch sees if it has the SA stored. It does NOT so it adds it. (This will help next time 1111 sends to 3333.) Next, it checks the DA and in our case it can filter the frame, by sending it only out port 1. • Destination Address in table, Filter Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 3333 1111 switch 1111 3333 1111 3333 Abbreviated MAC addresses 2222 4444 • Now, because both MAC addresses are in the switch’s table, any information exchanged between 1111 and 3333 can be sent (filtered) out the appropriate port. • What happens when two devices send to same destination? What if this was a hub? Where is (are) the collision domain(s) in this example? • • • No Collisions in Switch, Buffering Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444 3333 1111 switch 3333 4444 • Unlike a hub, a collision does • 1111 3333 • Abbreviated MAC addresses 2222 4444 NOT occur, which would cause the two PCs to have to retransmit the frames. Instead the switch buffers the frames and sends them out port #6 one at a time. The sending PCs have no idea that their was another PC wanting to send to the same destination. • Collision Domains Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444 3333 1111 Collision Domains switch 3333 4444 • When there is only one device 1111 3333 • Abbreviated MAC addresses 2222 4444 on a switch port, the collision domain is only between the PC and the switch. (Cisco curriculum is inaccurate on this point.) With a full-duplex PC and switch port, there will be no collision, since the devices and the medium can send and receive at the same time. • Other Information Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444 • switch • • 1111 3333 Abbreviated MAC addresses • 2222 4444 How long are addresses kept in the Source Address Table? – 5 minutes is common on most vendor switches. How do computers know the Destination MAC address? • ARP Caches and ARP Requests How many addresses can be kept in the table? – Depends on the size of the cache, but 1,024 addresses is common. What about Layer 2 broadcasts? – Layer 2 broadcasts (DA = all 1’s) is flooded out all ports. Side Note - Transparent Bridging • Transparent bridging (normal switching process) is defined in IEEE 802.1d describing the five bridging processes of: – learning – flooding filtering – forwarding – aging • These will be discussed further in STP (Spanning Tree Protocol) Transparent Bridge Process - Jeff Doyle Receive Packet Learn source address or refresh aging timer Is the destination a broadcast, multicast or unknown unicast? No Yes Flood Packet Are the source and destination on the same interface? No Yes Filter Packet Forward unicast to correct port • What happens here? Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 3333 1111 3333 • Notice the Source Address Table has multiple entries for port #1. 3333 1111 2222 5555 • What happens here? Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 5555 1111 3333 • The switch filters the • frame out port #1. But the hub is only a layer 1 device, so it floods it out all ports. • Where is the collision domain? 3333 1111 2222 5555 • What happens here? Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 5555 1111 3333 Collision Domain 3333 1111 2222 5555 • LAN segmentation with routers • Routers provide segmentation of networks, adding a latency factor of • • • • 20% to 30% over a switched network. This increased latency is because a router operates at the network layer and uses the IP address to determine the best path to the destination node. Bridges and switches provide segmentation within a single network or subnetwork. Routers provide connectivity between networks and subnetworks. Routers also do not forward broadcasts while switches and bridges must forward broadcast frames. • Layer 2 and layer 3 switching (routing) • A layer 3 switch is typically a layer 2 switch that includes a routing • • • process, I.e. does routing. (Oh yea, also known as routing. Got to love those people in Marketing.) Layer 3 switching has many meanings and in many cases is just a marketing term. Layer 3 switching is a function of the network layer. The Layer 3 header information is examined and the packet is forwarded based on the IP address. • Symmetric and asymmetric switching Note: Most switches are now 10/100, which allow you to use them symmetrically or asymmetrically. Ethernet switch latency • Latency is the period of time from when the beginning of a frame enters • to when the end of the frame exits the switch. Latency is directly related to the configured switching process and volume of traffic. • Memory buffering • switch • • • 1111 3333 Abbreviated MAC addresses • 2222 4444 • An Ethernet switch may use a buffering technique to store and forward frames. Buffering may also be used when the destination port is busy. The area of memory where the switch stores the data is called the memory buffer. This memory buffer can use two methods for forwarding frame: – port-based memory buffering – shared memory buffering In port-based memory buffering frames are stored in queues that are linked to specific incoming ports. Shared memory buffering deposits all frames into a common memory buffer which all the ports on the switch share. • Two switching methods • Store-and-forward – The entire frame is received before any • • forwarding takes place. – The destination and source addresses are read and filters are applied before the frame is forwarded. – CRC Check done Cut-through – The frame is forwarded through the switch before the entire frame is received. – This mode decreases the latency of the transmission, but also reduces error detection. 1900 and 2800 series switches this is configurable, otherwise depends on the model of the switch. • Cut-through Cut-through • Fast-forward – Offers the lowest level of latency. – Fast-forward switching immediately forwards a packet after reading the destination address. – There may be times when packets are relayed with errors. – Although this occurs infrequently and the destination network adapter will discard the faulty packet upon receipt. • Cut-through Cut-through • Fragment-free – Fragment-free switching filters out collision fragments before forwarding begins. – Collision fragments are the majority of packet errors. – In a properly functioning network, collision fragments must be smaller than 64 bytes. – Anything greater than 64 bytes is a valid packet and is usually received without error. – Fragment-free switching waits until the packet is determined not to be a collision fragment before forwarding. • Two switching methods • Adaptive cut-through – In this mode, the switch uses cut-through until it detects a given number of errors. – Once the error threshold is reached, the switch changes to store-and-forward mode. Functions of a switch • The main features of Ethernet switches are: – Isolate traffic among segments – Achieve greater amount of bandwidth per user by creating smaller collision domains How switches learn addresses “Learning bridges” or Learning switches” • Bridges and switches learn in the following ways: • • • • – Reading the source MAC address of each received frame or datagram – Recording the port on which the MAC address was received. The bridge or switch learns which addresses belong to the devices connected to each port. The learned addresses and associated port or interface are stored in the addressing table. The bridge examines the destination address of all received frames. The bridge then scans the address table searching for the destination address. Filter or Flood (Switch) • If a switch has the frame’s destination address in its CAM table (or • • • Source Address Table) it will only send the frame out the appropriate port. If a switch does not have the frame’s destination MAC address in its CAM table, it floods (sends) it out all ports except for the incoming port (the port that the frame came in on) known as an Unknown Unicast, or if the destination MAC address is a broadcast. Note: A CAM table may contain multiple entries per port, if a hub or a switch is attached to that port. Most Ethernet bridges can filter broadcast and multicast frames. Filter or Flood (Switch) • Switches flood frames that are: – Unknown unicasts – Layer 2 broadcasts – Multicasts (unless running multicast snooping or IGMP) • Multicast are special layer 2 and layer 3 addresses that are sent to devices that belong to that “group”. Why segment LANs? (Layer 2 segments) Hub Switch • First is to isolate traffic between segments. • The second reason is to achieve more bandwidth per user by creating smaller collision domains. • Why segment LANs? (Layer 2 segments) switch Collision Domains • 1111 3333 Abbreviated MAC addresses 2222 4444 • A switch employs “microsegmentation” to reduce the collision domain on a LAN. The switch does this by creating dedicated network segments, or point-to-point connections. • Broadcast domains 172.30.1.21 255.255.255.0 172.30.2.10 255.255.255.0 Switch 1 172.30.1.23 255.255.255.0 172.30.2.12 255.255.255.0 Switched Network - Two Networks •All ARP Request Ÿ Two Subnets Ÿ Ÿ Several Collision Domains Ÿ One per switch port One Broadcast Domain Switch 2 172.30.2.16 255.255.255.0 172.30.1.25 255.255.255.0 172.30.2.14 255.255.255.0 172.30.1.27 255.255.255.0 • Even though the LAN switch reduces the size of collision domains, all • hosts connected to the switch are still in the same broadcast domain. Therefore, a broadcast from one node will still be seen by all the other nodes connected through the LAN switch. • Switches and broadcast domains These are logical not physical representations of what happens to these frames. • Switches flood frames that are: – Unknown unicasts – Layer 2 broadcasts – Multicasts (unless running multicast snooping or IGMP) • Multicast are special layer 2 and layer 3 addresses that are sent to devices that belong to that “group”. Switches and broadcast domains • When a device wants to send out a Layer 2 broadcast, the destination • • MAC address in the frame is set to all ones. A MAC address of all ones is FF:FF:FF:FF:FF:FF in hexadecimal. By setting the destination to this value, all the devices will accept and process the broadcasted frame. Switches and broadcast domains Communication between switches and workstation • Hubs to VLANs Part 1 (Part 2 will be discussed when we cover VLANs.) • Using Hubs • • • • • Layer 1 devices Inexpensive In one port, out the others One collision domain One broadcast domain • Single Hub Hub 1 172.30.1.21 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 Single Hub Ÿ One Network (IP Network Address - usually) Ÿ One Collision Domain Ÿ One Broadcast Domain This is fine for small workgroups, but does not scale well for larger workgroups or heavy traffic. • Single Hub Hub 1 172.30.1.21 255.255.255.0 172.30.2.22 255.255.255.0 172.30.1.22 255.255.255.0 172.30.2.21 255.255.255.0 Note: Different color hosts refer to different subnets. Single Hub - Two subnets Ÿ Two subnets Ÿ One Collision Domain Ÿ One Broadcast Domain • • • What if the computers were on two different subnets? Could they communicate within their own subnet? Yes Between subnets? No, need a router. The sending host will check the destination IP address with its own IP address and subnet mask. The AND operation will determine that it is on a different subnet and cannot be reached without sending the packet to a default gateway (router). This is even though they are on the same physical network. • Multiple Hubs Hub 1 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 All Hubs Ÿ One Network Address Ÿ One Collision Domain Ÿ One Broadcast Domain Hub 2 172.30.1.27 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 • Same issues as before, with more of an impact on the network. • Using Switches • • • • Layer 2 devices Layer 2 filtering based on Destination MAC addresses and Source Address Table One collision domain per port One broadcast domain across all switches • Switches create multiple parallel paths Hub 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 Switch and Hub Network Ÿ One Network Ÿ Several Collision Domains Ÿ One per switch port Ÿ One for the entire Hub Ÿ One Broadcast Domain Switch 172.30.1.27 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 Two parallel paths: (complete SAT tables) • Data traffic from 172.30.1.24 to 172.30.1.25 • Data traffic from 172.30.1.26 to 172.30.1.2 172.30.1.26 255.255.255.0 • Hubs do not create multiple parallel paths Collision! Hub 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 Switch and Hub Network Ÿ One Network Ÿ Several Collision Domains Ÿ One per switch port Ÿ One for the entire Hub Ÿ One Broadcast Domain Switch 172.30.1.27 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 As opposed to the Hub: • Data traffic from 172.30.1.21 to 172.30.1.22 • Data traffic from 172.30.1.23 to 172.30.1.24 172.30.1.26 255.255.255.0 • Switches create multiple parallel paths Hub 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 Switch and Hub Network Ÿ One Network Ÿ Several Collision Domains Ÿ One per switch port Ÿ One for the entire Hub Ÿ One Broadcast Domain Switch 172.30.1.27 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 Collisions and Switches: What happens when two devices on a switch, send data to another device on the switch? 172.30.1.24 to 172.30.1.25 and 172.30.1.26 to 172.30.1.25 • Switches create multiple parallel paths Hub Frames buffered 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 172.30.1.23 255.255.255.0 Switch and Hub Network Ÿ One Network Ÿ Several Collision Domains Ÿ One per switch port Ÿ One for the entire Hub Ÿ One Broadcast Domain Switch 172.30.1.27 255.255.255.0 172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 The switch keeps the frames in buffer memory, and queues the traffic for the host 172.30.1.25. This means that the sending hosts do not know about the collisions and do not have to re-send the frames. • Other Switching Features Review • Asymmetric ports: 10 Mbps and 100 Mbps • Full-duplex ports • Cut-through versus Store-and-Forward switching • Other Switching Features 172.30.1.21 255.255.255.0 172.30.1.22 255.255.255.0 Switch 1 172.30.1.23 255.255.255.0 172.30.1.24 255.255.255.0 All Switched Network Ÿ One Network Ÿ Several Collision Domains Ÿ One per switch port Ÿ One Broadcast Domain Switch 2 172.30.1.28 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 172.30.1.27 255.255.255.0 • Ports between switches and server ports are good candidates for higher • bandwidth ports (100 Mbps) and full-duplex ports. Most switch ports today are full-duplex. • Introducing Multiple Subnets/Networks without Routers • Switches are Layer 2 devices • Router are Layer 3 devices • Data between subnets/networks must pass through a router. • Switched Network with Multiple Subnets ARP Request 172.30.1.21 255.255.255.0 172.30.2.10 255.255.255.0 Switch 1 172.30.1.23 255.255.255.0 172.30.2.12 255.255.255.0 All Switched Network - Two Networks Ÿ Two Subnets Ÿ Several Collision Domains Ÿ One per switch port Ÿ One Broadcast Domain • • • • Switch 2 172.30.2.16 255.255.255.0 172.30.1.25 255.255.255.0 172.30.2.14 255.255.255.0 172.30.1.27 255.255.255.0 What are the issues? Can data travel within the subnet? Yes Can data travel between subnets? No, need a router! What is the impact of a layer 2 broadcast, like an ARP Request? • Switched Network with Multiple Subnets ARP Request 172.30.1.21 255.255.255.0 172.30.2.10 255.255.255.0 Switch 1 172.30.1.23 255.255.255.0 172.30.2.12 255.255.255.0 All Switched Network - Two Networks Ÿ Two Subnets Ÿ Several Collision Domains Ÿ One per switch port Ÿ One Broadcast Domain • • • Switch 2 172.30.2.16 255.255.255.0 172.30.1.25 255.255.255.0 172.30.2.14 255.255.255.0 172.30.1.27 255.255.255.0 All devices see the ARP Request, even those on the other subnets that do not need to see it. One broadcast domain means the switches flood all broadcast out all ports, except the incoming port. Switches have no idea of the layer 3 information contained in the ARP Request.This consumes bandwidth on the network and processing cycles on the hosts. • One Solution: Physically separate the subnets 172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0 Switch 1 172.30.1.25 255.255.255.0 Two Switched Networks Ÿ Two Subnets Ÿ Several Collision Domains Ÿ One per switch port Ÿ Two Broadcast Domain 172.30.1.26 255.255.255.0 Switch 2 172.30.2.16 255.255.255.0 172.30.2.10 255.255.255.0 172.30.2.12 255.255.255.0 172.30.2.14 255.255.255.0 • But still no data can travel between the subnets. • How can we get the data to travel between the two subnets? • Another Solution: Use a Router 172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0 172.30.1.1 255.255.255.0 Switch 1 172.30.2.1 255.255.255.0 Router 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Several Collision Domains Ÿ One per switch port Ÿ Communication between subnets • Switch 2 172.30.2.16 255.255.255.0 172.30.2.10 255.255.255.0 172.30.2.12 255.255.255.0 172.30.2.14 255.255.255.0 Two separate broadcast domains, because the router will not forward the layer 2 broadcasts such as ARP Requests. • Switches with multiple subnets • • So far this should have been a review. Lets see what happens when we have two subnets on a single switch and we want to route between the two subnets. • Router-on-a-stick or One-Arm-Router (OAR) interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary Router 172.30.1.1 172.30.2.1 sec 255.255.255.0 ARP Request Secondary addresses can be used when the router does not support sub-interfaces which will be discussed later. 172.30.1.21 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 • • 172.30.1.23 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Communication between subnets When a single interface is used to route between subnets or networks, this is know as a router-on-a-stick. To assign multiple ip addresses to the same interface, secondary addresses or subinterfaces are used. • Router-on-a-stick or One-Arm-Router (OAR) interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary 172.30.1.21 255.255.255.0 Router 172.30.1.1 172.30.2.1 sec 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 Routed Networks Advantages Ÿ Two Subnets Ÿ there Communication between subnets • Useful when are limited Ethernet interfaces on the router. Disadvantage • Because a single link is used to connect multiple subnets, one link is having to carry the traffic for multiple subnets. • Be sure this is link can handle the traffic. • Router-on-a-stick or One-Arm-Router (OAR) interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary Router 172.30.1.1 172.30.2.1 sec 255.255.255.0 ARP Request 172.30.1.21 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Communication between subnets • Still the same problem of the switch forwarding broadcast traffic to all devices on all subnets. • Router-on-a-stick or One-Arm-Router (OAR) interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary 172.30.1.21 255.255.255.0 Router 172.30.1.1 172.30.2.1 sec 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Communication between subnets Remember to have the proper default gateway set for each host. • 172.30.1.0 hosts - default gateway is 172.30.1.1 • 172.30.2.0 hosts - default gateway is 172.30.2.1 • Interface for each subnet 172.30.1.1 E0 255.255.255.0 172.30.1.21 255.255.255.0 E1 172.30.2.1 Router 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Communication between subnets • An Ethernet router interface per subnet may be used instead of one. • However this may be difficult if you do not have enough Ethernet ports on your router. • Still one broadcast domain 172.30.1.1 255.255.255.0 Router 172.30.2.1 255.255.255.0 ARP Request 172.30.1.21 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 Routed Networks Ÿ Two Subnets Ÿ Communication between subnets • Still the same problem of the switch forwarding broadcast traffic to all devices on all subnets. • Introducing VLANs • • • • VLAN = Subnet VLANs create separate broadcast domains within the switch. Routers are needed to pass information between different VLANs This is only an introduction, as we will discuss VLANs and Inter-VLAN Routing in later chapters. • Layer 2 Broadcast Segmentation Switch Port: VLAN ID ARP Request 172.30.1.21 255.255.255.0 VLAN 1 Switch 1 172.30.2.12 255.255.255.0 VLAN 2 172.30.2.10 255.255.255.0 VLAN 2 172.30.1.23 255.255.255.0 VLAN 1 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN Two VLANs Ÿ Two Subnets • An ARP Request from 172.30.1.21 for 172.30.1.23 will only be seen by • hosts on that VLAN. The switch will flood broadcast traffic out only those ports belonging to that particular VLAN, in this case VLAN 1. • Layer 2 Broadcast Segmentation 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN Port-centric VLAN Switches • As the Network Administrator, it is your job to assign switch ports to the proper VLAN. • This assignment is only done at the switch and not at the host. • Note: The following diagrams show the VLAN below the host, but it is actually assigned on the switch. • Without VLANs – No Broadcast Control ARP Request 172.30.1.21 255.255.255.0 Switch 1 172.30.2.12 255.255.255.0 172.30.2.10 255.255.255.0 172.30.1.23 255.255.255.0 No VLANs Ÿ Same as a single VLAN Ÿ Two Subnets • Without VLANs, the ARP Request would be seen by all hosts. • Again, consuming unnecessary network bandwidth and host processing cycles. • With VLANs – Broadcast Control Switch Port: VLAN ID ARP Request 172.30.1.21 255.255.255.0 VLAN 1 Switch 1 172.30.2.12 255.255.255.0 VLAN 2 172.30.2.10 255.255.255.0 VLAN 2 172.30.1.23 255.255.255.0 VLAN 1 Two VLANs Ÿ Two Subnets 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN • Inter-VLAN Traffic Switch Port: VLAN ID 172.30.1.21 255.255.255.0 VLAN 1 Switch 1 172.30.2.12 255.255.255.0 VLAN 2 172.30.2.10 255.255.255.0 VLAN 2 172.30.1.23 255.255.255.0 VLAN 1 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN Two VLANs 1. Remember that VLAN IDs (numbers) are assigned to the switch port and not to theŸ host. Two(Port-centric Subnets VLAN switches) 2. Be sure to have all of the hosts on the same subnet belong to the same VLAN, or you will have problems. • Hosts on subnet 172.30.1.0/24 - VLAN 1 • Hosts on subnet 172.30.2.0/24 - VLAN 2 • etc. • Inter-VLAN Traffic Switch Port: VLAN ID To 172.30.2.12 172.30.1.21 255.255.255.0 VLAN 1 Switch 1 172.30.2.12 255.255.255.0 VLAN 2 172.30.2.10 255.255.255.0 VLAN 2 172.30.1.23 255.255.255.0 VLAN 1 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN Two VLANs Ÿ Two Subnets • • A switch cannot route data between different VLANs. Note: The host will not even send the Packet unless it has a default gateway to forward it to. • Inter-VLAN Routing needs a Router 172.30.1.1 255.255.255.0 (VLAN 1) Router 172.30.2.1 255.255.255.0 (VLAN 2) 1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN • A router is need to route traffic between VLANs (VLAN = Subnet). • There are various methods of doing this including Router-on-a-stick with • trunking (more than one VLAN on the link). This will be discussed later when we get to the chapter on VLANs and Inter-VLAN Routing. Ch. 4 – Switching Concepts CCNA 3 version 3.0