1. Switching Topic 1 Basic concepts

2. Agenda Ethernet 802.3 CSMA/CD and duplex Frames and MACs Switching process – Store, forward and buffers Issues – Collisions and broadcasts – Latency and congestion Layer 3 switches Switchport security Switch boot sequence

3. Ethernet standard IEEE 802.3 LAN standard Layer 2 data link (OSI) CSMA/CD technology for multi-access segments (shared links) Frames: – Unicast – Broadcast – Multicast Switches and access points and NICs, twisted pair or fiber (mm or sm) and star topology and point- to-point links

4. CSMA/CD Carrier sense: – Listen before transmitting, if no traffic transmit message – Keep listening for collisions Multi-access: – If two devices transmit at the same time, signals collide Collision detection: – All devices listen for collisions – an increase signal amplitude – Transmitting devices continue to transmit until minimum packet time is reached (jam signal) to ensure that all devices detect the collision – All devices start a back-off algorithm and wait for a random of time (no transmitting) – Back to listening mode – No device has priority to resend Multi-access hub based, half duplex communications only

5. Duplex Half duplex – link shared by many hosts via a hub – Data can travel in both directions but only one direction at a time (1 lane bridge) – Uses CSMA/CD to detect and manage collisions – Hub based networks – Lower performance – lots of waiting for the media – 50–60% efficiency Full duplex – only one host at each end of link – Data can be sent and received at the same time (2 lane bridge) – Uses two pairs of wires (Cat 5e uses four pairs), one to transmit and one to receive – No collisions, sending and receiving done on two separate circuits – CSMA/CD not required, collision detect circuit is disabled – Host is attached to a dedicated switchport – Point-to-point connection – 100% efficiency in both directions (100 Mbps transmit and 100 Mbps receive for FastEthernet)

6. Switchport duplex settings Auto – Both nodes negotiate the duplex setting to use – Default for FastEthernet ports and 10/100/1000 NICs Full – Default for 100Base-FX ports and for Gigabit ports Half – Default mode if auto negotiation fails (unsupported by other host) Duplex mismatch – Switch configured for full duplex and host only supports half duplex – FCS errors on full duplex port (show interface) – Random ping packets succeed and most fail Auto-MDIX – Switch detects the cable type for copper Ethernet connections and configures the interface to match – Use either crossover or straight-through cables between hosts and switches and switches and switches – Enabled by default on Cisco® IOS 12.2(18) and later

7. Ethernet frames Packet is encapsulated into a frame Frame is transmitted onto the media Frames use MAC addresses – 48 bits, 12 hex digits, burned into NIC – OUI |Vendor assigned

8. Mac-address-table MAC address table maps the switchports and the MAC addresses of the hosts connected to the switchport MAC addresses are learned and added to the MAC address table by checking the source MAC in the header of frames arriving on the switchport Mappings age out to keep data current Also called CAM table

9. MAC address table Demo

10. Switching process Switch receives an incoming frame through an arriving port Switch adds source MAC address to MAC address table if not known Flood, forward or filter? – If a broadcast frame FF-FF-FF-FF-FF-FF, switch forwards out of all ports except arriving port – If unicast frame switch does a lookup on MAC address table for the destination MAC and its associated port If not found, the frame is broadcast – If the associated port is the same as the arriving port the frame is dropped Frame is switched to the destination MAC port(s) and forwarded Uplink ports have multiple MAC addresses associated with them – as all the destinations on the upstream switch are learned from arriving frames they are added to the MAC address table

11. Switch forwarding Store and forward – high integrity – As a frame arrives it is stored in a buffer until fully received – Switch does error check, computes and verifies CRC value in trailer – If CRC integrity check is successful, MAC address table lookup on destination address for destination port and frame is forwarded, if not then frame is dropped – Store and forward switching is required for QoS analysis for prioritisation – Store and forward is now the only forwarding method on new Cisco® devices Cut through (fast forward) – fast and low latency – Switch does not perform error checking – Switch buffers first few bytes, determines the destination MAC address, looks up the destination port and begins forwarding through the outgoing port – Faster but frames with errors can be forwarded Variants – Fragment-free switching Switch stores the first 64 bytes and does an error check, then starts forwarding

12. Switching symmetry Symmetric switching – All ports have the same bandwidth – Optimised for distributed traffic load such as peer-to- peer desktops Asymmetric switching – Ports have different bandwidths – More bandwidth dedicated to server switchports and to uplink ports to prevent bottlenecks – Requires memory buffering to match the different data rates

13. Memory buffering Port-based memory buffering – Arriving frame is queued in the arriving port buffer – Frame is not moved to the destination port until the all frames ahead in the queue are transmitted – Delayed even when the destination port is open Shared memory buffering – All frames from all ports are stored in a common memory buffer – Frames are linked to their destination port with a map of frame to port links – Frames can be transmitted as soon as the destination port is idle – Larger frames are transmitted with fewer dropped frames as memory is allocated dynamically

14. Collision Issues Shared media environments have the potential for collisions – All connections on a hub belong to one collision domain – Don’t use hubs (200% reduced to 50% efficiency) Host connecting to a switch is a dedicated connection – An individual collision domain, a microsegment – There is no potential for collisions – Separate wires are used to transmit and receive – 24 port switch has 24 collision domains Switches increase the number of collision domains (and reduce the size of collision domains ) Switches improve efficiency as all bandwidth is available to the host

15. Broadcast issues Many protocols must broadcast – ARP (who has 192.168.1.1?) to determine a destination host MAC – DHCP (are you a DHCP server?) to locate a DHCP server Switches forward broadcast frames – Broadcasts are sent through all switchports including links to other switches except the originating switchport All hosts receive and process broadcasts – Bandwidth used up – CPU processing time used up As more switches and hosts are added there are more broadcasts on the network – More than 20% broadcast traffic on a host and the network is too large Too much broadcast traffic reduces performance, uses bandwidth and CPU cycles Routers divide networks and define broadcast domains – Routers do not forward broadcasts

16. Segmentation Segmentation is creating a boundary around a physical grouping of hosts Routers segment the broadcast domain – Creating smaller broadcast domains reduces broadcast traffic and makes more bandwidth and processing available to applications – Each router interface connects to a different LAN network (different broadcast domain) Switches segment the collision domain – Reduces the size of the collision domain – Each switchport connects to a different segment (collision domain)

17. Broadcast and collision domains

18. Latency Latency or delay is the time a frame or packet takes to travel from the source to the destination Sources of latency : – NIC delay – time to encode and transmit signals or receive and decode frames – Propagation delay – time for a signal to move down the link to the destination – Transmission delay – time it takes the switch to process, buffer and forward the frame Switches have less latency than routers because: – Routers have more complex and processor intensive functions (ACLS and routing) – Routers strip frame headers to read packet headers Switches support high forwarding rates – By using ASICS application specific integrated circuits to provide hardware support for wire speed Access layer switches can be oversubscribed – Full bandwidth on all ports is more than the internal forwarding rate

19. Congestion Causes of network congestion: – More powerful hosts which send and process data at higher rates – Increasing volumes of network traffic: due in part to broadcast traffic due in part to 80/20 rule changing to 20/80 now 80% of resources are located outside the LAN and require crossing the core High bandwidth applications – such as desktop publishing, engineering design, video on demand, e-learning and streaming video (video and multimedia)

20. Network bottlenecks How many ports are required for hosts? For uplinks? What speed is the host sending at? 48 ports running at 1 Gbps in full duplex requires an internal forwarding rate of 96 Gbps – What is the internal throughput of the device? – Can it handle the anticipated traffic loads considering its placement in the network? Latency is greater on routers but routers split broadcast domains Do the maths and aggregate multiple links

21. Security issues Limits the number of valid MAC addresses allowed on the port – Port will not forward traffic from disallowed addresses – Authorised MAC address is assured full bandwidth on the port Static secure MAC addresses: Manually configured in address table Dynamic secure MAC addresses: Learned dynamically (removed when switch restarts) Sticky secure MAC addresses: Dynamically learn MAC addresses and saved to the running configuration Security violation mode: – If more than the maximum allowed MAC addresses attempts to access the interface OR, if an address learned or configured on a secure interface is seen on another secure interface in the same VLAN a violation occurs Actions taken when violation occurs: – Protect: drop frame and no notification sent – Restrict: drop frame and send notification, SNMP trap or syslog message – Shutdown: interface is disabled and LED turns off, SNMP trap and syslog message sent and violation counter incremented. (Release with shutdown and no shutdown commands).

22. Layer 3 switching Layer 3 switches can examine IP addresses and route traffic at switch speeds – Layer 3 switches can route between VLANs Layer 3 switching is faster than routing Layer 3 switches do not support WAN interfaces Layer 3 switches do not support advanced routing functions such as remote access connections VPNs

23. Switch boot sequence Loads boot loader from ROM Boot loader – initialises CPU registers – performs POST – initialises flash file system – loads the default IOS image into memory – initialises interfaces with commands from config.text stored in flash POST completes – SYST LED blinks green or amber if POST fails Boot loader provides a command line to format flash file system, reinstall IOS image or recover a password

24. Agenda Ethernet 802.3 CSMA/CD and duplex Frames and MACs Switching process – Store, forward and buffers Issues – Collisions and broadcasts – Latency and congestion Layer 3 switches Switchport security Switch boot sequence

25. Switching Topic 1 Basic concepts