Ethernet Switching

1. Introduction
Bridging and Frame Switching are practically one and the same technology. Frame Switching is
Bridging that has been speeded up. Bridging has always been software-based and normally a
bridge would just have two ports used to connect the two LANs being bridged. Switching is
hardware-based and has many ports but all the rules that apply to bridging also apply to
switching and more besides. he !A" address is always left unchanged in bridging #barring the
bit ordering change in ranslational bridging$%.
LAN Frame switches can include F&&'( o)en *ing or +thernet switches. +ffectively( the switch
provides single "ollision &omains per switch port and each port acts as a bridge port to the rest
of the networ). Forwarding tables are )ept per port( different media( different speeds etc. can be
configured on a port by port basis. he speed enhancement to the networ) is achieved through
the ,microsegmentation, of the large "ollision &omain into many smaller ones. +ach port on an
+thernet switch is effectively a very fast bridge port. he switch itself has its own !A" address
e.g. -.--.a/--.df--( and then each of its ports is given a !A" address( commonly in port order0
port 1 has address -.--.a/--.df-1( port 2 has address -.--.a/--.df-2 etc. 'f this particular
switch is the root bridge( then the !A" address -.--.a/--.df-- is advertised as the root bridge(
however the B3&4s originate from whatever !A" address is assigned to the port from which
the B3&4 emanates.
Some switches allow you to implement a Backpressure scheme whereby( on a particular port(
jamming frames can be sent to reduce traffic coming into the switch. his stops one port hogging
the bac)plane on a switch thereby effecting other users. 5bviously( you would not wish to
implement this on a server port( since this will affect many people and you would wish to )eep as
much of the switch processing capability for the attached servers. his is why so much play is
made of the bac)plane capability of a particular manufacturer,s switch.
2. Cut-through
A "ut-through switch first reads the &estination address of a frame and then sends the frame
straight to the destination before the rest of the frame has arrived at the switch. he first 2- to /-
bytes of the frame need to be read to ma)e sure that the frame is not a collision fragment. 'f the
destination address remains un)nown( then the switch temporarily stores the frame. "ut-through
switching is fine for fi6ed speed networ)s such as all 1-Base( and it is very fast( however if the
switch has mi6ed speed ports such as 1-71-- autosensing ports( then there is a bottle nec) when
pac)ets are moving across the switch fabric from a 1--Base segment to a 1-Base segment.
Some switches( although they forward the frame as soon as they read the destination address they
still read the frame up to the "*" and if there are a certain level of errors( they can be configured
to automatically change to a Store and Forward mode.
3. Store and Forward
A Store and Forward switch( or ,buffered switch,( stores each frame frame in a buffer before
forwarding it on to the appropriate port. his gets around the underflow or overflow situation
that could happen in a mi6ed speed environment.
4. Fragment-free Switching
his is similar to "ut hrough Switching but here the frame is chec)ed a little further than the
destination address to the Length field in order to weed out collision fragments( before it is
forwarded.
Latency of a networ) increases as the networ) gets busier. 5n a busy networ)( the bac)offs
#retransmits% that could occur with "ut-through switches increase( thereby increasing latency. A
Store and Forward switch on 1-!bps LAN delays a frame by one frame time( obviously
increasing latency( but there are no bac)offs.
Ethernet irtua! "#$s %"#$s&
1. '(er(iew
8irtual LANs have been made possible as the switching infrastructure has replaced the
traditional shared media LANs. An individual switch port can be assigned to a logical LAN( the
ne6t switch port can be easily assigned to a completely different logical LAN. his is made
possible by ,tagging, the frames entering the port so that these frames are identified as belonging
to a particular logical LAN whilst they travel along the switch fabric of the bo6. 5nce these
frames are sent out of their logical LAN ports( the tag is removed from the frame. 'n the past(
proprietary frame tagging has been implemented by "isco #'nter Switch Lin) or 'SL% and Bay
Networ)s #Lattis Span%( but the standard is now defined by )*2.1+ and may be the one that you
go for in order to allow interoperability between different manufacturers bo6es.
!ore recently frame tagging has been applied to trun) ports as lin)s to other switches and
routers within the wider networ)( carry multiple 8LANs. his ,tagging, is very important since it
enables the 8LANs to spread ,+nterprise-wide, as the bac)bones ta)e the bul) of networ) traffic
and 8LAN information. his is why 8LANs need to operate across high-bandwidth trun)ed
F&&' #.-2.1-%( Fast +thernet #'SL and .-2.19% and A! lin)s #A! LAN+%.
5ne )ey difference between 'SL and .-2.19 is that 'SL allows multiple instances of Spanning
ree #i.e. one per 8LAN% to e6ist on a trun) lin) whereas .-2.19 only allows one instance of
Spanning ree on a trun)ed lin). :hich trun)ing method you use influences the networ) design
somewhat particularly if you are wishing to ma)e the most of the networ) connections and not
have part of the networ) not being used because Spanning ree has bloc)ed some ports. 'SL
allows you to loadshare 8LANs across parallel lin)s so you don,t have to have networ) ports not
being used. his does not mean that you are completely tied in to using "isco e9uipment only
since you can ,map, 'SL 8LANs to .-2.19 8LANs before entering a load-sharing section of the
networ) and also other manufacturers such as Lucent support 'SL anyway.
he use of switches has meant that microsegmentation has increased the number of "ollision
&omains thereby minimising the number of collisions that occur across this ,flat, networ). his
in turn frees up more bandwidth for data but at the cost of increasing the amount of broadcast
traffic. 8LANs are the ne6t step where multicast and broadcast traffic is restricted to each of the
8LANs and reduces the possibility of broadcast storms.
5n a large networ) one Spanning ree would ta)e a very long time to converge. At the best of
times even a *'3v1 networ) converges more 9uic)ly than a Spanning ree networ). For this
reason( due to the greater li)elihood of changes occurring the bigger the networ) is( it is a good
thing to have one instance of Spanning ree for each 8LAN which decreases the calculation
time( improves scalability and accommodates changes more efficiently.
8LANs allow you to connect any user to any logical LAN. he benefit here is that the user could
be anywhere in the building or even another building. A particular department does not have to
have all its employees physically situated in the same place. 'n addition( security is easily
maintained since the only way to communicate between the virtual LANs is by routing between
them( either by way of a router #slow% or via a layer / switch. 8LANs also simplify moves( adds
and changes plus give opportunities to load share traffic. 'deally( you should loo) to design your
logical networ)s such that at least .-; of LAN traffic is maintained with the LAN( and a
ma6imum of 2-; of traffic routed between LANs. Note here that Layer / switching ma)es this
less of an imperative. 4ltimately( layer / switches will completely replace routers as far as
intraLAN routing is concerned( the routers will remain as edge devices( doing the job that they
are best at.
'n addition( multiple logical networ)s can be multiple6ed through one physical connection(
provided that the connection is between two bo6es that use the same ,u!ti-"ink -runking
%,"-& standard.
5riginally( 8LANs were simply based on port '& i.e. different ports being assigned to different
8LANs. his is fine if the different groups are local( but not fle6ible enough to accommodate
campus-wide 8LANs. ,3ort-centric, 8LANs re9uire no loo)up table and are easy on the
processor especially if an AS'" is ta)ing care of the switching( plus there is a high level of
security as pac)ets are very unli)ely to ,lea), into other 8LANs. hese type of 8LANs are often
referred to as Static "#$s as they are manually configured.
!embership of a 8LAN can be determined by the !A" address. he user can move
departments and the !A" address is remembered by the switch and the user remains part of the
same logical LAN. 8LANs can also be based on protocol or even application. hese methods
enable !oves and "hanges to be implemented with little effort. hese types of 8LANs are
called ./namic "#$s since the ports can automatically determine their 8LAN assignments
on a per pac)et basis. he problem with &ynamic 8LANs is that a loo)up table has to be
produced with all the )nown !A" addresses mapped to the relevant 8LANs. Not only is this
table li)ely to be very large( but it is also going to change fre9uently as new devices are added to
the networ) and old ones are removed. 'f an organisation has a lot of movement within the
building environment( then the &ynamic 8LAN may be the best design.
Frame filtering is often used by switches to aid in minimising LAN traffic. ables are )ept and
frames are compared to the table entries to varying levels of frame depth. he deeper into the
frame the switch has to go( the greater the switch latency. Also( the larger the table0 the more the
latency and these tables need to be synchronised with other switches.
2. Switched $etwork .esign
A good general networ) design is shown below<
All networ)s have the "ore( &istribution and Access layer functions within them even if two or
more of the functions are dealt with by one bo6. =enerally( it is a good idea to have the servers
connected to the &istribution switch and let the distribution switch deal with the 8LANs. he
routers could either be separate ,routers on a stic), or built in to the switch and these should deal
with access policies and filtering. he "ore switches need to be left purely to switch pac)ets and
not worry about policies( routing or server traffic.
5ne thing to be aware of when upgrading networ)s is the capability of the servers. 't is all very
well upgrading the client lin)s and the bac)bone lin)s( but if the servers can so easily become the
bottlenec) in a networ). >ou need to ma)e sure that the server( be it based on N or 4ni6( is
capable of fast networ) technology such as &uple6 operation and =igabit +thernet. Not only do
you need to ma)e sure that the server can cope with fibre-based cards for 1---BaseS? or
1---BaseL?( you also need to be sure that the servers internal components such as the hard dis)(
processor and the bus can cope with a fast networ). A duple6 gigabit card can completely swamp
the whole 3"' bus in a standard 3" which can cause problems since this 3"' bus is meant to be
share by the other cards in the machine.
E0amp!es
he following diagram illustrates a typical flat networ).
he trouble with this networ) is that it is just one collision domain and one broadcast domain so
it is prone to high collision rates and alot of the bandwidth on the networ) is going to be given
over to broadcasts. he problem with broadcast traffic is that each station on the networ) be it a
server or a client( will have to process the broadcast pac)ets. his processing has to be carried
out by the "34 of the computer and can have 9uite a large effect on the processing capability of
the computer.
A chassis-based switch can replace the hubs and provide a far more efficient networ)<
4sing the switch( not only is more bandwidth available to each client because each client has it,s
own collision domain( but also one can configure 8LANs to separate certain groups within the
organisation and thereby reduce broadcast traffic freeing up even more bandwidth. he router
can either remain a separate device or become integrated into the electronics of the switch. >ou
will notice that in this small networ)( the core( distribution and access layers can be satisfied by
one bo6 even though the functions are still distinct.
he following design e6tends the previous one for a larger networ)<
@ere( the clients are fed from ,access, or ,wor)group, switches perhaps located in different closets
elsewhere in the building. 'n this case( they are lin)ed via 1--Base switched lin)s which could
be copper #1--Base% or fibre #1--BaseF?%. Alternatively( they could be A! or even F&&'
lin)s depending on the capabilitites of the main distribution and access switches. his is because
A! LAN +mulation or F&&' .-2.1- can be used to maintain the 8LANs across the trun). he
trun) to the local router could be 'SL #which would allow load sharing of 8LANs % or .-2.19(
this local router could be contained within the switch( ma)ing the switch a layer / switch.
'n the diagram below( the networ) has been e6tended further to an +nterprise level<
he A! switch ta)es on the role of the core switch and lin)s to other sites which also have core
switches. he bac)bone within in site could be =igabit +thernet( again depending on the
capabilities of the access and distribution switches. he server farm and the routing is carried out
by the distribution switch( it is best to leave the core switches to high speed switching and( as
described before( the distribution switches should ta)e on the burden of access policies. 'f
1--Base is to be fed to the des)top it becomes more important to upgrade the bandwidth
between the access and distribution switches to either =igabit +thernet or a multiple lin) such as
A 6 1--Base lin)s forming a A--Base channel #when operating in duple6 mode this can
effectively allow a ma6imum throughput of .--!b7s%.
'n a large campus environment( multiple switch7routers at the distribution level can provide the
opportunity to form resilient lin)s to the core via the use of @S*3 or 8**3. hese protocols can
provide alternative paths for specified 8LANs.
he 8irtual *outer redundancy protocol gives the possibility of load sharing traffic across the
routers by setting up separate groups with the aim of roughly half the local traffic going through
one router and half through another by way of two or more virtual default gateways.
3. -runking '(er(iew
he trun)ing protocol used can be important in deciding the structure of the networ). Although
.-2.19 is the industry standard it has a limitation in that it only allows one instance of Spanning
ree in a trun) lin) even if there are a number of 8LANs in the trun). "isco,s 'SL( however(
allows an instance of Spanning ree per 8LAN and the advantage of this is that trun) ports can
remain available for some 8LANs if bloc)ed for other 8LANs and hardware need not remain
dormant as it would if .-2.19 was implemented.
run)ing protocols such as "isco,s 'SL could be used in the lin) to the servers. he advantage of
this is that 'ntel manufacture 'SL capable N'"s and these N'"s allow the server to have a number
of different 8LANs( and therefore completely different networ)s( to be served by the server as if
the server was made up of completely different devices. he N'" cards themselves ta)e care of
the processing of frames so the "34 of the server does not have to ta)e the load$ Another
advantage of using 'SL-aware N'"s is that the traffic does not have to be dealt with by a router
and this therefore aids to )eeping the networ) fast.
4. Cisco1s Inter-Switch "ink %IS"&
"isco use a proprietary tagging method called Inter-Switch "ink %IS"& which ta)es a different
approach to tagging the +thernet frame. 'nstead of increasing the frame siBe by inserting fields(
'SL encapsulates the +thernet frame.
"isco,s Inter-Switch "ink %IS"& allows 3er 8LAN Spanning ree #38S% so multiple 8LANs
can e6ist across a trun) lin). !ultiple Spanning rees allow load sharing to occur at layer 2 by
assigning different port priorities per 8LAN. .-2.19 only allows !ono Spanning ree #!S% i.e.
one instance of Spanning ree trun).
'SL only runs on point-to-point lin)s on Fast +thernet #copper or fibre% and o)en *ing #'SLC%.
Although 'SL will operate over 1-!bps lin)s it is not recommended$ 'SL runs between switches(
from switches to routers and from switches to 'ntel and ?point echnologies N'"s which
understand 'SL( thereby allowing servers to distinguish between 8LANs.
:ith 'SL the data frame is not touched but is encapsulated according to the following process<
he frame enters the switch and is stored in the port,s buffer.
he SA'N7SA=+ encapsulates the 'SL on a trun) port.
he encapsulation has /- bytes of information( 2D bytes for the header #8LAN '& and
port number% and A bytes for the F"S.
he frame is switched to the destination port#s%.
he SA'N7SA=+ dencapsulates the frame before it is sent out of a normal port( or
leaves it alone if the port is a trun) port.
he following diagram details the 'SL frame tagging format<
IS" ,u!ticast #ddress - this reserved address is *0*1***C**** #A- bits%.
-/pe Fie!d - this identifies the type of frame that is encapsulated( **** is +thernet( ***1
is o)en *ing( **1* is F&&'( **11 is A!.
2ser Fie!d - **** means Normal 3riority( ***1 means 3riority 1( **1* means 3riority 2
and **11 means @igh 3riority. Similar to the "lass of Service field in .-2.1p.
Source address - this is the !A" address of the frames source.
"ength - this is the length of the frame e6cluding the fields up to AAAA-/ and also
e6cluding the F"S.
####*3 - indicates that the 'SL frames use SNA3 LL".
'2I - this is the 5rganisational 4ni9ue 'dentifier of the source of the frame i.e. the first
three bytes of the Source Address.
"#$ I. - "isco use the lowest 1- bits of the 1E to give a possible 1-2A different
8LANs although only 2E- 8LANs can be active at any one time. he "atalyst /---
supports DA 8LANs and the F--- series routers support 2EE 8LANs.
B - when set to ,1, this bit indicates whether the frame is a B3&4( "&3 or 83 frame and
the frame is sent straight to the N!3 for processing.
Inde0 Fie!d - indicates the port number of the source port.
3 - this is set to *0**** for +thernet frames but for o)en *ing or F&&' frames the A"
or F" fields are placed here e.g. for F&&' an F" of -612 would mean -6--12 is placed in
the * field.
'rigina! frame - can be up to 2AEFE bytes in length.
FCS - his is the e6tra F"S added by 'SL.
4. C!ass of Ser(ice and "#$s %)*2.1p 5 )*2.1+&
Guality of Service #GoS% is becoming more important as data networ)s begin to carry more time
sensitive traffic such as real time voice and video. At layer 2 this is referred to as C!ass of
Ser(ice %CoS&.
he .-2.1 group have been wor)ing on an e6tension to the !A" layer that ta)es into account
"oS. .-2.1p is a standard for traffic prioritisation where networ) frames are tagged with one of
eight priority levels( where 6 is high and * is low. Switches and routers that are .-2.1p compliant
can give traffic that is time-sensitive such as voice traffic( preferential treatment if the priority
tag has been set to a higher value than other traffic.
'n order to accommodate tagging an +thernet frame a new field has been introduced called the
-ag Contro! Info %-CI& field between the Source !A" address and the Length field of the
+thernet frame. his is illustrated below<
-agged Frame -/pe - this indicates the type of tag( for +thernet frames this is currently
always *0)1**.
)*2.1p 7riorit/ - this ranges from binary --- #-% for low priority to binary 111 #F% for
high priority. his maps to the 8ua!it/ of Ser(ice %8oS& values used in the 5S field '3
precedence values.
o *** #-% - *outine
o **1 #1% - 3riority
o *1* #2% - 'mmediate
o *11 #/% - Flash
o 1** #A% - Flash 5verride
o 1*1 #E% - "ritical
o 11* #D% - 'nternetwor) "ontrol
o 111 #F% - Networ) "ontrol
Canonica! - this is always *.
)*2.1+ "#$ I. - this identifies the 8LAN number when trun)ing 8LANs.
Although the frame illustrated is an .-2./ frame( .-2.1p7.-2.19 can also be applied to the
+thernet frame where the "' is inserted just before the ype field and just after the Source
!A" Address.
>ou will note the similarity between the .-2.1p priority field and the 3recedence field in the &iff
Serv "ode 3oint of the '3 datagram. his ma)es mapping between '3 layer / and !A" layer
priorities much easier.
>ou will note that the +thernet frame becomes ,oversiBed, i.e. grows from the standard ma6imum
siBe of 1E1. bytes to 1E22 bytes. his sometimes called a Ba9/ :iant. "onse9uently these
frames may be dropped by some networ) e9uipment( although most vendors now support .-2.1p
and .-2.19.
:hen applying Layer 2 3riority Gueueing within a trun)( commonly two priority levels #low and
high% are implemented( although as we have seen there is scope though to increase to eight. his
is because each priority has to have its own 9ueue. his is implemented in hardware and is
therefore e6pensive so most manufacturers currently build in two 9ueues per port( a low priority
9ueue for priority levels - to / and a high priority 9ueue for priority levels A to F. 3rioritisation is
determined on the outbound pac)ets from a switch( therefore they are already ordered on the
inbound ports of the ne6t switch so that prioritisation need not be implemented on the inbound
ports( unless the ports are using buffering. Low priority frames or frames without an .-2.1p tag
are treated with ,best effort, delivery. As time goes on more manufacturers will include separate
9ueues for each priority level to give more granularity and as the applications begin to demand it.
5n a .-2.19 trun)( one 8LAN is N5 tagged. his 8LAN is called the $ati(e "#$( and must
be configured the same on each side of the trun). his way( we can deduce to which 8LAN a
frame belongs when we receive a frame with no ag( otherwise the frame will remain in
whatever tagged 8LAN it arrived on even if it is the wrong one. :hen a switch trun)s a frame( it
inserts the ag and then recomputes the F"S.
he .-2.19 standard implements Spanning ree on the Native 8LAN( and this applies to all the
trun)ed 8LANs( this is called ,ono Spanning -ree %,S-&. "isco have adapted .-2.19 and use
a tunnelling mechanism to provide what is called 7er "#$ Spanning -ree 7!us %7S-;&
with 8LAN numbers up to 1--E. his gives the same benefits that 'SL gives.
he native 8LAN configured on each end of a .-2.19 trun) must be the same. A switch
receiving a non-tagged frame will assign it to the native 8LAN of the trun). 'f one end is
configured for Native 8LAN 1 and the other to Native 8LAN 2( a frame sent in 8LAN 1 on one
side will be received on 8LAN 2 on the other. >ou are then merging 8LAN 1 and 2.