Brief Ovrview
Networks are a commodity service that enhances business productivity. While every business has a network, it wasn’t that way until the later part 19th century. Advancements in the computer industry in the 1960s through the 1980s paved the way for the Internet to be created as we know it today. Ethernet was one such cornerstone technology. Still used today, Ethernet operates on L2 of the OSI model, and is operated on all sides of the network (LAN/WAN). Ethernet breaks up information into separate chunks called frames and these frames are traditionally forwarded by ethernet switches at high speeds. While Experimental Ethernet in 1973 could only do 2.94mbps, upcoming switches are being manufactured to do upwards of 800gbps. Ethernet switches forward on a L2 address called a MAC (Media Access Control) which is a unique 48-bit address that every network device has.
History
In the 1970s, there arose competing technologies to transport information between computer systems. Some notable technologies were IBM’s Token Ring, General Motor’s Token Bus, and Xerox’s Ethernet. While Ethernet has been the standard since the 90s and early 00s, it took time for Ethernet to dominate the market. All three of these protocols were standardized by the IEEE, and all three of these fought to be the main form of transport. Obviously Ethernet won that battle, but it was a 10 year battle through the 1980s before Ethernet was seen to be the victor.
The creator of Ethernet was Dr. Bob Metcalfe, who worked at Xerox’s PARC (Palo Alto Research Center) division. He was given the job to create a transport protocol to connect the various Altos, a Xerox PC, within their campus. Metcalfe was heavily influenced by Hawaii’s Aloha network and incorporated pieces of that network into Ethernet (Ethernet Briefings in April 1978 by Bob Metcalfe). Bob Metcalfe eventually worked with Intel to and created the first standard for ethernet in the “Blue Book – The Ethernet” (https://gordonbell.azurewebsites.net/Ethernet_Blue_Book_1980.pdf). By 1983, the IEEE standardized Ethernet in the 802.3 standard.
When Bob Metcalfe originally created Ethernet, networks were Half-Duplex. Traffic was not running in parallel, so a networked device could only send or receive at any given them. Another issue was that devices were originally connected to the same back-bone coax wires. With devices sharing physical cabling, frames could collide with each other. These issues were seen by the radio Aloha Network that Bob had worked on earlier in his career. To counteract the issues of colliding frames, Bob designed CSMA/CD. CSMA/CD stands for Carrier-Sense Multiple Access / Collision Detection. Before a network device is to a forward frame, it must first listen to the network medium, which is the carrier-sense of the acronym. Once the device has determined there are no other devices sending traffic on the shared Half-duplex network, it can begin to forward its frame. Throughout the transmission of the frame, the device will continue to listen in the event another device attempts to transmit at the same time. When two devices transmit simultaneously on a shared medium, the frames collide, becoming garbled. If a collision has been detected, each transmitting device will randomly select a time (in ms) before retransmitting their frames.
Frame Format
The PDU (Protocol Data Unit) of Ethernet is called a frame. A frame has 5 main fields: Destination MAC, Source MAC, EtherType, Data, and FCS.
Every networked device has a MAC address that is burned into it by the vendor. MAC addresses are unique on every device and switches utilizes use the MAC address to differentiate where to send frames. A MAC address is generally burned onto NIC cards at the factory by the vendor and there are checks in place to ensure that every MAC is unique.
A MAC is 48 bits long with the first 24 bits being unique to an organization. The last 24 bits can be whatever that particular vendor wants it to be, granted it is globally unique and is usually represented in 12 hexadecimal characters. There are two commonly used formats, either 4 characters followed by a period, or 2 characters followed by a colon. For example -AAAA.AAAA.AAAA.AAAA or AA:AA:AA:AA:AA:AA
For a computer to send traffic from itself to another networked equipment on a LAN segment, it must send frames with the source MAC address of the destination device. If the destination MAC is not known, the traffic is broadcasted from the host device with a destination MAC of all FFFF.FFFF.FFFF. If any receiving device sees that this broadcast frame is meant for it, the receiving device will respond with a unicast frame with the Destination MAC of the Sender, and its own MAC as the receiver.
Switch Operations
As mentioned before, Ethernet switches operate at L2 of the OSI Model. These devices will forward traffic based on the MAC address, maintain a database of known devices, and handle physical frame errors. Switches have five main functions that it performs: Learning, Forwarding, Flooding, Filtering, and Aging.
Learning
Since switches forward frames based on the destination MAC address, switches need a mechanism to learn what MAC address corresponds to what physical port. If there is an 8 port switch with eight connected devices, and PC A sends a frame to PC B, the switch needs to know on which port PC B is connected to.
A switch learns about the MAC addresses through promiscuously listening to frames going over its ports. In our example, S1 will understand that PC B lives on Port 2 after having listened to the traffic coming over the interface. These MAC addresses are stored in a MAC Address Table. Any new addresses that the switch learns are added to this table.
Flooding
With the above example, we assumed that S1 knew the MAC of PC B due to traffic PC B had sent to the switch. But what if PC B had never sent traffic through the switch or just had been turned on? In that case, the S1 would not know PC Bs MAC, so when PC A attempts to send traffic to PC B, the switch will not know where to send the frames. To fix this issue, switches are able to flood traffic out all ports. When switches do not know where the destination MAC address is, it will take a copy of the frame it receives, and forward out every port, except for the port the frame was originally received on
Above is a graph to show that flooding. PC A is sending a frame for PC B, but the switch does not have PC B’s MAC in its table. To ensure PC B gets its frame, the switch will flood the traffic out all ports.
PC B through PC G will receive a copy of the frame, but PC C- G will drop the frame as the destination MAC will not be theirs. PC B will receive a copy of the frame and will process it as the frame is destined for them.
Switches will flood three types of traffic: Broadcasts, Unknown Unicast, and Multicast (aka BUUM Traffic)
Filtering
If a switch learns the Source MAC of two devices over the same port (PC A and PC B), and receives a frame from PC A destined for PC B, it will see that the destination MAC for PC B is over the same port it received the frame from PC A. In this instance, the switch will filter, or drop, the frame as it assumes that the two devices are able to directly communicate
Above is a diagram to showcase this filtering. In this example, PC A-D are connected to S1 while PC E-G are connected to S2. S1 knows PC E, PC F and PC G’s MAC through interface ge-0/0/1. If S1 were to received a frame from S2, destined for PC E-G, it would drop the frame.
Forwarding
When the switch has a fully accurate MAC table and understands what port a particular MAC address is tied to, it is able to forward the traffic to its destination. It will only forward a frame if it knows where the destination MAC address is, otherwise the frame will be flooded.
Aging
Every entry in the MAC address table has a timer associated for how long the MAC address will stay in the table. If there is no traffic for a particular MAC address during a set period of time (default is usually 300 seconds), the switch will ‘age’ that MAC out of its table. This allows the switch’s table to not be overloaded with unnecessary MAC addresses. While a MAC address table can hold thousands of entries, in large L2 environments, it becomes necessary to ensure that a table doesn’t become to large. For example, if S1 has a MAC table size of 100 entries, and the 101st device gets connected, it will flood every single frame that is destined for that device. It is uncommon to run out of MAC address space, but it is something a network engineer needs to be aware of.