What are the characteristic traits of a network switch? (Select all that apply)

Switches

Switches are like bridges, except that they have multiple ports with the same type of connection (bridges generally have only two ports) and have been described as nothing more than fast bridges. Switches are used on heavily loaded networks to isolate data flow and improve the network performance. In most cases, most users get little, if any, advantage from using a switch rather than a hub.

That’s not to oversimplify and suggest that a switch doesn’t have many benefits. Switches can be used to connect both hubs and individual devices. These approaches are known as segment switching and port switching, respectively.

Segment switching implies that each port on the switch functions as its own segment. This process tends to increase the available bandwidth, while decreasing the number of devices sharing each segment’s bandwidth, but at the same time maintaining the Layer 2 connectivity. Each shared hub and the devices that are connected to it make up their own media access domain, while all devices in both domains remain part of the same MAC broadcast domain. Figure 4.21 illustrates how a segment-switched LAN can be divided to improve performance.

Port switching implies that each port on the switching hub is directly connected to an individual device. This makes the port and the device their own self-contained media access domain. All of the devices in the network still remain part of the same MAC broadcast domain. Figure 4.22 illustrates how the media access and MAC broadcast domains are configured in a port-switched LAN.

1.1.2.3 Layer 2 Multicast Addressing

The IEEE 802.2 specification makes provisions for the transmission of broadcast and/or multicast packets. As shown in Figure 1.8, Bit 0 of Octet 0 in an IEEE MAC address indicates whether the destination address is a broadcast/multicast address or a unicast address. If this bit is set, then the MAC frame is destined for either an arbitrary group of hosts or all hosts on the network (if the MAC destination address is the broadcast address, 0xFFFF.FFFF.FFFF). IP Multicasting at Layer 2 makes use of this ability to transmit IP Multicast packets to a group of hosts on an LAN segment. IP Multicast frames all use MAC layer addresses beginning with the 24-bit prefix of 0x0100.5Exx.xxxx. Unfortunately, only half of these MAC addresses are available for use by IP Multicast. This leaves 23 bits of MAC address space for mapping Layer 3 IP Multicast addresses into Layer 2 MAC addresses. Since all Layer 3 IP Multicast addresses have the first 4 of the 32 bits set to 0x1110, this leaves 28 bits of meaningful IP Multicast address information. These 28 bits must map into only 23 bits of the available MAC address. This mapping is shown graphically in Figure 1.9. Since all 28 bits of the Layer 3 IP Multicast address information cannot be mapped into the available 23 bits of MAC address space, 5 bits of address information are lost in the mapping process. This results in a 32:1 address ambiguity when a Layer 3 IP Multicast address is mapped to a Layer 2 IEEE MAC address. This means that each IEEE IP Multicast MAC address can represent 32 IP Multicast addresses as shown in Figure 1.10. It should be obvious that this 32:1 address ambiguity has the potential to cause some problems. For example, a host that wishes to receive multicast group 224.1.1.1 will program the hardware registers in the network interface card (NIC) to interrupt the CPU when a frame with a destination multicast MAC address of 0x0100.5E00.0101 is received. Unfortunately, this same multicast MAC address is also used for 31 other IP Multicast groups. If any of these 31 other groups are also active on the LAN, the host’s CPU will receive interrupts any time a frame is received for any of these other groups. The CPU will have to examine the IP portion of each of these received frames to determine if it is the desired group such as 224.1.1.1. This can have an impact on the host’s available CPU power if the amount of “spurious” group traffic is high enough.

IGMP Snooping is normally used by Layer 2 switches to constrain multicast traffic to only those ports that have hosts attached and who have signaled their desire to join the multicast group by sending IGMP Membership Reports. However, it is important to note that most Layer 2 switches flood all multicast traffic that falls within the MAC address range of 0x0100.5E00.00xx (which corresponds to Layer 3 addresses in the Link-Local block) to all ports on the switch even if IGMP Snooping is enabled. The reason that this Link-Local multicast traffic is always flooded is that IGMP Membership Reports are normally never sent for multicast traffic in the Link-Local block. For example, routers do not send IGMP Membership Reports for the ALL-OSPF-ROUTERS group (224.0.0.5) when OSPF is enabled. Therefore, if Layer 2 switches were to constrain (i.e., not flood) Link-Local packets in the 224.0.0.0/24 (0x0100.5E00.00xx) range to only those ports where IGMP Membership reports were received, Link-Local protocols such as OSPF would break. The impact of this Link-Local flooding in combination with the 32:1 ambiguity that arises when Layer 3 multicast addresses are mapped to Layer 2 MAC addresses means that there are several multicast group ranges besides the 224.0.0.0/24 that will map to the 0x0100.5E00.00xx MAC address range and hence will be also be flooded by most Layer 2 switches. It is therefore recommended that multicast addresses that map to the 0x0100.5E00.00xx MAC address range not be used. The following lists all multicast address ranges that should not be used if Layer 2 flooding is to be avoided. These entire Multicast addresses map to 0x0100.5E00.00xx range

224.0.0.0/24 and 224.128.0.0/24

225.0.0.0/24 and 225.128.0.0/24

226.0.0.0/24 and 226.128.0.0/24

227.0.0.0/24 and 227.128.0.0/24

228.0.0.0/24 and 228.128.0.0/24

229.0.0.0/24 and 229.128.0.0/24

230.0.0.0/24 and 230.128.0.0/24

231.0.0.0/24 and 231.128.0.0/24

232.0.0.0/24 and 232.128.0.0/24

233.0.0.0/24 and 233.128.0.0/24

234.0.0.0/24 and 234.128.0.0/24

235.0.0.0/24 and 235.128.0.0/24

236.0.0.0/24 and 236.128.0.0/24

237.0.0.0/24 and 237.128.0.0/24

238.0.0.0/24 and 238.128.0.0/24

239.0.0.0/24 and 239.128.0.0/24

13.1.1.3 Bridge

In the above section, we mentioned that a layer 2 switch is a bridge. The function of a network bridge is to join two network segments or divide one network into two separated network segments or LANs. Usually, two networks may adopt the same protocol, such as the Ethernet protocol, but this is not limited to the same protocol for two networks. Historically, a bridge may only have two Ethernet ports connected to each network segment. However, because a layer 2 switch is the same as a bridge, many switch vendors may provide a bridge that has more than two ports. One of most popular types of bridge is an Ethernet bridge. It can overcome some inherent obstacles of the Ethernet protocol by controlling data flow among different network segments. When a bridge is connected to an Ethernet network, its function is to make the network device transparent. Transparent bridging is the bridging method to route and manage data traffic efficiently. A transparent bridge has four operation modes:

Frame or packet filtering

Forwarding packets

Broadcasting and learning addresses

Loop resolution

The concept of a transparent bridge is to examine the incoming data stream of the Media Access Control (MAC) address for the packet destination first and then compare it to the destination MAC with the MAC address-forwarding table. If the destination address exists in the forwarding table, it will send these packets to the destination device. If not, it will broadcast the data packet to all devices and listen to the destination device’s response. In other words, the bridge has begun to search for the destination device in the network. Once the destination device responds to the broadcasting signal, the bridge will add the destination device’s MAC address into its forwarding table and transmit packets to the destination device. The broadcasting time will be set for a certain interval. If the broadcasting time has expired and no destination device has responded to the broadcast signal, the bridge entry of the filtering database will become invalid (see Figure 13.7).

The reason for broadcasting and listening for a MAC address is not only to learn about the new devices that are plugged into the network but also to upgrade the forwarding table due to existing devices being moved around from time to time (see Figure 13.8).

All devices that are plugged into the network have a unique MAC address. It is the fingerprint of any physical hardware or device. This is why sometimes it is also named the hardware or physical address. It doesn’t matter whether it is a network interface card (NIC), hosting server, printer, switch, hub, storage disk, or even the bridge itself, they all have this address. It is this address that a bridge can trace among different LANs.

One thing that we should remember is that when sending and receiving devices within the same network segment, this forwarding activity will not happen. This reduces overall network congestion. In short, the bridge will only occur between two network segments. However, if the destination device doesn’t receive a quality signal over a longer distance, the bridge will retransmit the packets again.

For a bridge to operate correctly and effectively, all networks shouldn’t have any network loops. Therefore, a transparent bridge will include a loop resolution process. The principle of the loop resolution process is quite simple to understand; the process will learn the network topology of all the network devices that have been bridged and calculate a spanning tree of the network. A spanning tree is a subset of the topology that links all network devices without any loops. A Spanning Tree Protocol (STP) is defined by the IEEE 802.1D standard. Actually, this protocol is one of the routing technologies to solve the problem of network loops via adaptive and dynamic routing. We will discuss STP and routing in detail in the following section.

A bridge can also talk to different types of physical networks or media, such as wireline and wireless networks such as 100Base-T and WiFi (see Figure 13.9).

A bridge can not only join a number of network segments, but also split a large network into a few smaller networks, which can reduce the number of network devices competing for transmission privileges (see Figure 13.10).

We often utilize bridges to separate internal groups for a large enterprise or government agent to improve network performance. For example, if salespeople are using iOS for their wireless iPad and R&D people adopt Linux systems for web hosting, a bridge can provide a partition to separate the traffic between these two internal groups.

In summary, a network bridge can’t handle any network protocol higher than the Link Layer Control (LLC) protocol. It is like an unmanageable switch that doesn’t accept any IP address and network commands. You can’t “ping” it. For the TCP/IP network model (refer to Section 13.2), a network bridge can only interact with the Address Resolution Protocol (ARP), Neighbor Discovery Protocol (NDP), and Open Shortest Path First (OSPF). Regardless of how many ports are available, a bridge can only provide one port for packet forwarding and another for packet distribution. From a network perceptive, a bridge only has one network interface.

A bridge doesn’t support routing paths but can transmit packets based on its destination MAC address. You can add as many network bridges as you like in a network, but you can’t stretch the network segment extension beyond a network bridge. For example, in Figure 13.8, if both bridge 1 and 2 have been connected with port 2, port 1 of bridge 1 can’t be connected to port 1 of bridge 2. If so, the forwarding tables of both bridge 1 and 2 will not work properly. Because a port is kept by the MAC address-forwarding table, it can be considered a logical part of a bridge rather than a physical one. If extra ports have been detected by a bridge, they will be self-configured in the forwarding table. They are not managed by anyone. If the operating system is Windows, the network bridge will be software-based or a virtual network interface that extends two or more different networks. Normally, the bridge will store incoming frames into a buffer and take subsequent actions based on the MAC address-forwarding table. Therefore, the throughput of a bridge will be less than a repeater.

In general, a bridge will be more expensive than a repeater or a hub, but will be cheaper than a switch or router. Normally, the price of a wireless enterprise grade bridge will vary from approximately $500 to a few thousand dollars.

Network Components

In the context of RFC 2547bis, a VPN is a collection of policies, and these policies control connectivity among a set of sites. A customer site is connected to the service provider network by one or more ports, where the service provider associates each port with a VPN routing table. In RFC 2547bis terms, the VPN routing table is called a VPN routing and forwarding (VRF) table.

Figure 2.1 illustrates the fundamental building blocks of a BGP/MPLS VPN.

MAC address learning

Because most tunneling endpoints in the network appear as layer 2 ports to the host virtual machines, media access control (MAC) address learning must also be supported through these tunnels. Before we get into the details of these tunneling protocols, let’s discuss how traditional layer 2 MAC address learning is accomplished.

When a frame comes into a layer 2 switch, it contains both a destination MAC (DMAC) address and a source MAC (SMAC) address and, in most cases, also includes a VLAN tag. The switch first compares the SMAC/VLAN pair against information in its local MAC address table. If no match is found, it adds this information to the MAC table along with the switch port on which the frame arrived. In other words, the switch has just learned the direction (port number) of a given MAC address based on the received SMAC. Now any frames received on other ports with this MAC address and VLAN will be forwarded to this switch port. This process is called MAC address learning.

But what happens if a frame arrives and has a DMAC/VLAN pair that is not currently in the MAC address table (called an unknown unicast address)? In this case, the frame is flooded (broadcast) to all egress ports except the port it arrived on. In this way, the frame should eventually arrive at its destination through the network. Although flooding ties up network bandwidth, it is considered a rare enough event that it will not impact overall network performance. The assumption is that the device with the unknown destination address will eventually receive the frame and then send a packet back through the network from which its source address can be learned and added to the various switch address tables throughout the network. This can happen fairly rapidly as many network transactions require some sort of response and protocols such as transmission control protocol (TCP) generate acknowledgment packets. These responses and acknowledgments can be sent back to the originator by using the SMAC in the received flooded frames.

Summary of Exam Objectives

This chapter began with an overview of the differences between hubs and switches. As we discussed, a hub works at Layer 1 and a switch works at Layer 2. A switch will make its decisions based on the MAC addresses available in the MAC address table. Three switch modes are available: cut-through, fragment-free, and store-n-forward.

We also discussed the MAC address table and how to clear it, and we differentiated between a Layer 2 switch and a Layer 3 switch. In addition, we discussed the LED indicators on the Cisco Catalyst 2950 switch, and you learned that if the System LED is green, the switch is functioning normally, but if the System LED is amber, there is a possible failure.

This chapter also covered the steps for configuring a switch. We discussed the options of configuring a switch with the Windows-based HyperTerminal, with the Minicom Linux-based terminal emulation program, and with Cisco Network Assistant, a freeware tool that you can use to configure your switch via a GUI.

In addition to learning the differences between User Exec mode and Privileged mode, you also learned about port-based security, which is a Layer 2 feature designed to protect your switch against malicious users by assigning one MAC address per switchport. If the switch detects a violation, the switch can shut down, protect, or restrict the switchport.

A bit later in the chapter you learned that by running the HTTP services on your switch, you can configure and manage your switch via your favorite Web browser. We also discussed how to upgrade the firmware of your switch. You now know that you can use the command copy tftp flash to copy the new IOS from your TFTP server to your switch's Flash memory.

We rounded out the chapter with a discussion of how to back up and restore the configuration of your switch, when to use the show and clear commands, how to solve boot problems, and how to configure your switch for a manual or automatic boot.

Latency and jitter

Latency is the amount of time it takes for a packet to traverse a network from its source to destination host. This number is typically represented as a “round-trip” time that includes the initial packet transfer plus the associated acknowledgment or confirmation from the destination once the packet has been received.

Networks consist of a hierarchy of switches, routers, and firewalls interconnected both “horizontally” and “vertically” making it necessary for a packet to “hop” between appliances as it traverses from host to destination (see Figures 5.1 and 5.2). Each network hop will add latency. The deeper into a packet the device reads to make its decision, the more latency will be accrued at each hop. A Layer 2 switch will add less latency than a Layer 3 router, which will add less latency than an application layer firewall. This is a good rule of thumb, but is not always accurate. The adage “you get what you pay for” is true in many cases, and network device performance is one of them. A very complex and sophisticated application layer device can outperform a poorly defined software-based network switch built on underpowered hardware if built with enough CPU and NPU horsepower, or custom-designed high-performance ASICs.

Jitter on the other hand is the “variability” in latency over time as large amounts of data are transmitted across the network. A network introduces zero jitter if the time required transferring data remains consistent over time from packet-to-packet or session-to-session. Jitter can often be more disruptive to real-time communications than latency alone. This is because, if there is a tolerable but consistent delay, the traffic may be buffered in device memory and delivered accurately and with accurate timing—albeit somewhat delayed. This translates into deterministic performance, meaning that the output is consistent for a given input—a desirable feature in real-time ICS architectures. Latency variation means that each packet suffers a different degree of delay. If this variation is severe enough, timing will be lost—an unacceptable condition when transporting data from precision sensors to controls within a precisely tuned automation system.

15.2 SD-WAN

SDN for the WAN, or SD-WAN as it is commonly known, is one of the most promising future areas for the application of the SDN principles presented throughout this book. In Section 14.9.5 we discussed several of the startups that target this potent strategy of using an overlay of virtual connections, often via some tunneling mechanism across a set of WAN connections, including MPLS, Internet, and other WAN transport links [5]. The overlay is achieved by placing specialized edge devices at branch locations. These Customer Premises Equipment (CPE) devices are managed by a centralized controller. The key function of these edge devices is the intelligent mapping of different user traffic flows over the most appropriate available tunnel. To a large degree, this is focused on cost savings achieved by placing only the traffic that is highly sensitive to loss, delay, or jitter on the more expensive links offering those guarantees. Normal data traffic such as email and web browsing may be mapped to best-effort, less expensive broadband Internet connections. Some classes of traffic may be routed over less expensive wireless backup links if that traffic can sustain periodic downtime or lower bandwidth.

It is easy to envision such an SD-WAN as a natural extension of the SDN-via-Overlays introduced in Section 4.6.3 and discussed at length in Chapters 6 and 8. SD-WAN is indeed related to our earlier discussions on SDN-via-Overlays in that in the data center the virtual switches in the overlay solution decide over which tunnel to inject traffic over the data center network. The CPE gateways in SD-WAN solutions perform a similar function of intelligently mapping application traffic to a particular tunnel. The criteria by which these mapping decisions are made are much more complex in SD-WAN than in the data center, however. For instance, in the data center overlay solution, there is typically just one tunnel between two hosts, whereas a significant feature of the SD-WAN solution is intelligent selection between tunnel alternatives to optimize cost and performance.

We saw earlier that this overlay approach can be successfully used to address data center problems of large layer 2 domains where the size of the MAC address tables can exceed the capacity of the switches. This technology was also used to limit the propagation of broadcast traffic that is an inherent part of the layer 2 networking so prevalent in the data center. While such issues might not be relevant in binding together a geographically dispersed enterprise over the WAN, the application of overlays in SD-WAN is more motivated by cost savings. While the variations in cost and QoS characteristics of different transport links within the data center are negligible, this is not the case in the WAN. The cost of an MPLS link offering QoS guarantees is significantly higher than a best-effort Internet connection. The provisioning time for such an MPLS connection is far greater than for the Internet connection. The difference is even greater with other wireless WAN link alternatives such as LTE or satellite [6]. Another major difference between the data center overlay paradigm and SD-WAN lies in the fact that SD-WAN CPE devices exercise little control over the actual paths used by the virtual link. Whereas in theory an OpenFlow controller could determine the exact hop-by-hop routing of a virtual link in a data center, within SD-WAN the edge devices view the tunnels they have at their disposal as coarse entities with certain cost, loss, speed, and QoS characteristics. They may choose to map a particular application flow over a given link according to those characteristics, but they are unlikely to be able to dynamically change the characteristics of any one of those links on the fly, including the actual path over which that tunnel, for example, is routed.

The interest in applying SDN to the WAN in some ways is an extension of earlier efforts at WAN optimization, such as data compression, web caching, and Dynamic Multipoint Virtual Private Networks (DMVPN) [7]. Indeed, some of the companies offering SD-WAN products today have their roots in WAN optimization. In addition to generating local acknowledgments and caching data, WAN optimization is also related to shaping and steering traffic to where it is best suited. For example, QoS-sensitive traffic like VoIP could be directed to MPLS paths that could offer latency and jitter guarantees while other traffic could be shunted to less expensive Internet links. There were certainly pre-SDN attempts of moving control away from the data plane such as the use of Route Reflectors for computing the best paths for MPLS links [8]. This is fully generalized within SD-WAN via the use of a centralized controller in the SDN paradigm. Of the five fundamental traits of SDN that have been a recurring theme throughout this work, SD-WAN solutions exhibit centralized control, plane separation, and network automation and virtualization. To date, there is little evidence in SD-WAN solutions of a simplified device or openness.

Some facets of the SD-WAN solutions converge on standards-based solutions [9]. In particular, the encryption tunnels and key distribution converge on SSL VPNs and IPSec. Conversely, compression and optimization methods, along with the path selection algorithms, tend to be proprietary and where the unique value-add of the vendors is concentrated.

In general, SD-WAN refers to any WAN managed by software control. The Open Networking User Group (ONUG) defines two broad types of SD-WANs [10]:

Intradomain SD-WANs, where a single administrative domain uses SDN-controlled switches to accomplish various network management tasks, such as provisioning of secure tunnels between multiple geographically distributed portions of a network that are under the control of a single administrative domain.

Interdomain SD-WANs, where multiple independently operated domains connect to one another via a shared layer-2 switch to accomplish various network management tasks, including inbound traffic engineering and denial-of-service (DoS) attack prevention.

As with any purported technological panacea, there are many challenges confronted in the actual implementation of the SD-WAN paradigm. We discuss these in the next section.

Discussion Question

Which of the five basic SDN traits defined in Section 4.1 do SD-WAN solutions generally exhibit? Give an example of each.

Video Networking Design

Good design practices include avoiding Layer 2 switching in any video surveillance networking environment, especially “stupid switches.” These “wannabe” hubs have no smarts, no functionality (Spanning Tree Protocol or IGMP) other than passing data, and no method of manageability. In general, Layer 3 switches are more costly, especially if Layer 2 switching domains is all that’s needed initially. Once the requirements change and more functionality is needed (e.g., digital video streaming), expandability and scalability become far more painful.

What are characteristic traits of a network switch?

Which characteristic of a switch distinguishes from a hub quizlet?

What are the characteristic features of the 100basetx Ethernet standard?

Which of the following protocols provide protection against switching loops select 2 answers?