Layer 2 Ethernet Switching
Switched, Fast, and Gigabit Ethernet, Third Edition
Author: Sean Riley; Robert Breyer
This chapter discusses the theory, standards, and practical uses of
Ethernet Layer 2 switching. It assumes you have read Chapter
3, “Ethernet, Fast Ethernet, and Gigabit Ethernet Standards.”
This chapter focuses only on the Layer 2 aspects of Ethernet. Chapter
5, “VLANs and Layer 3 Switching,” discusses routing, virtual
LANs, and Layer 3 switching.
In this chapter, we first examine the concept of a Layer 2 switch and
the fact that it is actually a bridge under a different name. We look at how
a switch functions and examine the different methods of switching, namely
cut-through, store and forward, and modified cut-through, or error-free. We
also look at some of the architectural features of switches, such as backplane
capacity and shared memory. You won't see too many Ethernet bridging standards
out there. We do, however, cover the old but proven IEEE 802.1D spanning-tree
For many years, Ethernet bridges didn't receive much attention. Recently,
however, two new standards have been approved. We look at the new 802.3x full-duplex/flow-control
standard that has greatly enhanced Ethernet switches of all speeds. We also
discuss the new 802.3ad Link Aggregation proposal.
has been given a new face recentlytwo faces in fact. Both Fast and
Gigabit Ethernet are less than five years old, which is quite young compared
to Ethernet's 25-year history. These two new technologies have increased the
wire-speed capabilities of Ethernet dramatically, but switching has been an
even bigger breakthrough than faster wire speeds. Without switches, Fast Ethernet
would be limited to a network diameter of 200 meters, which is basically useless,
except for very small installations. In some areas, switching provides a higher-quality
connection than just raw bandwidth via Fast Ethernet. That other great foe
of Ethernet, ATM, has been synonymous with switching. Ethernet switching represents
the best of both worlds: backward compatibility with today's existing Ethernet
frames and state-of-the-art connection switching technology.
Ethernet switches first appeared in 1991 when Kalpana launched
the original EtherSwitch. (Kalpana was acquired by Cisco in 1994.) From an
Ethernet perspective, however, switches are really just multiport bridges
that have been around for many years. Technically, bridging is an OSI Layer
2 function, and all of today's common networking standardssuch as the
three different Ethernet standards, Token Ring, FDDI, and so oncan
all be bridged. What differentiate today's switches from yesterday's bridges
are the features and uses of these modern multiport bridges.
A few years ago, two-port
Ethernet bridges were used to connect two different LANs together. Then vendors
started building intelligent multiport bridges, which are essentially a number
of two-port bridges connected together. Today, these multiport bridges have
been enhanced and are called switches. These switches are now used within
an existing network to disconnect or segment a larger LAN into many smaller
Because bridging or switching is an OSI Layer 2 function, today's Ethernet
switching is not a new IEEE standard at all; it is just an application of
existing standards. If you skipped Chapter 3 and
are not familiar with the OSI Layer 1, 2, and 3 functions, go back to the
preceding chapter and take a quick look at Table
3.1 and Figure 3.1. Because this book
has Switched in its title, we would like to provide you with some
insights into the technology behind Ethernet switching. First, let's look
at how bridges function. Then we will discuss the IEEE 802.1D spanning-tree
protocol, which is the only IEEE specification relevant to bridges and switches.
a network device that indiscriminately regenerates and forwards a received
Ethernet frame, whether it's good or bad. Repeaters are known as passive,or shared,components
of the network because they do not logically act on incoming frames. Repeaters
just regenerate incoming signals, thus extending the diameter of the network.
In this way, repeaters are invisible to network events such as collisions
or errors, merely propagating them along. Hence, a repeater cannot extend
the collision domain of a network. Repeaters enlarge an existing network.
and routers, on the other hand, connect different Ethernet LANs. Bridges perform
basic frame filtering functions before retransmitting the incoming frame.
Whereas repeaters forward all frames, a bridge forwards only those frames
that are necessary. If a frame does not need to be forwarded, the bridge filters
To connect an Ethernet LAN
to an FDDI backbone, for example, would require either a bridge or a router.
Because Ethernet and FDDI use different frame types, a translational bridge
would be required.
also do speed matching: Regular 10Mbps Ethernet and 100Mbps Fast Ethernet
can only be connected by means of a bridge.
Ethernet frame has two fields defined as the destinationand
source address.This tells a bridge where a frame originated and
where it is ultimately destined. Figure 4.1
shows the structure of an Ethernet frame and the location of the destination
and source addresses.
Figure 4.1. Bridges examine both the destination and source address of a received
frame. The bridge forwards a frame according to its destination address.
Bridges look at an incoming Ethernet
frame and analyze the destination address encapsulated in the frame's header.
From this information, the bridge can check its internal memory of past frames
and determine whether to forward the frame to another port or filter it outthat
is, do nothing and discard the frame. In this way, bridges can isolate network
traffic between network segments. Bridges also check for errors and don't
forward damaged or incomplete frames.
A bridge works like a good
postal mail delivery system. A bridge knows exactly where everyone resides.
It delivers a piece of mail only to the intended recipient, looking at the
address on every envelope and delivering the envelope to that particular address.
If an envelope or frame is damaged or contains an error, a bridge mail system
returns the damaged mail to the sender, with a note that says “damaged.”
works very differently. A repeater mail system uses the brute-force approach
to mail delivery. A repeater makes a copy of every piece of mail it receives,
and then delivers a copy to you and everyone in your neighborhood. You get
not only your mail but also copies of everyone else's mail. You must decide
which mail is actually intended for you. Damaged mail is copied and distributed
just like regular mail. Repeaters typically are cheaper to buy than bridges
because they don't need to be able to read, sort, or return damaged mail.
See Table 4.1 for a comparison of
Ethernet repeaters and bridges.
Table 4.1. Comparing Ethernet repeaters and bridges
|OSI layer||Layer 1/PHY||Layer 2/MAC|
|Number of hops||Five||Unlimited1|
|Looks at frames?||No, only regenerates entire frame||Yes, looks at individual address of every frame|
|Network design implications?||Extends collision
domain||Extends broadcast domain and divides collision domain|
|Principal use||Enlarges an existing network||Connects different networks4|
this number is unlimited. In reality, each bridge adds a delay.
Too large of a delay can cause higher-level problems.
2 The latency depends on two things:
the frame size and the forwarding mechanism. See the “Switch
Architectures and Performance” section.
3 Bridges do not forward Layer 2 type
errors, such as runt or CRC error frames. Higher-level, such as
Layer 3, errors will be forwarded.
4 Routers can also connect different
networks. We examine routers and Layer 3 in more detail in the
Let's look at bridges in a bit more
detail. A bridge contains a MAC and PHY on every port as well as some internal
bridging logic. With bridges, this logic is in the form of a CPU and some
memory. With switches, the logic is embedded in hardware in some specially
designed chips. Figure 4.2 shows a block diagram
of a bridge.
Figure 4.2. Bridge internal block diagram. Bridges contain software-based learning
and forwarding logic, whereas switches use hardware for this function.
The major components of a bridge are as follows:
MAC/PHY A network interface card (NIC) consists of a MAC and a PHY. A
bridge also contains a MAC and PHY on every port. This means that a bridge
looks like multiple NICs coupled together. The bridge PHY will receive the
incoming bit stream and pass it to the MAC, which reassembles the original
Learning logic and source address table (SAT) The learning logic will look at the source address (SA) within
a received frame and populate the source address table with three columns:
MAC address, port number, and age. The MAC address is the same as the source
address that a sender has embedded into the frame. The age item will be a
date stamp to indicate when the last frame was received from a particular
MAC SA. The port number in our case can be 1 or 2. The SAT is also known as
the Bridge Forwarding Table (BFT).
Forwarding logic Forwarding logic is the essential component of a bridge. It looks
at the destination address (DA) of a received frame. This now becomes the
new MAC address, which is then compared with the entries in the SAT.
Four different forwarding options are possible and are illustrated in Figure 4.3. Figure 4.4
shows the internal workings of the bridge learning and forwarding logic.
Let's take a look at how the bridge learning and forwarding logic works:
If the destination address is a specific
address, known as a broadcast address, the frame is destined for all ports
on the network. In this case, the bridge will forward the frame to all ports,
except the one on which the frame was received. Figure
4.3 shows this case as destination address FFF. A broadcast address
is six bytes with all ones, or FF.FF.FF.FF.FF.FF in hexadecimal notation.
If the MAC address is found in the SAT and the corresponding
port number is different from the received port, the frame is forwarded to
that particular port number only. This would be MAC address U sending a frame
to MAC address X in Figure 4.3.
If the MAC address is found in the SAT and the port number
is the same as the received port number, the frame is not forwarded; instead,
it is discarded. This is known as filtering. The frame
is discarded because the transmitting station and the receiving station are
connected on the same shared LAN segment on that particular port and the receiver
has already tuned into the frame. This would be MAC address V sending a frame
to MAC address U in Figure 4.3.
If the MAC address is not found in the table, the frame is
forwarded to all ports. The reason a particular destination address is not
present in the SAT table is that the receiving device could be new on the
network, or the recipient has been very quiet (has not recently sent a frame).
In both cases, the bridge SAT will not have a current entry. Flooding the
frame on all ports is the brute way of ensuring that the frame definitely
gets to its intended recipient. This would be MAC address X sending a frame
to MAC address T, an unknown MAC address, in Figure
Bridges use the age entry in the SAT
to determine whether that MAC address is still in use on the LAN. If the age
has exceeded a certain preset value, the entry is removed. This conserves
memory space and makes the bridge faster because fewer entries need to be
scanned for address matching.
Finally, the frame buffers will store frames on each port
in case there is a backlog of frames to be forwarded.
Figure 4.3. Bridges have three alternative methods of processing a frame: forwarding
to a known MAC address, filtering a frame, or flooding it on all ports.
A router is an OSI Layer 3 device.
Ethernet and bridges use frames, whereas routers work in packets. The Layer
3 softwarefor example, NetWare IPX or TCP/IPgenerates the packet.
Packet and frame sizes are not related. If a packet is larger than what a
frame can carry, the packet needs to split into multiple frames. This is called fragmentation.
Bridges use MAC addresses in frames, whereas routers use the network
address information in packets to make forwarding decisions.
Routers have traditionally been used for two purposes:
Routers link networks over extended distances, also known
as WANs. WAN traffic often can travel over multiple routes, and the different
routers along the way choose the fastest or cheapest cost route (hence the
Routers are required to connect dissimilar LANs. For example,
an Ethernet LAN is often connected to an FDDI backbone through a router, which
analyzes each individual Ethernet frame, regenerates the original packet,
and then reconverts it into new FDDI frames. Translational bridges can accomplish
the same thing, but only if the same protocol is used on the two different
Figure 4.4. The flow diagram of a bridge. Contrast this with the flow diagram of
a repeater, shown in Figure 3.14 in Chapter 3.
the past few years, high-performance routers have also become popular for
linking homogeneous LANs, such as different smaller Ethernets within a larger
company. In such situations, these routers effectively replace bridges and
are sometimes called segmentation routers. Some people
use routers in large networks because bridges have some drawbacks that do
not affect routers.
Until recently, the term switching
has been synonymous with a Layer 2 bridging function. These days, switching
seems to be the latest buzzword in the networking industry, and numerous networking
vendors have started talking about the concept of “Layer 3 switching.”
This is getting quite confusing because a Layer 3 switch is technically still
a router, just as a Layer 2 switch is still a bridge. We examine Layer 3 routers
and Layer 3 switches in more detail in Chapter 5.
Bridges were originally designed to connect different LANs together.
Bridges do not allow for multiple active parallel paths between different
LAN segments. Parallel paths create loops, which bridges cannot handle. If
multiple paths exist, this would mean duplicate entries in different bridges,
causing excess traffic flow and false entries in the SATs. Worse still, if
a broadcast or flooded frame enters a parallel bridge network, the broadcasts
start circulating and will grow on themselves. Ultimately, the single broadcast
can turn into a broadcast storm, which will completely overload the network
and bring it to its knees. The spanning-tree algorithm was invented many years
ago by Radia Perlman of Digital Equipment Corporation to deal with this problem.
The following are some important points about the spanning-tree algorithm
Bridges build a logical tree-like structure by exchanging
information about the topology of the overall network. All bridges send out
specific frames, called bridge protocol data units (BPDUs), to build the tree.
The STA is always active. During power-up time, the individual
bridges communicate via BPDUs to build the initial tree, which takes about
between 15 and 50 seconds. The base of the tree, or root,
is determined in such a way as to provide only one possible data path between
any two different bridges within the bridging fabric. At this time, the STA
also eliminates circular paths by temporarily disconnecting all parallel links.
These parallel links are in effect dormant, to be reactivated later if needed.
By eliminating parallel links, the STA has, in effect, built a structure that
looks like a tree, with the root or master bridge located at the base.
The STA allows for redundant or parallel backup links. The
dynamic nature of STA means that if an existing link (or branch) between two
bridges is broken, the STA will reactivate a dormant link in less than a minute.
This provides bridged networks with an element of resiliency.
The STA became an IEEE standard in 1990 and is known as 802.1D.
The STA used to be an optional feature with early bridges. These days, all
bridges and switches incorporate this feature. The STA can be turned off with
Unlike bridges, routers doallow for multiple
active paths. In fact, routers have enough intelligence to take advantage
of multiple paths for both redundancy and cost optimization. Routers use algorithms
similar to the STA to determine the optimum path between two stations connected
via a WAN.
Figure 4.5 shows a bridged network topology
with multiple paths.
Figure 4.5. A network with parallel bridged paths showing how STA has created a
tree configuration. Dotted lines indicate parallel links disabled by the STA.
switch connects a sender and a receiver in real time. A telephone switch is
the best example. Even the old, manual exchanges were true switches. The only
thing that has changed is that the destination address can be dialed in automatically
these days. A bridge, on the other hand, stores the data for a limited time
period before forwarding it to the destination.
By definition, a switch relies on some sort of permanent or temporary
electrical connection to exist between sender and receiver. If the data is
temporarily stored, like in a bridge, one could argue that technically the
device is no longer a switch. Because the data is often only stored for a
fraction of a second, or fractions of a frame, however, we won't debate the
nuances here of what constitutes a switch and what doesn't. Therefore, from
an Ethernet perspective, switches are multiport bridges.
Some other architectural differences between bridges and switches include
The heart of a bridge (or router, for that matter) is a microprocessor
and the associated program memory to run the bridging software. Switches,
on the other hand, have no reprogrammable intelligence to bridge the data
(for example, a CPU and associated program memory and software). The switching
function is performed in hardware or silicon. In this case, the hardware has
sufficient intelligence to examine each frame and decide to which port to
send it. These chips are not programmable, however; all they can do is analyze
and forward Ethernet frames. (Today's switches often contain a CPU for network
management, configuration, STA, and so on. The key is that the CPU does not
involve itself in the forwarding of every single frame.)
Switches are much cheaper than bridges; their initial cost
is lower, and they have achieved higher production volumes over time.
Bridges can analyze and forward only one frame at a time. Switches,
on the other hand, have multiple parallel data paths. Switches use temporary,
or virtual,connections to connect source and destination
ports for the time it takes to forward a frame. After the frame has been sent
from source to destination, the virtual connection is terminated. To accommodate
these multiple data paths, a switch needs to have a backplane that has enough
capacity to carry all the data from multiple ports simultaneously. Bridges
typically are bandwidth-limited by the CPU and its I/O capabilities. The switched
parallel approach means that switches are much faster than conventional bridges.
Switches feature different forwarding mechanisms, such as cut-through
or store-and-forward, whereas bridges use only the store-and-forward methodology.
The biggest difference between switches and bridges is the
positioning. Yesterday's bridges were relatively slow and expensive devices
that were sold to connect different LANs together. Today's switches are fast
and cheap, and they most often are used to improve the speed of an existing
One of the primary architects of OpenCable, Michael
Adams, explains the key concepts of this initiative in his book
Broadband, Second Edition
by George Abe
Introduces the topics surrounding high-speed networks
to the home. It is written for anyone seeking a broad-based familiarity
with the issues of residential broadband (RBB) including product
developers, engineers, network designers, business people, professionals
in legal and regulatory positions, and industry analysts.