Cisco Knowledge Suite Cisco SystemsCisco Press

Cutting Edge
Core Reference
Guided Learning
Networking Architecture
Internet Protocols (IP)
Network Protocols
Transport and Application Protocols
Desktop Protocols
Security and Troubleshooting
Network Resources and Management
Integrated Services

VLANs and Layer 3 Switching


< Back Contents Next >

VLANs and Layer 3 Switching



Unicast, Multicast, and Broadcast Frames






Layer 3 Switching



Layer 4 Switching




Save to MyCKS

Switched, Fast, and Gigabit Ethernet, Third Edition

From: Switched, Fast, and Gigabit Ethernet, Third Edition
Author: Sean Riley; Robert Breyer
Publisher: MTP
More Information

5. VLANs and Layer 3 Switching

This chapter covers the relatively new topics of virtual LANs (VLANs) and Layer 3 switching. The first part of this chapter discusses the concepts and benefits of VLANs and the different VLAN implementation methods, such as port, protocol, MAC address, and IP Subnet. We look at distributed VLANs, which require some kind of trunking. We look at the proprietary VLAN trunking method from Cisco called Interswitch Link (ISL), as well as the new IEEE 802.1Q VLAN tagging standard. We then look at the different methods of connecting VLANs.

We also examine the IEEE 802.1p priority switching technology that was designed to improve the delivery of time-critical data. Whereas 802.1p is not directly related to VLANs, the 802.1p standard utilizes the additional VLAN tagging field to provide for improved delivery of time-critical data. Therefore, this chapter is a good place to deal with it.

The second part of this chapter discusses Layer 3 switches. We first cover some of the basics of routing; then we attempt to explain the current hype surrounding Layer 3 switches, which are merely hardware-based IP or IPX LAN routers. We contrast the different types of Layer 3 switches, namely packet-to-packet, and a host of other methods that rely on cut-through methods. (For more information on cut-through methods, see Chapter 4, “Layer 2 Ethernet Switching.”)

Next, we take an in-depth look at Layer 3 switches. Layer 3 switches are replacing classic IP LAN routers in certain places, because they offer more performance at significantly lower prices with easier configuration. Different VLANs need to be connected via a Layer 3 device, such as a classic router. The required use of routers has slowed the adoption rate of VLANs tremendously. The recent emergence of fast, easy to configure, and affordable Layer 3 hardware-based switches has made VLANs a popular mainstream tool for LAN managers everywhere.

Finally, we discuss Layer 4 switching, which is the latest hot concept. We also discuss why Layer 4 switching isn't really switching at all.

Before we begin, we need to point out a few things:

  • We cover a lot of information in this chapter. To discuss both VLANs and Layer 3 switches in detail in one chapter is ambitious. Therefore, this chapter doesn't go into too much detail. Entire books have been written on just VLANs or Layer 3 switching. Many excellent white papers from the vendor community also are available on the Web. Please refer to Appendixes B and C for suggestions for further reading.

  • VLANs are not specific to Ethernet but are based on the OSI Layer 2. As such, you can apply VLANs to any frame-based LAN technology that follows the OSI model. For example, VLANs are already a feature on some of today's FDDI or Token Ring switches. The standards we discuss in this chapter, such as 802.1Q/p, are not 802.3/Ethernet specific; they were designed to work for Token Ring and other frame-based LAN standards as well.

  • We discuss Layer 3 aspects of the OSI model. Note that, like VLANs, Layer 3 switching technology could be built into any OSI-compliant LAN hardware standard. Networking vendors chose to focus their Layer 3 switching efforts on Ethernet, and Fast and Gigabit Ethernet in particular. For example, we quite possibly will see some Layer 3 Token Ring switches one day.

  • TCP/IP is the most popular Layer 3 networking protocol today and is fast becoming the de facto standard. We assume you are somewhat familiar with the routing aspects of TCP/IP. We included a number of references for additional reading.

Before we delve into VLANs in more detail, let's take a small detour into the frame world.

Unicast, Multicast, and Broadcast Frames

This is a quick tutorial on the subject of unicast, multicast, and broadcast frames. These three frame transmissions differ in terms of their destination address.

Unicast Frames

Ethernet frames typically are sent from a particular source address (SA) to a specific destination address (DA), which is a one-to-one transmission. This is known as unicast, or unique address broadcast. The DA field in a unicast frame is the MAC address of the destination and is always a unique 6-byte number. An example of a unicast DA is 00-A0-EF-12-34-56 (hex). A switch directly forwards a unicast frame from source port to destination port. Most of today's LAN traffic consists of point-to-point transmissions.

Multicast Frames

Sometimes, the same source data needs to be sent to multiple receivers. This could be an email sent to everyone in a specific department within a company or a company-wide mailing list. Newer applications, such as server-based audio or video streaming (covered in Chapter 7, “Bandwidth: How Much Is Enough?”), also fall into this category of one-to-many communication. From a bandwidth-usage perspective, broadcasting to multiple users at once is much more efficient than generating multiple individual unicast transmissions for every individual user. The one-to-many transmission, broadcasting to multiple users at once, is called multicasting. One-to-many transmissions are becoming increasingly popular as new applications, such as server-based streaming, groupware, videoconferencing, and IP multicasting, become more mainstream. The receiver typically decides whether to join a specific multicast transmission. Multicasts are identified by means of a particular DA range of addresses. An example of a multicast DA is 01-80-C2-00-00-00 (which is a spanning tree multicast address).


Many recent one-to-many applications utilize IP multicasting, which is different from Ethernet multicasting. We discuss IP multicasts later in this chapter.

When Layer 2 switches do not know the destination address of a particular frame, they flood or forward the frame to all ports. Although this is not a multicast, it is similar in nature because it creates a lot of extra traffic on all segments.

Broadcast Frames

Broadcasts are one-to-all transmissions addressed to everyone on the network. A variety of sources can generate broadcast frames:

  • The spanning tree Bridge Protocol Data Unit (BPDU) (discussed in Chapter 4) is a typical example of a broadcast frame. This frame needs to be conveyed to all bridges and switches on the LAN to build one tree.

  • Some network operating system (NOS) clients and servers, such as NetWare, use broadcasts to advertise their presence on the LAN. Most networking protocols, such as IPX, AppleTalk, and NetBIOS, make regular use of broadcasts to discover addresses, routers, and servers.

  • IP routing protocols, such as RIP, SNMP, DVMRP, and ARP, use broadcasts extensively to discover routing paths, to exchange information about the optimal route, or to match IP and MAC addresses.

With broadcasts, the DA frame field is set to all 1s. This indicates to all stations on the LAN that this particular frame is destined for everyone. All broadcast frames have the destination address field set to all 1s (or FF-FF-FF-FF-FF-FF, in hexadecimal notation).

Broadcast Storms

Like Ethernet collisions, broadcasts have received a bad reputation over the years because they often do not represent an actual data transmission but more network Layer 2 or 3 overhead.

A unicast transmission will occupy only the direct path from source to destination, whereas a broadcast will permeate all corners of a network. Thus, many people view broadcasts as wasted bandwidth. The truth is that broadcast transmissions cannot be eliminated: They are part of the normal workings of any network. Only excessive broadcast rates are a problem, and they are typically the result of too large a network or faulty hardware. Excessive broadcast rates affect the net bandwidth available to users, causing the network to become very sluggish.

Faulty hardware or an incorrectly configured network can lead to the network being overwhelmed with broadcasts, also known as a broadcast storm. A broadcast storm describes a situation in which the entire network is used to transmit broadcasts, leaving no bandwidth for regular traffic. This will result in time-outs and network errors, which is the equivalent of freeway “gridlock.”

Really, only two possible things can create a broadcast storm:

  • Bridge loops (such as that shown in Figure 4.5 in Chapter 4) running without the spanning tree algorithm (STA) in operation. This is very rare, because most new bridges and all switches include STA. (Alternatively, STA could be disabled on a bridge or switch.)

  • The other, more likely, source of broadcasts is faulty hardware (NICs or switches). The device in question is malfunctioning and possibly sending out broadcast frames permanently.

Both scenarios are very unlikely these days; NICs now have an MTBF (mean time between failure) rate of well over 10 years, and all bridge switches include the STA.

Broadcast Domains

In a shared or repeated Ethernet segment, all nodes are in the same collision domain. A repeater is invisible to all nodes in a shared-media segment. Nodes operating in a shared environment collide with each other if they attempt a transmission at the same time. When two nodes collide, all other nodes hear the collision: hence the term collision domain. Collisions do not traverse a bridge or a switch; therefore, these devices form the edges or borders of a collision domain.

The broadcast domain is the network area that a broadcast frame will fill. As discussed in Chapter 4, switches or bridges operate at Layer 2 and blindly forward all broadcast traffic received (as well as all unknown destination address frames), making switches invisible to broadcasts. Figure 5.1 illustrates this.

Problems with Very Large Broadcast Domains

Theoretically, you can build very large networks with hundreds or even thousands of nodes using only Layer 2 switches. The term flat network is used because, from a hierarchical perspective, all these switches are on the same level: no higher level Layer 3 routers are present. In practice, the size of a flat, switched Layer 2 network has a limit. The following factors limit the size of a Layer 2 network:

  • Broadcasts grow with network size As previously discussed, broadcasts tend to travel everywhere within a switched network. Many NOSs and their associated protocols, such as NetWare, AppleTalk, LAN Manager, and LANServer, are rather chatty: They create a fair amount of broadcast traffic. That's because these network operating systems' protocols were designed to operate on local area networks where bandwidth has traditionally not been a problem. When enlarging a Layer 2 switched network from say 100 to 1000 users, the broadcast rate will grow at least tenfold, too. If your broadcast rate in a 100-user network is 2%, the 1000-user network will have a broadcast rate of at least 20%, which is a rather significant number. Even 20% broadcast traffic is tolerable, because it leaves you with almost 80% usable bandwidth in a switched environment. The good news is that TCP/IP is a very quiet (or, non-chatty) protocol because it was designed to operate over WAN links, where bandwidth is scarce. Therefore, as more networks migrate from other protocols to TCP/IP, the broadcast rate will decrease.

  • Control— The big issue with large networks is that a broadcast storm will crash the entire network. Although broadcast storms are extremely rare, the occurrence of one will bring your entire network to its knees, and 1000 angry users is nothing to sneeze at.

  • Lack of IP addresses— Networks using IP must contend with another issue: lack of IP addresses. In an IP environment, every node receives an IP address that is either permanently (statically) assigned or dynamically assigned via the Dynamic Host Configuration Protocol (DHCP). Only a maximum of 254 IP addresses can be assigned on a particular IP subnet, imposing an artificial limit on the maximum number of users in a particular broadcast domain.

Figure 5.1. For a repeated network, the collision domain and broadcast domain are the same. Introducing a bridge or switch creates two separate collision domains, yet all nodes still share the same broadcast domain.

The Old Way of Dealing with Large Broadcast Domains: Routers

Historically, you connected LANs together over short distances with bridges. You used routers to connect LANs together over extended distances. You joined these different LANs via multiple routers, sometimes with different path choices. Routers set up an optimum routing path depending on various criteria, therefore the term routers. Routers operate at Layer 3 and don't forward broadcasts or multicasts automatically, so LAN managers started using routers to link similar LANs over shorter distances. As corporate networks became larger, routers started moving to the center of the network to segment larger, flat Layer 2 networks into smaller broadcast domains or subnets. Routers became the centerpieces for large enterprise networks, using architectures such as distributed or collapsed backbones (more on this in the second half of this book) to generate multiple smaller subnets.

This solves all of the issues of large flat Layer 2 networks: Every subnet can have 254 IP addresses, broadcasts are contained within a subnet, possible broadcast storms only affect one subnet, and protocol routing still occurs. (This assumes a particular type of IP address, namely a Class C address.) Figure 5.2 shows a switched network that has been subdivided by means of a router. The nodes A, B, C, and D (shown in Figure 5.2) physically reside in the same broadcast domain, and nodes E, F, and G reside in broadcast domain 2. The limits for broadcast domains 1 and 2 are the outer physical boundaries set by switch 1 and switch 2. If, for example, node D wanted to join broadcast domain 1, the node would have to be physically moved and connected to switch 1.

Figure 5.2. Introducing a router into our previously shown network creates two different broadcast domains. Nodes A, B, C, and D are part of broadcast domain 1, whereas nodes E, F, and G are part of broadcast domain 2.


Interestingly, the broadcast rate in most pure Layer 2 networks is not excessive. What LAN managers fear most is the entire network coming to a halt. Unfortunately, broadcast storms can cause that, extremely rare as they are. So it is often the fear of broadcast storms, not of existing broadcast rates, that causes network managers to look for ways of dividing up larger Layer 2 networks into smaller broadcast domains.

So before you go out and buy more routers to segment your flat Layer 2 network to reduce broadcasts, we urge you to take a closer look at what exactly your broadcast traffic rate is. Chapter 7, “Bandwidth: How Much Is Enough?” discusses some tools that allow you to measure broadcasts. In our opinion, a 10% broadcast rate is quite acceptable.


Routers often subdivide a larger flat network into multiple broadcast domains. The router is placed at the center of the network to accomplish this. There's another reason why routers often are found at the center of large networks. Historically, different operating systems have all used different networking protocols. Only recently has TCP/IP emerged as the clear leader. For many years, Novell NetWare ran on IPX, Digital used LAT, Microsoft favored NetBEUI or NetBIOS, and the UNIX world was synonymous with TCP/IP. Then, of course, Banyan, IBM, Apple, and the like all used different protocols again. So most corporate networks required a powerful protocol router somewhere so that everyone could communicate with everyone else. Putting this router at the edge of the network wasn't very efficient because it meant the routed traffic needed to traverse multiple switches twice. Thus, routers became the centerpieces of larger mixed-protocol environments.


< Back Contents Next >

Save to MyCKS


Breaking News

One of the primary architects of OpenCable, Michael Adams, explains the key concepts of this initiative in his book OpenCable Architecture.

Expert Advice

Ralph Droms, Ph.D., author of The DHCP Handbook and chair of the IETF Dynamic Host Configuration Working Group, guides you to his top picks for reliable DHCP-related information.

Just Published

Residential Broadband, Second Edition
by George Abe

Introduces the topics surrounding high-speed networks to the home. It is written for anyone seeking a broad-based familiarity with the issues of residential broadband (RBB) including product developers, engineers, network designers, business people, professionals in legal and regulatory positions, and industry analysts.


From the Brains at InformIT


Contact Us


Copyright, Terms & Conditions


Privacy Policy


© Copyright 2000 InformIT. All rights reserved.