|
Switchs operation A switch can connect Ethernet, Token Ring, Fibre Channel or other types of packet switched network segments together to form a heterogeneous network operating at OSI Layer 2 (though there may be complications caused by the different MTUs of the standards). As a frame comes into a switch, the switch saves the originating MAC address and the originating (hardware) port in the switch's MAC address table. This table often uses content-addressable memory, so it is sometimes called the "CAM table". The switch then selectively transmits the frame from specific ports based on the frame's destination MAC address and previous entries in the MAC address table. If the destination MAC address is unknown, for instance, a broadcast address or (for simpler switches) a multicast address, the switch simply transmits the frame out of all of the connected interfaces except the incoming port. If the destination MAC address is known, the frame is forwarded only to the corresponding port in the MAC address table. If the destination port is the same as the originating port, the frame is filtered out and not forwarded. Switches, unlike hubs, use microsegmentation to create collision domains, one per connected segment. This way, only the NICs which are directly connected via a point-to-point link, or directly connected hubs are contending for the medium. If the switch and the equipment (other than a hub) it connects to support full-duplex then the collision domain is eliminated entirely. The higher level operation also allows some more advanced features that would be impractical with simple hubs. For example Virtual LANs can be used in switches to reduce the size of the broadcast domains and at the same time increase security and switches can also implement spanning tree protocol allowing use of redundant links. Forwarding methods There are four forwarding methods a switch can use: Note that "cut through" switches have to fall back to "store and forward" if the outgoing port is busy at the time the packet arrives. Some switches will begin to function as a network hub if the buffer/queue overflows from heavy traffic. Note that these forwarding methods are not controlled by the user and are configured only by the switch itself. Form factor Possibility of configuration Unmanaged switches have no configuration interface. They are typically found in SOHO environment. Configuration options for managed switches vary with manufacturers and models. You can access the configuration interface for managing your switch (hence the name). Older models use a serial console, more recent devices use a web interface. (Sometimes you can configure them via pushing buttons on the switch also.) They are found in medium/large network environment and come at a higher price and quality (eg. backplane with higher transfer speeds). The task of managing usually requires understanding of Layer 2 networks (eg. Ethernet). Smart (or intelligent) switches are usually managed switches with a limited set of features. Possible features (slightly in the order of basic to advanced features): Performance specs? - Switch Fabric (definition needed) - MAC table size - RAM buffer size - Network Protocol and Standards - optional ports (fiber, SFP Expansion Slots, etc) - auto port speed detection, configuration Frame capturing (and other network administration tasks) can be difficult in a switched ethernet. Port monitoring addresses this problem with replicating the traffic from all ports (or VLANs) onto a single port, on which you can set up an isolated monitoring network. Link aggregation allows you to use multiple ports for the same connection achieving higher data transfer speeds. Creating VLANs can solve collision problems and serve security goals (by reducing the broadcast/collision domain). Form of power source Hubs vs switches A hub, or repeater, is a fairly unsophisticated broadcast device. Any packet entering any port is broadcast out on every port and thus hubs do not manage any of the traffic that comes through their ports. Since every packet is constantly being sent out through every port, this results in packet collisions, which greatly impedes the smooth flow of traffic. A switch isolates ports, meaning that every received packet is sent out only to the port on which the target may be found (assuming the proper port can be found; if it is not, then the switch will broadcast the packet to all ports except the port the request originated from). Since the switch intelligently sends packets only where they need to go the performance of the network can be greatly increased. More expensive switches can also do several other operations, such as isolating ports from each other by placing them in different VLANs, or allowing snooping by copying all packets on some set of ports to a special "sniffer" port. This leaves the question of when a switch is most appropriate, versus a hub. If most of the network traffic involves only a few ports, then there will be little performance gain achieved by upgrading from a hub to a switch. But if the traffic involves more than a few ports, using a switch can yield a significant improvement in performance. Also, modern Fast Ethernet switches designed for small office / home office (SOHO) use are priced comparably to hubs, making use of a hub somewhat pointless if new equipment must be purchased anyway. Because data is only routed through the correct port and not broadcast indiscriminately as with hubs, switches are somewhat more secure. Were a user with the intent of capturing other users' data to run Ethereal in promiscuous mode while connected through a switch, they'd find that they'd only see their own data. In contrast, a hub would broadcast all traffic that is not encrypted to all users. This said, even the extra security provided by switches can still be breached with techniques such as MAC flooding and ARP spoofing. Flaws It is difficult to monitor traffic that is bridged using a switch, because all ports are isolated until one transmits data, and even then only the sending and receiving ports are connected. Two popular methods that are specifically designed to allow a network manager to monitor traffic are: Other methods (which could be classified as attacks) have been devised to allow snooping on another computer on the network without the cooperation of the switch: See also | ||||||||||
|
| |||||||||||
 |
|
| |