What do network switches do?
Network switches are hardware devices which provide OSI layer two connectivity between devices. They are used to build networks – as opposed to routers which connect networks. Here we will focus on Ethernet switching although other types of switch exist – such as ATM and Frame Relay.
In terms of TCP/IP, basic switches don't understand IP at all. The identities that switches use for communication are device MAC addresses. In a small network, a switch might just connect to user devices and servers, but in a more extensive network, they will also connect to other switches. Switches can have a lot of interfaces, also known as switchports (ports) to allow the connection of many devices. Ports may have different speeds such as Fast Ethernet and Gigabit Ethernet. Switches sometimes have a modular design allowing you to add more ports as needed without having to buy a whole new switch.
What do switches do?
Switches have three purposes in life:
Learning MAC addresses
Filtering, forwarding and flooding frames
For now, we won't worry about how switches avoid loops – just know that they can.
How do switches learn MAC Addresses?
Switches have a MAC address table - also known as a Forwarding Information Base (FIB). It can also be called a CAM table (due to the Content Addressable Memory that it may be stored in).
The MAC address table lists the MAC addresses that the switch has seen frames from (i.e. in the source address field) and which switchport it is reachable on.
MAC Address Table
01:ab:23:cc:45:dd Gi0/3 01:ab:23:ee:45:ff Gi0/5
When you first turn on a new switch, this table will be empty.
Every time the switch receives a frame:
It looks at the source address.
If the source address isn't in the CAM table, then it gets added, along with the port that the frame was received on.
Remember – MAC address learning is based solely on the source address of Ethernet frames it receives.
Filtering and Forwarding Ethernet Frames
Switches receive Ethernet frames and can do one of three things with each frame:
Forward out of a single interface.
Flood out of all interfaces (except the one that the frame came in on).
Filter the frame by 'dropping' it.
It decides what to do based on the destination MAC address of the frame. The process will vary depending on whether it is a unicast, broadcast or multicast address. For now, we will focus on the first two cases.
First, the switch looks up the destination address in its MAC address table. And what happens next depends on whether the destination address has an entry in the table or not.
If the destination MAC address is already in the MAC address table, then the switch will forward this frame out of the port associated with that address in the table.
If the destination MAC address isn't in the FIB, then the switch will 'flood' a copy of the frame out of each port except the port that it came in on. Therefore, if the destination is reachable from the switch, then the frame should get to it. If the destination device replies, then the switch will 'learn' the address and port of that device so that future frames don't need to be 'flooded' out to every reachable device.
If the switch receives a frame with the broadcast MAC address set as the destination (FF:FF:FF:FF:FF:FF), then it will flood the packet out of all interfaces (except the interface that the frame was received on). Therefore, the frame is 'broadcast' to all devices connected to the switch.