×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Overview of Layer 2 Switched Networks and Communication

Document

Tue, 05/17/2016 - 19:48
Jul 23rd, 2011
User Badges:

General Overview of Layer 2

Layer 2 is Data Link Layer (DLL) as per OSI Model. As we know function of each layer is to provide services to above layer, so DLL provide various services to Layer 3: Network Layer. Various services which DLL provides are:


  • Framing network layer data packets.
  • Flow Control
  • Multiple Access control using CSMA/CD (Carrier Sense Multiple Access / Collision Detection) in wired network and CSMA / CA (Collision Avoidance) in wireless network.
  • Physical Addressing
  • Switching
  • Quality of Service (QoS)
  • Virtual LAN’s (VLAN)

             & some more.

Data Link Layer is basically divided into two sub-layers:


  • Logic Link Control (LLC): Provide services to upper layer.
  • Media Access Control (MAC): Perform Layer 2 functions like switching, physical addressing etc.


Basically what I am going to explain in this article is, how inter-communication happens in data network between two devices at Layer 2 (Switching).

Physical Addressing and Switching


Network is a group of devices connected to each other. On Layer 2, devices can communicate within a single network only. Layer 2 devices cannot span multiple networks, for multiple networks Layer 3 support is required.  Each device in a single network needs to be identified uniquely. At Layer 2, unique identification is done via physical addressing scheme. Device hardware (NIC Card) which provides interconnection has unique physical address assigned to it known as MAC Address. MAC address is of 48 bits, written in hexadecimal form separated after 8 bits with either colon (:) or hyphen (-). Example address: 00:80:48:5C:1A:52. So each machine will have unique physical address by which machine is identified. Total MAC Address is of 6 bytes. Each manufacturer is allotted with first 3 bytes of MAC Address which act as series prefix for all the NIC’s by that company, last 3 bytes are unique within one series. By this way no MAC address of one company can clash with another nor within company series.  Communication among devices at layer 2 is done via some interconnecting device, which forms connection between each host machine or network devices (router, wireless, etc). Switch is that device which provides interconnection. Switch has ports (physical interface) at which wires from various network devices or host machines connect. All devices in a network are connected to a switch which interconnects them; this is Layer 1 (inter-connection).  Now let’s get into deep understanding about how communication is done after interconnection. For this we need to understand working of switch.

Working of Switch


Switch is an interconnecting device with 16 or 24 ports in common. All other devices are connected to these ports. Whenever any machine sends packet to any other machine, source machine send packet to switch, switch then forwards it to destination machine. Each packet which comes to switch contains source and destination physical address in it, on basis of which switch forwards packet to other machine. Switch always sent packet based on destination MAC address. Its process is as follows: (process also known as Switching)


  • When switch receives a packet from any device, it checks for its destination MAC address.
  • Then switch compares destination MAC address with its MAC Address Table for corresponding MAC address.

      • If MAC Address is found, packet is sent out to port against which MAC Address was matched.
        • If entry is not found, Unknown  unicasts (when the switch  doesn't have a port mapping for a destination  mac address in the frame)  are treated like broadcasts by Layer Two  devices, and are flooded out  of all ports except the port on which the  frame originated.

    Now question comes, how does switch knows on which port destination machine is connected? For this switch uses one table in its cache memory called MAC Address table or Forwarding Table in which switch stores that at which port which machine is connected by storing its physical address (MAC Address). So table contains two columns (Physical Address and Port Number) and rows equal to number of ports in switch.  When switch is turned ON, by default there is no entry in MAC address table, as communication starts, based on devices involved entries are created in table. 

    Working of Address Resolution Protocol (ARP)


    ARP is a layer 2 protocol, used for obtaining MAC address of any devices within a network. Host machines use ARP protocol to obtain MAC Address. ARP protocol in conjunction with Layer 3 IP Protocol addressing (IP Address).  Host machine uses ARP because when machine needs to send packet to another device, destination MAC address is needed to be written in packet sent, so host machine should know the MAC Address of destination machine. Operating Systems also maintain ARP Table (MAC Address Table).  To obtain MAC address, ARP performs following process: (ARP request by host machine)
    • Source machine generate ARP REQUEST packet with source MAC address (of this machine), source IP address (of this machine) and destination IP address and forwards this packet to switch.
    • Switch receives the incoming packet and reads the source MAC address and checks its MAC address table, if entry for packet at incoming port is found then it checks its MAC address with the source MAC address and updates it, if entry not found then switch add and entry for incoming port with MAC address.
    • All ARP REQUEST packets are broadcasted in network, so switch broadcast ARP REQUEST packet in network.
    • (Broadcast are those packets which are sent to everyone in network except the sender, only in network to which it belongs, it cannot span multiple networks)
    • All devices in network receives ARP packet and compare their own IP address with the destination IP address in that packet.
    • Only the machine which matches the both will reply with ARP reply packet. This packet will have source IP of this machine (which was destination machine in previous packet, as now its replying this machine will be the source machine) , source MAC address, destination MAC address (same as source MAC address in REQUEST packet) and destination IP address (same as source IP address in REQUEST packet).
    • Then switch reads the ARP reply message and add entry in its MAC Address Table for port number on which it has received packet by reading its source MAC address field and forwards that packet to destination machine (source machine in REQUEST packet) as its MAC is in destination MAC address.
    • Further host machine add destination machine entry into its ARP table.
    This using ARP resolution switch and other devices in network obtain MAC address of any other device in a network. Remember ARP works on broadcast, so it works only in single network.

    Final Layer 2 Communication Process


    Now finally let’s see how devices communication occur at Layer 2.  Example Newtork Suppose Machine A needs to communicate with Machine D, following will be the process at Layer2:


    Summary Process

    • Machine A lookup’s for Machine D MAC address in its ARP table.


      • If MAC Address found then packet is formed and sent to Switch A.
      • If MAC address not found then ARP Request is generated and MAC address is obtained.


    • Switch A receives packet and checks for MAC Address in its MAC Address Table.


      • If MAC Address matched it will forward packet on matched port number.
      • If MAC Address not found then the packet is broadcasted to all ports, except on which it has received the packet.


    • Machine D receives packet from Switch A which was sent by Machine A.
    • When Machine D will reply, same process will be followed as switching is done.



    Detailed Process


    • Machine A lookup’s for Machine D MAC address in its ARP table. If MAC address is not found, machine A will send ARP Request for MAC address of machine D (using Machine D IP Address) and sends packet of Switch A.
    • Switch A will receive and read packet and add Machine A physical address in its MAC Address table to which Machine A is connected.
    • After that, switch will broadcast ARP Request packet in network.
    • All machines in network except Machine A will receive ARP Request packet. Then all machines will check for Destination IP address and compare with its own IP Address.
    • Only Machine D IP address matches with destination IP address as packet was intended for that machine.
    • Machine D will reply with its MAC Address (as per ARP working).
    • Switch A receives ARP Reply packet, and will add physical address of Machine D in its MAC Address table against corresponding port on which it received reply.
    • After adding entry it will check for destination MAC Address and compare it with its MAC address table.
    • Based on MAC Address table entry, it will forward packet to corresponding port number against which successful match was found.
    • Host machine will receive ARP Reply and add MAC address to its ARP table.
    • Then machines forms complete data packet and sends it to Switch A.
    • Switch A receives packet and updates it’s MAC Address Table and based on Destination MAC Address match with its MAC Address Tables, forwards packet on corresponding port.
    • In same manner other machine will reply and same process will repeat as point 12 and 13.
    Unknown  unicasts (when the switch  doesn't have a port mapping for a destination  mac address in the frame)  are treated like broadcasts by Layer Two  devices, and are flooded out  of all ports except the port on which the  frame originated
    Loading.
    nga26111981 Tue, 11/19/2013 - 06:38
    User Badges:

    In detailed process, there is one error on the 7th line last word.....It's not "on which it received request" rather "on which it received reply" and it was good explanation.... One thing I would like to ask is that What will happen in a situation in which a PC 'A' is making a arp request to PC 'B' both connected to a layer 2 switch (same switch) and switch already know the mac address of PC 'B'.... Will the layer 2 switch respond to the arp query of PC 'A' by providing it the mac address of PC 'B' and no need to broadcast frame....? Please let me know as this argument was heated between me and my trainer in CCNP lecture..

    Sakun Sharma Wed, 11/20/2013 - 17:43
    User Badges:

    Hi Naresh,


    Thanks for correcting me.


    And about your question, Switch will not reply for the ARP request generated by PCA, it will broadcast the ARP request and only PCB will reply for the ARP Request packet.


    We know that device check for the IP address in the ARP packet, so it matches only for PC B, so only PC B will reply for the ARP Request generated by PC A even when switch knows the PC B MAC Address.


    Regards,

    Sakun Sharma

    harish.bhat10 Thu, 01/08/2015 - 02:29
    User Badges:

    Hi Sakun,

    You said, switch will not reply for the ARP request generated by PC A. Afaik, switch maintains ARP table, so when it gets ARP reqeust from PCA, wouldn't it check its ARP table and send ARP reply?

    If not, may I know the purpose of ARP table in switch.

    Looking forward for the answer.

     

    Thanks,

    Harish Bhat

    Sakun Sharma Thu, 01/08/2015 - 20:55
    User Badges:

    Hi Harish,

     

    No switch will never reply back for any ARP request because Switch do not have sufficient information to do that, that means switch cannot reply even if it wants to.

     

    ARP - Address Resolution Protocol - It is a Layer 3 address (IP Address) to Layer 2 address (MAC address) mapping, means IP to MAC mapping. It is required because devices in Local network communicate over MAC address.

     

    Now in ARP request Source machine basically ask what is the MAC address of the machine which has this particular IP Address. Swiches has MAC address table in which it maps, port number of switch with MAC address. Switches never know what is the IP Address of that machine, because Switch is a Layer 2 device.

     

    So that is why Switch never reply back to ARP request, because which does not understands IP Address, so switch never knows which IP is which MAC address.

     

    Switches has MAC address table to make forwarding decision, which frame need to be forwared to which port number, that is why Switches have MAC address. If Switches do not have MAC address table, every frame they will receive, it will simple flood (Broadcast) that frame, same as HUB, which will again be a huge performance degradation.

     

    For detailed working of ARP and Switch working, you can go through my video tutorial from the below link:

    https://www.youtube.com/watch?v=5hsReTf2Ts0

     

    Regards

     

    Sakun Sharma

    harish.bhat10 Fri, 01/09/2015 - 00:00
    User Badges:

    Thanks Sakun for the detailed explanation. I still left with ambiguous question as to why switch has ARP table? and what is the use of it?

    Sakun Sharma Fri, 01/09/2015 - 00:23
    User Badges:

    Switches do no have ARP table instead they have MAC Address Table, where as in Operating Systems like Windows, Linux, MAC we have ARP Table.

    ARP Table - IP to MAC mapping (Layer 3 to Layer 2 Mapping)

    MAC Address Table - MAC Address to Port Number mapping (Layer 2 to Layer 1 Mapping)

     

    Switches are interconnecting devices which are advance version of HUB. In case of HUB which was Layer 1 device, whenever it receive any signal on any port, it simple replicate the same electrical signals on other ports except on which it has received.

    Problem with HUB:
    1. Broadcasting nature

    2. Security Issue because everyone is receiving the data

    3. Shared bandwidth - only one device can send data at one time, if multiple tries, it results in collision.

     

    Switches

    Switches works on Layer 2, meaning Switches can understand MAC address.


    MAC Address Table

    It is a table in Switch memory in which it keep record on what port which machine is connected by storing the machines MAC address with the port number. That means, it has mainly two columns - Port Number and MAC Address. Ex. Port 1 - 00:0E:46:34:FE:3F


    Working of a Switch:

    1. Whenever Switch receive any frame from on any port, Switch will open the Ethernet Frame and look Destination MAC Address.

    2. Switch will look in its MAC Address table and search for destination MAC address.

    3. If Switch finds the MAC address in Table, Switch forward frame only on the port on which that machine is connected based on MAC Address Table entry which is unlike HUB which broadcast every frame.

    4. If Switch cannot find destination MAC address in the table, in that case, Switch will flood (Broadcast) that frame.

     

    So MAC Address table helps switch to make forwarding decision, that which frame need to be forward to which port number (unicasting nature), instead of broadcasting.

     

    Switch Benefits:

    1. Unicast nature (one-to-one communication)

    2. More secured than HUB - as not everyone receive every frame

    3. Non-shared bandwidth, each port has its own bandwidth.

     

    Hope this helps.

     

    Cheers,


    Sakun Sharma

    harish.bhat10 Tue, 12/29/2015 - 03:06
    User Badges:

    Hi Sakun,

    I have a question w.r.t multiple mac address associated on a switch port.

    This is the case with Virutal Machines running on the host.

    Lets take an example of VMware, where and ESXi host has multiple VM's running and each having its own MAC address.

    Please see the attachment. The VM's are connected to Virtual switch ports and the virtual uplink port of the switch is connected to physical NIC which inturn is connected to physical switch.

    As per VMware, when we create virtual switch the default option "Notify switches" is set to "yes", which means the ESXi host sends RARP packet with source MAC address as the VM and destination MAC address as FF(broadcast) for all of the VM's connected to virtual switch.

    With this the physical switch knows that whenever it receives any frame destined to any of the above VM, it has to forward the traffic to the physical NIC where the ESXi host is connected.


    My question is, will Switch maintains multiple MAC addresses per port?


    I guess this scenario is also possible, when switches are interconnected to each other and multiple mac addresses are maintained per port.

    can you please clarify on this?

     


    Regards,

    Harish

    Attachment: 
    llakshitha1 Wed, 12/30/2015 - 19:03
    User Badges:

    hi sakun,

    my question is by ARP request switches can understand the mac address. so every time pc try create a packet he send a ARP.(if mac doesnt found in arp table of os) so by that ARP switch will learn mac of the source and by reply arp switch will learn destination mac. in this moment frame reach destination without any trouble. 

    what happens if frame comes to the switch and now switches doesn't have a mac? (lets assume that though it learn source and mac by arp now he update mac table). does switch flood that frame? if he flood frame goes to every port. so how other nic s drop that packet and get the correct nic?

    because when arp there reply came and they can figure out this is the destination. now they cant. 


    please figure out this for me.

    Sakun Sharma Wed, 12/30/2015 - 22:05
    User Badges:

    Hi llakshitha,


    Firstly, every ARP request frame is flooded on each and every port, except on the port switch has received it. And every ARP reply is a unicast frame (one to one communication). So when every devices in network receive that frame, they check the ARP request header and check the IP address, if IP Address of ARP request matches their IP, they will reply back, else they will discard that ARP request. So in this case, the one machine for which the ARP request is generated will reply.


    Secondly, if a switch receive a frame and it doesn't know the destination MAC address (do not matter which frame it is), switch will flood that frame on every port like HUB except on port it has received it - these frames are called Unknown Unicast Frames. In this case, when all machine receive this frame which is not intended from them, they look at the destination MAC address, check with their own MAC, if it doesn't matches, machines will discard it.


    Kind Regards,

    Sakun


    llakshitha1 Tue, 03/22/2016 - 05:10
    User Badges:

    i have q question on binary values of the ip address.

    256   128   64   32   16    8      4       2   - hosts

      2       4     8    16    32   64   128   256 - sub nets 

    128    64   32   16    8      4       2      1 - binary value

      1       1     1     1     1      1       1      1 - bits

    2^7   2^6   2^5  2^4  2^3 2^2   2^1  2^0 =255

    we can write up to 255. we have 256 address including 0.basically hosts means number of addresses. in this table the binary value really means the number addresses? for ex 2^7=128 does it means we have 128 addresses? or does it means it is the value of that position. if it is the number of addresses how 2^0th position bit can have 2 host?

    when i see this table i feel it is the addresses because u all have 256 addresses. by dividing the number of addresses you get the number of sub nets. 256 sub nets means 256 addresses because in that position 2^0 position is 1 so it should have 1 address. how does it become 2 in the host row?

    if we calculate 2^0 has to have two host it should be 1 and 0.in the 2^1 position we can have answer from the same technique. we have 00,01,10,11.four hosts

    if i think binary value means the number of addreses the bit in the 2^0 position have 1 address that is why 256 subnets there.but if i go in the same theory to the host table it is not the same please explain to me it is confusing

    Sakun Sharma Thu, 05/05/2016 - 20:11
    User Badges:

    Hi llakshitha


    Apologizes for late reply.


    If we look from octet point of view (xxx.xxx.xxx.xxx), binary values in your table are number of addresses (hosts). In one octet you can have either  256 hosts or 256 subnets based on binary bits. If all bits are 1, you will have 256 subnets with 1 host each, if all binary bits are 0, you will have 256 hosts in 1 subnet.

    Let take example for 2^0 (last bit in octet - right-most / Least Significant Bit (LSB)):
    Binary value - 1
    Number of hosts - 1
    Number of subnets - 256
    Subnet Mask - 255

    2^1:
    Binary value - 2
    Number of hosts - 2
    Number of subnets - 128
    Subnet Mask - 254

    If we build a table, it will look like this:

    128 192 224 240 248 252 254 255 Subnet Mask
    2 4 8 16 32 64 128 256 Subnets
    128 64 32 16 8 4 2 1 Host(s)
    1 1 1 1 1 1 1 1 Bits
    2^7 2^6 2^5 2^4 2^3 2^2 2^1 2^0 Binary position value



    Hope this gives you some clarity.

    rastogiabhinav20041 Tue, 05/17/2016 - 19:48
    User Badges:

    Hello Mr. Sakun! I am new to IP World.

    1) I want to know more about the logic behind subnetting?

    2) how subnetting is done?

    3) what is the logic behind of not using Network ip for hosts or why it is not assigned to hosts?

    4) and in case if we can use this Network ip for 1st host in that network and can tell all other hosts that they all comes under that Network IP only and which is assigned to first host? this way can't we save one of the IP from each subnet?

    5) why don't we use 0.0.0.0 or what is the logic behind of not using ip address 0.0.0.0 for hosts?

    6) why do we require broadcast address ?

    7) is it possible to assign network ip as gateway ip ?

    8) and what is the complete flow of communication between 2 hosts while communicating using HUB only?


    That will be a great help from you, if you could clear these some of my doubts/ quries.


    Thanking you in anticipation.


    With Best Regards,

    Abhinav Rastogi

    Sakun Sharma Wed, 12/30/2015 - 21:54
    User Badges:

    Hi Harish,


    Yes switches can store multiple MAC address on one port.


    In your case, switch will store all the VM's MAC Address on the same physical port in its MAC address table. When you run command 'show mac address-table', it will list all VM's MAC addresses associated with that one port. If you want to check MAC Addresses associated with a single port you can also use command 'show mac address-table | in Gi0/0/1'.


    Just for information, one switch port can have multiple devices MAC addresses associates, but one device MAC address can be associated to only one port, switch cannot have one MAC on two different ports. If it learns same MAC on a different port, it removes old port entry and add a new port entry for the same MAC.


    Kind Regards,

    Sakun

    harish.bhat10 Thu, 12/31/2015 - 03:05
    User Badges:

    Hi Sakun,

    As always, you have provided the detailed explanation.

    Thanks a lot.


    Regards,

    Harish

    vaibhavakhil211 Sat, 08/08/2015 - 23:14
    User Badges:

    Hi Sakun,

    Actually I have doubt, you said that switches do not maintain ARP table, but I have seen switches that maintain ARP table. So, My question is does layer 2 and layer 3 switchs maintain ARP table or not.

    looking forward for answer.

    Thanks and Regards,

    Vaibhav Verma

    Sakun Sharma Sun, 08/09/2015 - 01:21
    User Badges:

    Hi Vaibhav,

     

    Yes from switching perspective there is no role of ARP table, but switches do maintain an ARP table.

    Layer 3 Switches are the one which will have large ARP table and records of the machines connected in your network if its an Inter-VLAN routing switch, else managed switches on which you can configure IP Address for management maintain a small ARP table like host machines do, just to communicate to devices in management Vlan.

     

    Regards,
    Sakun

    jferraris Sun, 05/04/2014 - 02:05
    User Badges:

    I want to say this was the clearest explaination of a common layer 2 working example while providing all the needed information about the involved technologies.

    I appreciate your simple but powerful write!

    Thanks,

    JF

    elizabeth.biwan1 Wed, 05/18/2016 - 00:22
    User Badges:

    Layer 2 refers to the Data Link layer of the commonly-referenced multilayered communication model Open Systems Interconnection (OSI). Lortab The Data Link layer is concerned with moving data across the physical links in the network. In a network the switch is a device that redirects data messages at the layer 2 level using the destination Media Access Control (MAC) address to determine where to direct the message.Lortab Pills

    Actions

    This Document