I've become ultra confused all of a sudden.
Switch is a layer 2 device. So this means it deals with frames (builds and examines them). So when it receives a frame, it looks inside to see where the destination mac address is. But since the mac address is on some further away network, and not directly connected to the switch, how in the world can it decide which way to send it? The switch doesn't have a routing table so theres no way of determining. So it either sends it down a trunk link or out all the vlans associated with the source port. Now if its sending the frame out all the vlan ports then this certainly does not break up broadcast or collision domains. Switches have no idea of the topology of a network and therefor must be sending frames out every possible hole they can to get rid of it.
But this would end up being huge problems. If I have a router on a stick topology, with trunk link. And a frame gets sent out all possible ports and a trunk link, the packet is going to get to the source, then after being routed through the router and come back it will be sent to the source again. Also isn't it making a storm if the router routes the packet back to the switch and the switch then sends the same packet down the trunk link, since everything gets sent to the trunk by default?
Or not even with a trunk link. Just linked up to any router. If the mac address isn't directly connected to the switch it must send the packet out every port it can because it doesn't have any idea what else to do with. And if it sends it to the router, and the router says, no it has to go back towards you, wouldn't the packet just go in circles for years with the router saying, "its in your direction", and the switching saying "i don't know where this is supposed to go, so i'll send it anywhere i can"
thanks for any help at all. really frustrated.
This is my understanding.
Topology: See Attached diagram
Host A wishes to communicate with Host B, which is on a different subnet. Say user on Host A typed ftp 22.214.171.124.
The TCP/IP stack on Host A will see that this host is on a different subnet, so Host A will check if a default route is configured. If no default router is configured, the FTP session will show a "host not found" type of message. If a default router is configured, Host A will send out an ARP request, seeking the MAC address on the default router.
The switch, when it receives this ARP broadcast, will note the MAC address which sent the broadcast and the port it arrived on and will enter this information into it's CAM table. The switch will then check its CAM table to see if it has an entry for the destination MAC address. If the switch has an entry for the default router it will pass the unicast the ARP request to the router. If the switch does not already have an entry for the router in its CAM table, the switch will broadcast this ARP out all ports in the same VLAN as Host A, except the port the request was received on.
The default router will respond to the ARP request and the switch will create the entry in the CAM table, noting the routers MAC address and the port to which it is attached.
The ARP response from the Router will be unicast back out the port Host A is attached to.
From this point on, traffic from Host A to Host B will leave Host A with the source IP and MAC of Host A, the destination IP address of Host B BUT the destination MAC address of the default router.
The switch will SWITCH the frames between the port the frames were received on (where Host A is connected) to the port where the Router is attached.
The Router will route the packet towards Host B by sending the packet down the trunked link towards the switch. The Packet will now have the source IP address of Host A, the source MAC address of the routers exit interface and the destination IP and MAC address of Host B.
When the switch receives this packet, it will check its CAM table to see if it has an entry for the MAC Address from which the packet came and the port on which it arrived. If it does not it will create the entry.
The switch will then check its CAM table again to see if it has an entry for the destination MAC address. If it does it will SWITCH the frame to the appropriate interface. If no entry exists, it will flood the first packet out of all ports in the VLAN to which the frame belongs, except the port the frame arrived on. Host B will respond to this broadcast and the switch will enter the MAC address of Host B and the port to which it is attached into its CAM table.
From this point on, all traffic destined for Host B will be switches to the port to which Host B is attached.
Traffic from Host B destined for Host A will leave Host B with the Source IP and MAC address of Host B, the Destination IP address of Host A BUT the destination MAC address of Host B's default router.
I hope that helps and does not cause more confusion for you.
A switch operating at it's most basic level, is exactly identical to a bridge.
As switches evolved, other switch-only features developed; things like VLANs and Etherchannel (and their associated protocols for management).
Spanning tree (used for L2 loop prevention) came over untouched from the bridging world (though it did evolve as well to accommodate VLANs, for example).
When a frame arrives at a port, the switch notes the source MAC and adds it to a table of MAC<->Port mappings (which port did I see this MAC?).
If the destination MAC is not in the table, the switch floods the original frame out all ports , except the one the frame was received on.
Note: Flooding is NOT broadcasting. Broadcast frames have all ones in the destination MAC, all hosts would have to process the frame to some degree. A flooded frame has the original destination MAC and only the host with that MAC would respond.
If the (previously unheard) destination host responds, the switch notes its Source MAC and adds it to the MAC <-> Host table for future reference.
Again, at basic level, a switch is exactly the same as a bridge. When you add other features (VLANs, Etherchannel) some accommodation must be made, either to the frame (VLANS) or the other participating switches (Etherchannel).
The following link covers most of the basics for all of the protocols and technologies very well. It's Cisco's Internetworking Guide (electronic version). The printed versions is a large, expensive book, the online version is free.
BTW: The other poster mentioned ARP. ARP is a layer three protocol for discovering and mapping and IP address to MAC as part of the IP suite. Basic (Layer 2) switches wouldn't know ARP.
Layer Three switches (which are essentially fast routers) would use ARP the same way as a router would.
Routers and Layer three switches would accomplish their Layer Two business exactly the same way a bridge would ... the mechanisms, within their contexts, always behave the same way ... L2 stuff is always L2 stuff, L3 stuff is always L3 stuff.
Check out the Internetworking Guide, it should answer a lot of your questions.
****** Corrections to my previous post******
First as Scott rightly points out, in my previous post I used the term "Broadcast" where I should have used the term "Flood".
In my previous post I wrote
"If the switch does not already have an entry for the router in its CAM table, the switch will BROADCAST this ARP out all ports in the same VLAN as Host A, except the port the request was received on. "
When I should have written
"If the switch does not already have an entry for the router in its CAM table, the switch will FLOOD this ARP out all ports in the same VLAN as Host A, except the port the request was received on."
In my previous post I used the term "unicast" when I should have used the term "Switched".
In my previous post I wrote
"The ARP response from the Router will be UNICAST back out the port Host A is attached to. "
When I should have written
"The ARP response from the Router will be SWITCHED back out the port Host A is attached to. "
Finally, Scott wrote that I mentioned ARP and as this is a layer 3 protocol for discovering and mapping IP addresses to MAC addresses, a basic layer 2 switch would not know ARP.
I mentioned that Host A would initially send an ARP request for the MAC address of the default router. I don't believe I mentioned that the Switch would send an ARP and even after reading my initial post again I can not see how this is implied. However I apologise if from reading my initial post, I conveyed that a switch would initiate an ARP request, as this, as Scott rightly points out would not be possible on a switch operating at layer 2.
ARP -is- a broadcast protocol.
It would be carried in a broadcast frame. The L2 switch -would- broadcast an ARP because the destination would be all ones.
I just skimmed your post (sorry) and didn't realize you were speaking of so much activity external to the switch.
Most of what you corrected was right in your initial post ("ARP response is unicast", etc), because I didn't read the post thoroughly I thought you were putting those functions into the L2 switch.
For the OP ... VLANs operate as if all the different VLANs are logically separate segments. The sending host wouldn't send to a MAC address it doesn't know ... ARP (in the case of IP) would get the MAC if it's local, or if the L3 / IP address was "off net" then ARP is going to get the Default Gateway address and let the routing table of the default router figure out where to send it.
Until the packet (not frame) reaches an L3 device that is directly connected to the destination host's segment, then ARP happens, gets the MAC, encapsulates the frame with that MAC as a destination (the router's egress interface's MAC is the Source MAC), and puts the bits to the wire.
Apologies to both OP and Michael,
I'll make an effort to read a little better ....;-}
Hmm. Am I safe to say that when a frame arrives at a switch, the destination mac addresss is the switch it just arrived at? Or is the destination mac address the mac address of the final host it is trying to get to?
If the topology is: Host A -> Switch1 -> Switch2 -> Switch3 -> Host B
and when host A tries to ping host B, the packet should arrive at switch1, switch1 won't have the "destination mac address?" in its table and so it floods the frame. My main question is how or why would Switch2 know its supposed to respond to that frame since it doesn't have hostB's mac address in its table it should ignore that packet? or does it accept all frames and then flood all frames that it doesnt know where they are headed?
0y this is more confusing now. i'll read that link to hopefully clear this up. thanks guys
In your topology example "Host A -> Switch1 -> Switch2 -> Switch3 -> Host B", for Host A to have any chance of communicating with Host B, they would have to be in the same VLAN/Subnet, as you have no layer 3 device to route between different VLAN's/Subnets.
Therefore when Host A wants to send a frame to Host B it would check its own MAC address table to see if it has an entry for Host B. If it does, it will send the packet with the frame towards Host B. The source MAC addresses will be that of Host A and the destination MAC addresses will be that of Host B.
If Host A does not have the MAC address of Host B it will send an ARP request out on to the wire to Sw1.
Either way, as this is a single VLAN/Subnet, the way Sw1 and the other switches treat the frame will be exactly the same.
Sw1 will receive the frame and check the source MAC address against its CAM table. If no entry exists, it will add the MAC of Host A plus the port to which Host A is connected to its CAM table. If an entry does exist, it will then examine the destination MAC address to see if it has an entry for it. If it has an entry it will forward (switch) the frame out through the interface through which Host B can be reached (This would be the uplink port to Sw2 in this case). If no entry exists, it will flood the frame out of all ports which are in the same VLAN as Host A, except the port the frame arrived on.
SW2 will receive this frame and it will check its own CAM table. If it no entry exists for Host A's MAC address, an entry will be added. If an entry does exist, switch be will then check the destination MAC address.
If it has an entry for Host B, it will forward (switch) the frame out of the port through which Host B can be reached. If no entry exists, it will flood the frame out of all ports which are assigned to the same VLAN as Host A. Sw3 will receive this frame.
It will check its CAM table to see if it has an Entry for Host A. If not it will add one. If it has it will check the CAM table for an entry for the MAC address of Host B. If it has one, it will forward (switch) the frame out the port through which Host B can be reached. If no entry is found then Sw2 will Flood the Frame out of all ports which are assigned to the same VLAN as Host A.
Once Host B responds to the initial frame,
Host A will have the MAC of Host B
Sw1 will know that to get to Host B it sends frames out through the port through which it connects to SW2. To get to Host A it sends the frames out through the port to which Host A is connected.
Sw2 will know that to get to Host A it sends frames out through the port to which it connects to SW1. To get to Host B, it sends frames out through the port through which it connects to SW3.
SW3 will know that to get to Host A, it sends frames out through the port through which it connects to SW2. To get to Host B it sends frames out through the port to which Host B is connected.
At all times in this scenario, when Host A sends traffic to Host B, the Frame will have the source MAC of Host A and the destination MAC of Host B. Like wise when Host B sends data to Host A, the frames will have the source MAC of Host B and the destination MAC of Host A.
What you want to understand is how a switch builds its MAC address (CAM) table.
It checks the source MAC first, If an entry exists, then it checks the destination MAC. If no entry exists, then the switch creates and entry and then checks the destination MAC address. If an entry exists the frame will be switched to the relevant port. If no entry exists, then the frame is flooded out of all ports (in the same VLAN as the frame of the originating host) except the port the frame arrived on.
Thanks for getting back. However I believe I did use incorrect (or at least inconsistent) phrasing in my original post, interchanging flooding with broadcasting and switching with unicast.
If I am going to attempt to explain something to somebody, I should at least make sure I have used the correct terminology and also been consistent in its use.
Excellent link by the way.