know VLANs
In this chapter, I dig deeper into two of the most basic and ubiquitous networking devices: switches and routers. Every network has at least one switch and one router, and all but the smallest networks have more than one switch. These components are the basic building blocks of networks, so understanding what they do and how they work is essential to properly designing, implementing, and maintaining a network that functions well.
Besides switches and routers, this chapter also introduces the concept of virtual local area networks (VLANs). A VLAN is a fancy technique that lets you split a single physical network into two or more logical networks. VLANs are one of the key techniques for organizing a network in a way that will allow the network to scale up as your organization grows. Small networks don’t need to worry about VLANs, but even in a relatively small network, it pays to know what VLANs are. Introducing VLANs into your network before you actually need them will simplify your life as your network grows.
Understanding Switches
In the previous chapter, I explain that a hub is a layer-1 device that simply repeats all incoming network data to all its output ports. In other words, if a hub has eight ports, any input data that arrives on port 1 will be amplified and repeated on ports 2 through 8. A hub is an unintelligent device — the hub doesn’t know or care what the intended destination of the incoming data is. It simply sends the data to all its ports, hoping that the intended recipient is on one of those ports. (Actually, using the term hope here is misleading, because as I said, the hub not only doesn’t know who the intended recipient is but doesn’t even care. Hubs have no capacity for hope.)
Figure 3-1 shows a simple network with four computers connected via a hub. In this example, Computer 1 is sending data to Computer 4. As the figure shows, the hub doesn’t know that the intended recipient is Computer 3, so it sends the data not just to Computer 3, but also to Computer 2 and Computer 3 as well.
FIGURE 3-1: A hub repeats all incoming data on all its ports.
To understand why hubs even exist, or at least did exist in the distant past, we need a little history lesson. Ethernet was invented in the late 1970s and first became commercially available in 1980. From the very beginning, Ethernet used what is called shared media to connect devices in a network. The basic idea of Ethernet is that data is sent over network cables in the form of packets, which follow a well-defined structure. The key elements of the original Ethernet were (and still are) as follows:
All devices on the network can access all data sent over the network. That’s why the network cable itself is considered to be shared media.
Every device on the network has a unique identifier called a MAC address. I cover MAC addresses in the preceding chapter. As a quick reminder, MAC addresses are 48 bits long and are written as six octets separated by hyphens. For example, 21-76-3D-7A-F6-1E is a valid MAC address.
A data packet includes the MAC address of the packet’s intended recipient, as well as the MAC address of the sender.
Every device on the network receives every packet that is sent on the network and examines the destination MAC address to determine whether the packet is intended for it. If so, the device says, “Mine!” and stores the packet to be processed by other protocols higher up the food chain (that is, at higher levels in the OSI Reference Model). If the destination MAC address doesn’t match the device’s, the device says “Hmph!” and simply ignores the packet.All the devices on the network do this examination, keeping only the packets that belong to them and ignoring all the others.
If the destination MAC address is all ones (represented as FF-FF-FF-FF-FF-FF), the packet is called a broadcast packet. When a broadcast packet is sent, every device on the network looks at the destination MAC address, sees that the packet is a broadcast packet, and says, “Mine!” Broadcast packets are received by every device on the network.
Every once in a while, two devices try to send a packet at the exact same time. When that happens, both packets are garbled. The result is called a collision. When collisions happen, both senders wait for a brief amount of randomly generated time and then try again. The collision probably won’t happen again. But if it does, the senders wait and try again later.
So, that’s a recap of the basic operation of the Ethernet networking system. Because it was a great system when it was invented, it quickly replaced the two dominant network technologies that were popular at the time, ARCNET and token ring. But unfortunately, Ethernet had a few serious problems lurking under the surface that proved to be a problem for larger networks:
The frequency of collisions rises exponentially with the number of devices added to the network. When you get too many devices, collisions happen all the time, and devices spend way too much time resending packets, sometimes having to resend them over and over again until a collision doesn’t happen. This results in the network becoming much slower as it grows larger.
The frequency of broadcast packets can quickly increase as more devices are added to the network, further adding to the performance problem and the likelihood of collisions.
Security is difficult to enforce, because every device on the network must examine every packet that comes its way. Even though devices are supposed to ignore packets that aren’t meant for them, there is no way to ensure that they do so.
Switches to the rescue!
A switch is essentially an intelligent hub that has the ability to actually look at the contents of the packets it processes and make intelligent decisions about what to do with them. A hub is a layer-1 device, which means that it can do nothing but receive and amplify electrical signals. In contrast, switches are layer-2 devices, which means they can actually inspect the layer-2 packets and act intelligently based on the content of each packet.
A switch examines the destination MAC address of every packet it receives and forwards the packet only to the port that leads to the packet’s intended destination. Thus, packets aren’t repeated on ports that don’t contain the packets’ destination.
Figure 3-2 shows the same simple network that was shown in Figure 3-1, but this time with a switch instead of a hub. As you can see, the switch is smart enough to know that the data sent by Computer 1 is intended for Computer 3. So it sends the data only to Computer 3; the switch leaves Computer 2 and Computer 3 alone so they can concentrate on other work.
FIGURE 3-2: Unlike a hub, a switch knows where to send its data.
In order to accomplish intelligent forwarding, a switch must know what devices are connected to each of its ports. In the next section, you see how a switch learns what devices are connected to each of its ports.
Learning
For a switch to do its job, it needs to know what devices are connected to each of its ports. More specifically, the switch needs to know what MAC addresses are reachable via each of its ports. It does this in an ingeniously simple way: It simply learns. Whenever a packet is received on any of the switch’s ports, the switch examines the sending MAC address in the packet. The switch rightly assumes that if it received a packet from a given MAC address on a given port, the switch can reach that MAC address via that port. For example, if a switch receives a packet from Computer C on port 3, the switch has learned that Computer C is reachable on port 3. The switch adds this