An Ethernet switch is a "bridge" device. Traditional bridges work like this. At first they receive Ethernet frames and then send them to all the other ports except the receiving ports. The ethernet switch is capable of allowing a twisted pair connection. It gradually learns which port is connected to which MAC address. At this time, the bridge becomes a learning device that can store all the MAC address tables seen on a port. When a frame needs to be sent, the bridge will view the target MAC address in the bridge table and know which port should be used to send the frame. This ability to send data only to the correct host is a huge improvement in exchange technology, as this may significantly reduce communication conflicts. If there is no target MAC address in the bridge table, the switch simply sends data to all ports. This is the first way to discover where the host is located. Therefore, as you can see, sending data to all ports is an important principle in the exchange technology. This principle is also necessary in routing.
Important Words related to Layer 2 include:
Unicast segmentation: the bridge can limit which hosts can receive Unicast frames (only frames sent to one MAC address ). The Hub simply sends all data to all ports. Therefore, unicast segments can save a lot of bandwidth.
Collision Domain: a conflicting Domain is a network segment that can conflict with each other. Because the switch uses pass-through transmission technology and the NIC uses duplex technology, conflicts no longer occur. If you see a conflict on a port, it means someone accidentally uses a half-duplex device or has encountered another fault.
Broadcast domain: the CIDR Block for sending and receiving broadcast frames.
Several years later, the old storage and transmission methods used by the bridge have changed. The new switch only checks the target MAC address of the frame and sends the frame immediately. This technology is called "direct transmission", which allows frames to pass through the switch faster, because this method rarely processes frames. This method also implies an important thing: a switch no longer checks CRC (cyclic redundancy check) to check whether the data packets are damaged. This also implies that there is no possibility of conflict.
In addition, we have introduced the virtual LAN technology to solve the problem of broadcast network segments. If you cannot send broadcast frames to another machine, those machines are not in your local network. You need to send all the packets to a vro and then the vro sends the packets. In fact, this is what Virtual LAN does: Virtual LAN divides the network into more subnets.
You can set a virtual LAN on a vswitch and assign a port to a virtual LAN. If host A is A virtual LAN 1, this host cannot communicate with anyone in Virtual LAN 2, just as they live in A device with no network connection. However, you must note that this is only virtual. If the MAC address tablespace of the switch has been filled with data, you cannot maintain the MAC address table, to continue the communication, the switch forwards all received data to all ports. Many people regard VLAN as a good security measure. In fact, any half-hanging hacker can quickly overcome the VLAN restrictions of a switch by using a suitable tool. In fact, when the MAC address table overflows, The vswitch becomes a simple HUB.
As we already know, if you cannot use ARP to obtain the target MAC address, you must use a router. Does this mean that you must physically connect to a vro between each VLAN? No, because we now have a layer-3 Switch! Suppose you want to configure 48 ports for a vswitch. The vswitch has two virtual LAN. The virtual LAN 1 uses Ports 1 to 24, and the virtual LAN 2 uses ports 25 to 48. You have three options to connect these two vpcs. First, use a vro to connect to one of the two vpcs, and configure the correct default route for the host in the VLAN. The second method is that you can also create a virtual interfaces in each virtual LAN ). For Cisco devices, such vro interfaces may be called "vlan1" and "vlan2 ". They have their own IP addresses, and the host in the VLAN uses these vro interfaces as their own vrouters.
The third method brings us back to the final topic outlined at Layer 2. If you have multiple switches that require the same virtual LAN, you can connect them through port aggregation (trunk. In this way, VLAN 1 in vswitch A is exactly the same as VLAN 1 in vswitch B. This is done using the 802.1q standard. 802.1q is the identifier of a virtual LAN for packets that leave the first vswitch. Cisco calls the links between these switches "trunk ports". You can have the maximum number of Virtual LAN allowed by the switch (currently, most hardware supports 4096 Virtual LAN ). Therefore, the third (and last) method for establishing a connection between virtual LAN networks is to connect a router in trunk mode and create a virtual router interface for each virtual LAN. A host on Vlan 1 (both on vswitch A and vswitch B) can access this vro interface (this interface can be on another device ), because they are all connected together and share a broadcast domain. For more information about trunk and 802.1q, see this article.
Here we do not adopt the standard teaching mode "this is a layer-2 protocol, remember Ethernet data headers. To become a real expert, you must know this knowledge. However, to become a useful operator, simply know how Layer 2 works. Next we will introduce the most interesting protocol Spanning Tree Protocol in the network field.
Summary:
● Bridges (also known as switches) store MAC address tables for unicast CIDR blocks. That is to say, they only send unicast data to the host that needs this data.
● The Virtual LAN does not provide reliable security.
● A layer-3 switch can provide multiple virtual LAN through trunk and provide routes for these virtual LAN. This can be achieved on the same line.
Article entry: csh responsible editor: csh
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
