Exchange Technology Overview

Exchange Technology can economically divide networks into small conflicting domains to provide higher bandwidth for each workstation. Once you have this technology, your work and efficiency will be greatly improved.

Spanning Tree Protocol (STP) can prevent loops in redundant switching environments. If the network has a loop, it will become congested, resulting in a broadcast storm, resulting in inconsistent MAC tables, and eventually cause the network to crash. All the exchange technologies using STP share information through the Bridge Protocol Data Unit (BPDU), which is sent every two seconds.

When the exchange technology sends BPDU, it contains the Net Bridge ID, which combines the configurable priority (default value: 32768) with the basic MAC address of the switch. A vswitch can send and receive these BPDU to determine which vswitch has the lowest bridge ID, and the vswitch with the lowest bridge ID becomes the root bridge ).

The root bridge is like a community grocery store in a town. Every town needs a grocery store, and every citizen needs to determine the best way to reach the grocery store. A route that is longer than the optimal route is not used unless the main channel is blocked.

The root bridge works in a similar way. Each Other switch determines the optimal route for returning the root bridge based on the cost, which is based on the value allocated for the bandwidth. If any other route finds that the bypass mode does not form a loop (for example, if a problem occurs on the main route), it is set to the blocking mode.

Malicious hackers use STP to launch DoS attacks. If a malicious hacker connects a computer to more than one switch and sends a specially designed BPDU with a low bridge ID, the hacker can fool the switch to think it is the root bridge, this will cause STP to reconverge and cause the loop and network crash.

The MAC table flood attack switching technology works by recording the MAC source address when the frame enters the switch. This MAC address is related to the port on which the frame enters, therefore, the information flow to the MAC address will be sent only through this port. This improves the bandwidth utilization.

Because the information flow does not need to be sent from all ports, but only from the ports to be received. The MAC address is stored in the content addressable memory (CAM). CAM is a kb reserved memory dedicated to storing MAC addresses for fast query. If a malicious hacker sends a large number of data packets to the CAM, the switch will start to send a large number of information streams to various places, thus laying a hidden danger and even causing the switch to crash in a Denial-of-Service attack.

ARP (AddressResolutionProtocol) Spoofing is a common method used in session hijacking attacks. The Address Resolution Protocol (ARP) uses layer-7 physical MAC addresses to map layer-7 logical IP addresses. If the device knows the IP address but does not know the MAC address of the requested host, it sends an ARP request.

ARP requests are usually sent in the form of broadcasts so that all hosts can receive them. Malicious hackers can send spoofed ARP replies to obtain information flows sent to another host. Suppose Jimmy is also on the Internet, and he tries to obtain the information stream sent to this legal user. Jimmy spoofs ARP response.

If you claim that you are the host of the IP address 10.0.0.55 (the MAC address is 05-1C-32-00-A1-99), the legal user will also respond with the same MAC address. The result is that the vswitch has two ports related to the MAC table address on the MAC surface, and all frames sent to the MAC address are sent to the legitimate user and hacker Jimmy at the same time.

"Exchange Technology" is a buzzword derived from the English "Switch". The original intention is "Switch". When the Chinese technical community introduces this word, it is translated as "Exchange ". In English, the verb "Exchange" and the term "Switch" are the same word. Note that the "Exchange" here refers to the signal exchange in telecommunications technology, which is not the same as the exchange of goods ).

In 1993, LAN switching equipment emerged. In 1994, the exchange network technology boom began in China. In fact, the exchange technology is a simplified, low-cost, high-performance, and high-port intensive exchange product, reflecting the second-layer operations of the complex exchange technology in the OSI reference model.

Like the bridge adapter, the switch simply decides to forward information based on the MAC address in each package. This type of forwarding decision generally does not consider the deeper information hidden in the package. The difference with the bridge adapter is that the forwarding delay of the switch is very small, and the operation is similar to the performance of a single LAN, far exceeding the forwarding performance between common Bridging networks.

The exchange technology allows the shared and dedicated LAN segments to adjust the bandwidth to reduce the bottleneck of information flow between the LAN. Now there are Ethernet, fast Ethernet, FDDI and ATM exchange products. Similar to traditional bridges, vswitches provide many network interconnection functions.

Exchange Technology can economically divide networks into small conflicting domains to provide higher bandwidth for each workstation. Protocol transparency allows the switch to be directly installed in a multi-protocol network with simple software configuration. The switch uses the NIC of the existing cable, repeater, hub, and workstation, you do not need to perform high-level hardware upgrades. vswitches are transparent to workstations. This reduces management costs and simplifies the operations of adding, moving, and changing network nodes.

1. Summarize core switch categories
2. Learn how LAN switches solve Network Security Problems
3. Study on the target Switch
4. PythonAndroid what is the biggest difference between a wired switch and a router
5. Describe the relationship between managed switches and non-managed Switches