Layer 2 and Layer 3 forwarding

What is the second-layer forwarding mechanism? Learning thread and message forwarding thread.Layer 2 only depends on the MAC addressIP-independent

So the IP-MAC binding on the second layer is invalid.

 

The forwarding mechanism of a layer-3 Ethernet switch is divided into two parts:

Layer-2 forwarding and layer-3 switching.
　　
First, let's talk about the second-layer forwarding process.
　　
1. Introduction to MAC addresses
The MAC address is a 48-bit binary address, for example, 00-e0-fc-00-00-06.
It can be divided into unicast addresses, multicast addresses, and broadcast addresses.
　　
Unicast address: the first byte percentile is 0, for example, 00-e0-fc-00-00-06
　　
Multicast address: the first byte of the Delimiter is 1, for example, 01-e0-fc-00-00-06
　　
Broadcast address: 48-bit full 1, for example, FF-FF
　　
Note:
1) the MAC address of the NIC or router interface of a common device must be a unicast MAC address to ensure its intercommunication with other devices.
　　
2) the MAC address is the basis for an Ethernet device to run on the network and is also the basis for implementing link layer functions.
----------------------------------------------------------------------------------

2. Introduction to layer-2 forwarding
The forwarding feature of the Layer 2 switch conforms to the 802.1d bridge protocol standard.
　　
The second-layer forwarding of a vswitch involves two key threads: The address learning thread and the message forwarding thread.
　　
The Learning thread is as follows:
1) The switch receives all data frames in the network segment and uses the source MAC address in the received data frame to create a MAC address table;
　　
2) Port Movement Mechanism: If the switch finds that the inbound port of a packet is different from the port of the source MAC address in the packet, the port is moved and the MAC address is re-learned to the new port;
　　
3) Address Aging Mechanism: If the switch does not receive a message from a host for a long time, the MAC address corresponding to the host will be deleted, when the next message comes, you will learn it again.
　　
Note: Aging is also based onSource MAC addressAging.
　　
Message forwarding thread:
1) The switch searches for the target MAC address in the data frame in the MAC address table. If it finds the target MAC address, it sends the data frame to the corresponding port. If it cannot find the target MAC address, it sends the data frame to all ports;
　　
2) If the source MAC address and destination MAC address of the packet received by the switch are the same, the packet is discarded;
　　
3) The switch forwards broadcast packets to all ports other than the inbound port.
　　
3. Introduction to L2 VLAN forwarding
Message forwarding thread:
The introduction of VLAN has the following impact on the packet forwarding thread of the L2 Switch:
　　
1) The vswitch searches for the target MAC address in the data frame in the MAC address table. If the destination MAC address is found (ensure that the incoming and outgoing VLANs of the packets are consistent ), send the data frame to the corresponding port. If the data frame cannot be found, it will be sent to all ports in the (VLAN;
　　
2) If the source MAC address and destination MAC address of the packet received by the switch are the same, the packet is discarded;
　　
3) The switch forwards broadcast packets to all ports other than the inbound ports.
　　
The introduction of VLAN on an Ethernet switch brings the following benefits:
　　
1) limits local network traffic, which can improve the processing capability of the entire network to a certain extent.
　　
2) virtual working groups divide different users into working groups through flexible VLAN settings;
　　
3) Security. Users in one VLAN and other VLANs cannot access each other, improving security.
　　
In addition, there are two common concepts of VLAN termination and passthrough, which can be understood literally. The so-called VLAN passthrough means that a VLAN is not only valid on a switch, but also extended to another Ethernet switch in some way, which is still valid on other devices, the valid domain of a VLAN cannot be extended to another device, or it cannot be extended to another device through a link.
　　
802.1Q technology can be used for VLAN passthrough, and pvlan technology can be used for VLAN termination.
　　
The 802.1Q protocol is the technical standard of VLAN. It mainly modifies the standard frame header and adds a tag field, which contains VLAN information such as vlan id, if you are interested, you can refer to the relevant standards and materials.
　　
Note: When forwarding packets through the trunk port, if the VLAN tag of the packet is equal to the default vlan id configured on the port, the tag of the packet should be removed, after receiving the packet without tag information, the peer obtains the VLAN information of the packet from the PVID of the port, therefore, you must ensure that the PVID settings at both ends of a trunk link between the two switches are the same.
　　
Why tag?
This is done to ensure normal communication after a common user is inserted into the trunk, because the common user cannot identify packets with 802.1Q VLAN information.
　　
The 802.1Q technology can be used to implement VLAN passthrough, but sometimes the VLAN needs to be terminated, that is, where the VLAN boundary is terminated. The pvlan technology can implement this function well, at the same time, it achieves the goal of saving VLAN. The pvlan of Cisco means private VLAN, while the pvlan means primary VLAN.
　　
There are two types of VLANs: Primary VLAN and secondary VLAN ).
　　
The layer-2 packets are isolated and the packets sent by the upper-layer switch can be received by each user. This simplifies the configuration and saves VLAN resources. The specific implementation will not be discussed here. If you are interested, you can provide relevant information.
　　
Next we will talk about the three-tier exchange process.
　　
VLAN segmentation is used to isolate inter-VLAN communication, and VLAN-based routers (L3 devices) can be used to establish inter-VLAN communication. However, the use of routers to connect different VLANs in the enterprise campus network is obviously not the trend of the times. Because we can use layer-3 switching.
　　
Difference 1 (performance): Traditional routers rely on software to forward packets based on the microprocessor, while layer-3 switches use ASIC hardware to forward packets, which has a great performance difference;
　　
Difference 2 (interface type): the interfaces of layer-3 switches are basically Ethernet interfaces, and there are no vro interface types. Difference 3: layer-3 switches can also work in layer-2 mode, vro does not have a layer-2 function.
　　
First, let's take a look at the device interconnection process:

The vswitch is divided into two VLANs, and the routing interface is configured on vlan1 and VLAN 2 to achieve interconnection between vlan1 and VLAN 2.
　　
Communication between A and B (take Ping request from A to B as an example ):
　　
1) A checks the destination IP address of the packet and finds that it is in the same network segment as itself;
　　
2) A ----> B ARP request message, which is broadcast in vlan1;
　　
3) B ----> A ARP response packet;
　　
4) A ----> B ICMP request;
　　
5) B ----> A ICMP reply;
　　
Communication between A and C (take Ping request from A to C as an example ):
1) A checks the destination IP address of the packet and finds that it is not in the same network segment as itself;
　　
2) A ----> switch (int vlan 1) ARP request packet, which is broadcast in vlan1;
　　
3) gateway ----> a arp response packet;
　　
4) A ----> switch ICMP request (the destination MAC is the MAC of int VLAN 1, the source MAC is the MAC of A, the destination IP is C, and the source IP is );
　　
5) After receiving the packet, the switch determines that the packet is a layer-3 packet. Check the destination IP address of the packet and find that the packet is in its direct connection network segment;
　　
6) Switch (int vlan 2) ----> c arp request packet, which is broadcast in vlan2;
　　
7) C ---> switch (int vlan 2) ARP response packet;
　　
8) Switch (int vlan 2) ----> c icmp request (the destination MAC is the MAC of C, the source MAC is the MAC of int VLAN 2, the destination IP is C, and the source IP is) compared with step 4), the MAC header of the message is re-encapsulated, while the fields above the IP layer are basically unchanged;
　　
9) C ----> a icmp reply. The later processing process is basically the same as that of the previous ICMP request.
　　
In the above steps, if the ARP table already has corresponding table items, no arp request packets will be sent to the other party.
　　
How can we differentiate data streams on the second and third layers?
The 3526 product is a layer-3 Ethernet switch, which includes both layer-2 Processing and layer-3 processing.
　　
Differences between the basic model of layer-2 and layer-3 forwarding:

 

:
　　
A layer-3 switch is divided into two VLANs. The communication between A and B is completed in one VLAN, and the communication between A and C needs to span VLANs, it is a layer-3 data stream.
　　
The above mentioned is a macro method. From a micro perspective, after a packet enters from the port, how does the swtich device distinguish two-layer packets or three-layer packets?
　　
Because the packets from A to B are in the same VLAN, the destination MAC address of the packet will be the MAC address of host B, and the packets from A to C must span the VLAN, the destination MAC address of the packet is the MAC address on vlan1.
　　
Therefore, the switch's standard for distinguishing two or three layers of packets is to check whether the destination MAC address of the packet is equal to the MAC address on the vswitch Virtual Interface.
　　
Taking the Huawei 3coms3526 switch as an example, the three-tier switch consists of the following three parts:
　　
1) platform software protocol stack
　　
Key functions in this section include:
　　
Run the routing protocol and maintain the routing information table;