The three-layer switch you know works like this

Why do we say that the Layer 3 forwarding performance of a Layer 3 switch is much more efficient than that of a router? Sometimes in many books it is mentioned that the software of current routers is also very powerful and can almost achieve the ability of speed-limited forwarding; but can software be compared with hardware? It is unlikely; the reason why the switch forwards quickly is that the switch uses a dedicated ASIC hardware forwarding card, while the router is software-based forwarding.

We are used to saying that in a Layer 2 network environment, the same VLANs can communicate, but different VLANs cannot communicate. If you want to communicate, you must use Layer 3 devices. So what a Layer 3 switch must do is routing and forwarding, but what is the specific working principle?

[[210276]]

First of all, what will the three-layer switch do in the same subnet and different subnet environments, and what are the differences?

As shown in the figure above, in the Layer 2 environment, A and B communicate with each other. A sends a data packet with the destination MAC address of B. When it is sent to the switch, the switch forwards it based on the destination MAC address, and then starts to check its own MAC table entries to find the corresponding exit. In the whole process, only the MAC address is looked up, and no changes are made to the data frame. I will only give a brief and simple description of Layer 2 frame forwarding, after all, the focus is not here.

In a Layer 3 environment, A and C communicate with each other. A sends a data packet. The destination MAC address should be the gateway MAC address, which is the switch MAC address SMAC. Let me insert a small episode here. Someone once asked me how a switch determines whether to forward at Layer 3. My answer at that time was to see if the MAC address of the data packet is its own. If it is, perform Layer 3 forwarding. Others said that the answer was correct; but when I came back to study this issue, I found that my answer was not rigorous. Why? When a switch receives a data packet with a Layer 2 destination MAC address of its own, what should it do at this time?

Let me tell you a little story. I saw a short video on WeChat a few days ago. It was about a university classroom where two boys liked the class beauty sitting behind them so much that they kept looking at her. Suddenly, the girl stood up and prepared to leave. When she passed by them, she handed a rolled-up note to the boy sitting next to her. Physically, the girl handed the note to the boy. What would the boy do next? Would he open the note to see what was written inside? When the Layer 3 switch receives the destination MAC address as its own, it also needs to decapsulate it to the upper layer and check the Layer 3 destination IP address. Then what?

?At that time, the boy took the note very happily, and then opened it. It said "Please pass the note to the next person" on it. Haha, the three-layer switch is also like this. When it sees that the destination IP address is not its own, it performs forwarding at the routing level. So when the switch executes the three-layer forwarding, it is to check whether the IP address is its own while the destination MAC is its own. If it is its own, there is no need to forward it.

When the switch determines that the destination IP is not its own, does it necessarily check the routing table? No, this is the key to the switch. The switch will not check the routing table, the ARP table, or the MAC address table at this time; what table will the switch check?

The switch will now check the hardware forwarding table integrated in the ASIC hardware forwarding card. What does this hardware forwarding table contain?

• When a *** comes, it is found that there is no entry in the hardware forwarding table, so the data packet must be handed over to the routing process for processing. Once it is handed over to the CPU for processing, it will inevitably consume CPU resources. At this time, the routing table will be checked, and then it will be found that this IP address is directly connected to itself. At this time, check the arp to find out the mac address corresponding to this address, and then it can be forwarded.
• In the process of deciding to forward, the switch will do at least three things: first, modify the TTL value of the IP packet header; second, modify the original MAC address to the MAC address of its own outgoing interface; third, establish the switch hardware forwarding table, including the destination IP address, the MAC address corresponding to the destination IP address (next hop), the VLAN corresponding to the MAC address, and the corresponding port (each manufacturer has its own understanding of this)
• In this way, when a packet comes, the switch will check the hardware forwarding table and forward it directly without querying the routing table, which is the principle of one-time routing and multiple switches of the switch.

Each manufacturer has a different definition in this area, but the principle is the same. Cisco uses the CEF table, and now the router has also integrated software-based CEF, which contains three tables, including the FIB table, the adjacency table (hardware forwarding table) and the netflow table.