Programmers learn network hubs and switches

From the perspective of network implementation, networks can be divided into Ethernet, Token Ring, FDDI, and ATM. They all specify their own physical media, network adapters (network cards), and data transmission protocols. From the perspective of network coverage, networks can be divided into local area networks, metropolitan area networks, and wide area networks. However, this only means that the coverage of the network has become larger, not that the implementation of the network has changed. Taking the current network as an example, whether it is a local area network, a wide area network, or the entire Internet, it is basically Ethernet.

Network Card

A network adapter is a network card, which is a hardware device plugged into (or integrated into) a computer motherboard. In Ethernet, each network card has a globally unique 48-bit identifier, which is what we often call a "MAC address" (usually represented by a group of hexadecimal bytes, such as: 0a:00:27:00:00:06). When computers communicate, the network card is responsible for implementing the carrier sense multiple access technology with collision detection (CSMA/CD). The network card belongs to the physical layer and data link layer in the OSI reference model. The part above the network layer is implemented by the protocol stack in the operating system, so the TCP/IP protocol stack actually only includes the network layer (IP) and the transport layer (TCP, UDP).

Hub

If only two computers are communicating, then the network cards of the two computers can be connected through a network transmission medium (such as twisted pair), and the network layer information (IP address) can be configured in the operating system. If three or more computers are communicating, some additional devices must be used, and a hub is one of them. A hub is also called a Hub. It is essentially a multi-port network card. In order to understand its working principle, a network topology is built through GNS3:

There are three terminals in the topology above. The experiment we want to do is to see whether the data packet can be received on the link Hub1->PC3 when PC1 and PC2 are communicating. First, configure the IP addresses of PC1, PC2, and PC3.

Then enable packet capture between Hub1 and PC3, and ping PC2 through PC1.

Ping generates two types of data packets: ARP packets are broadcast packets (destination address is ff:ff:ff:ff:ff:ff:ff) and can only be received by terminals in the broadcast domain; ICMP packets are unicast packets (with a clear destination address) and can only be received by terminals in the collision domain. The machines connected by the hub belong to the same broadcast domain and the same collision domain, so no matter what kind of data packet it is, every node in the network will receive it (even if the data packet has nothing to do with itself).

The hub has a physical link with each terminal. When PC1 sends data to PC2, it first reaches the hub, and the hub sends the data out from each of its ports. So even if this communication has nothing to do with PC3, the link between Hub1 and PC3 is still occupied. If PC3 also has a data packet to send at this time, a conflict will occur (remember the principle of Ethernet? There will be "collisions" in the shared medium), and this conflict is very "innocent" for PC3 (the communication between PC1 and PC2 has nothing to do with PC3 at all).

switch

Some switches look very similar to hubs, but there are essential differences between the two. Switches have certain strategies when forwarding data, and they forward data based on the MAC address table.

Enable packet capture between the Switch and PC3, enable packet capture between the Switch and PC2, and then ping PC2 from PC1 (Wireshark will capture the STP data packets on the switch, which are data packets generated by the switch and can be ignored).

 SW1<->PC3  
 SW1<->PC2

The switch is very "intelligent". It "knows" that the communication between PC1 and PC2 does not involve PC3, so only broadcast packets are forwarded to PC3, and subsequent unicast packets are sent directly to the port where PC2 is located. Different from the hub, it divides the collision domain, and divides a large collision domain into 3 small collision domains (Swtich and PC1, Switch and PC2, Switch and PC3). When each collision domain communicates, it will not affect the terminal of another collision domain (the data packet between Switch and PC1 cannot be received on PC2 and PC3); and the broadcast domain has not changed. The three terminals still belong to the same broadcast domain. The working principle of the switch is revealed by describing the communication process between PC1 and PC2:

• PC1 searches the local ARP table for the corresponding MAC address based on PC2's IP address;
• If PC1 does not find the MAC address, it sends a broadcast packet;
• The broadcast packet reaches the switch, and the switch puts PC1's Mac address and the corresponding port into the MAC address table;

[[202782]]

The switch determines that it is a broadcast packet, and initiates a flood (sending it from all ports in the same VLAN as PC1);

• The broadcast data packet is sent to PC2 and PC3 respectively. PC3 finds that it has nothing to do with itself and discards it directly; PC2 finds that the data packet is sent to itself and receives the data packet. If it further determines that it is an ARP data packet, it returns an ARP reply. The ARP reply of PC2 is a unicast data packet, the destination address is the MAC address of PC1, and the source address is the MAC address of PC2.
• PC2's ARP reply packet reaches the switch, and the switch puts PC2's MAC address into the MAC address table;

• The switch finds that it is a unicast packet, and the destination address is "00:50:79:66:68:01". The corresponding port is E0/1. Then the data packet is sent out from E0/1;
• PC1 receives the ARP reply packet from PC2 and writes PC2's MAC address into the **local ARP table**;
• PC1 sends an ICMP packet and queries the MAC address based on the IP address; it finds that the MAC address of PC2 is "00:50:79:66:68:02". It sends a unicast packet with the destination address being "00:50:79:66:68:02";
• The unicast data packet reaches the switch, and the switch determines that "00:50:79:66:68:02" is on port E0/2, so it sends it out from port E0/2;
• PC2 receives the ICMP packet and generates an ICMP reply packet and sends it out;
• The ICMP reply packet reaches the switch, and the switch determines that the destination address is "00:50:79:66:68:01" (PC1) and sends it out from E0/1;
• PC1 receives the ICMP reply packet and displays a prompt "84 bytes from 192.168.10.12 icmp_seq=1 ttl=64 time=0.649 ms";

Through analysis, we can see that the most important content in the switch is the MAC address table, which is the basis for the switch to forward data packets. With this table, the switch can know which port the data packet should go out from, instead of sending it out from all ports like the Hub. Through analysis, it is not difficult to see that compared with the Hub, the most important content in the switch is the MAC address table, which is the basis for the switch to forward data packets. With this table, the switch can know which port the data packet should go out from, instead of sending it out from all ports like the Hub. Enter show mac address-table in the CLI interface of the switch to view the MAC address table of this switch.

In order to increase the reading speed, the switch will store the MAC address table on a special storage hardware called CAM (Content Addressable Memory). This storage is different from common memory. Its addressing method is based on "content" (memory is based on address). Therefore, the manufacturing process is much more complicated and the price is much more expensive. The capacity of general switches is not particularly large. This "weakness" of the switch has led to an "unsolvable" attack method - by sending a large amount of ARP information to the switch to fill up the CAM, making the switch unable to work normally.

Virtual Local Area Network

The switch divides the collision domain of Ethernet into multiple collision domains, which improves the utilization rate of the line, but everyone is still in the same broadcast domain. This network structure is an early network structure. It has only one broadcast domain. When any terminal in the network sends a broadcast data packet, other nodes can receive it, hence the name flat network. This network structure will cause the following problems: 1. Security issues. Everyone is in the same broadcast domain. If anyone is infected with a virus, it will affect everyone; what's more, if someone illegally accesses the network, it can easily monitor all the data packets in the network; 2. Bandwidth utilization issues. Anyone in the network may consume a lot of bandwidth, and others may be affected by this - or even unable to use the network normally; 3. Broadcast storms. Imagine that hundreds of terminals are connected to the network, and various broadcast data packets (ARP, DHCP, etc.) will flood the entire network; Splitting a large LAN (broadcast domain) into multiple small LANs is not only safe and easy to manage, but also can balance resource utilization and improve line utilization. So how to split it? The division method is still reflected in the switch. We set a digital identifier for each switch port, and ports with the same digital identifier belong to the same broadcast domain. For example, in the following figure, switches E0/1, E0/2, E0/4, and E0/7 have the same ID 100; E0/3 and E0/6 have the same ID 300 (the following figure is a schematic diagram of the switch)

This technology is called Virtual Local Area Network (VLAN). A VLAN represents a broadcast domain (BD). Each switch port can be set with a VLAN ID to identify the broadcast domain. The switch executes broadcast data packets within the same VLAN ID, which is called flooding.

Enter show vlan in the CLI interface of the switch to view all VLANs (or broadcast domains, BDs, and networks in systems such as OpenStack) of this switch.

The first column VLAN indicates the VLAN ID, which is a number, name is a comment name, and ports indicates which ports currently belong to this VLAN.

Let's do an experiment and put PC1 and PC2 into VLAN 100, and put PC3 into VLAN 200.

At this time, pinging PC2 through PC1 is normal, but pinging PC3 through PC1 fails.

By capturing packets between SW1<->PC3, we found that the ARP packets did not reach this link at all, indicating that SW1 has recognized that they belong to different VLANs (broadcast domains) and will not forward the packets to this link.

To prove that switch forwarding is only related to the MAC address, we change the IP address of PC3 to 192.168.10.10

It is found that PC1<->PC2 can still communicate normally, proving that the switch only checks the MAC address of the data packet and completely ignores the IP address.

So how to achieve communication between different VLANs? This requires another network device - a router. This is a very complex topic, and it can be said that it is the foundation of building the Internet, so we need to spend a separate chapter to explain it.