» »Unlabelled » Fundamental of Switching - MAC Address Table & Content-Addressable Memory (CAM)



cisco-catalyst-2950-switchAn Ethernet switch (or switch) is a device that connects several segments ( cable or physical link) of a network. This is a level 2 device (OSI model data link layer), which means that it does not just propagate a signal like the HUB, but instead That it interprets this signal and uses the information contained in the header of the Ethernet frame to make its decisions.


 
The main decision that a switch must take is "filter or forward" a frame. In short, the switch analyzes the destination MAC address contained in the header of the Ethernet frame and must choose by which port (s) (or interface) it must transmit it. To do this, it consults its MAC address table in search of an entry corresponding to the destination MAC address concerned and where an output interface is entered.
 
However, before making this decision, the switch must first know the interface to which the machine is connected for the given MAC address. To do this, it analyzes the source MAC address of the frames it receives. For each incoming frame on one of its interfaces, the switch analyzes the source MAC address. If this is not yet known, it associates it with the interface by which the frame is entered. If it is already known and associated with the same interface, the information is refreshed. Finally, if the MAC address is already known but associated with another interface, the switch creates a new entry and deletes the old one.
 
It remains to be seen what a switch does when it does not know the destination MAC address. The answer is simple: when the destination MAC address is not present in its MAC address table, the switch will propagate the frame through all interfaces except the one from which it originates, which is usually called "Unicast flooding".
 
Two other cases remain to be determined: the broadcast (or broadcast) frames and the multicast (or multicast) frames. These frames have the particularity of having a special destination MAC address, which no machine can have. These particular MAC addresses (FFFF.FFFF.FFFF for the broadcast, 0001.5Exx.xxxx for the IPV4 multicast and 3333.xxxx.xxxx for the IPv6 multicast) will by default all be treated in the same way; The switch will propagate the frame through all interfaces except the one from which it originated.
 
Note: Some switches are able to intelligently process multicast frames with features such as the Cisco Group Management Protocol (CGMP) or IGMP Snooping, but this is outside the scope of the switch's basic operation.
 
Apart from analyzing MAC addresses, the switch also has the task, like any machine capable of analyzing the content of the Ethernet frame, to check the integrity of the Ethernet frame. To do this, the Ethernet frame is equipped with a specific field, the FCS (Frame Check Sequence). This is a numeric value calculated on the basis of the header and the content of the frame, so that a frame that has the least bit of different has a different FCS.
 
At the arrival of the frame, the switch calculates the value of the FCS and compares it to that provided at the end of the frame. If both values ​​match, the frame is considered integral and can therefore be processed. On the other hand, if the switch calculates a value different from the FCS, the frame is considered as altered and is simply destroyed, neither more nor less. There is no such mechanism for correcting or retrieving errors ... this is among other things the role of the Transport layer.

Let's put it in order:
  1. The switch receives an Ethernet frame
  2. It verifies the validity of this one thanks to the FCS contained at the end of the frame, if it is valid one passes to n ° 3, otherwise it destroys it.
  3. The switch analyzes the source MAC address of the frame.
    1. If it is not present in its MAC address table it adds a new entry by associating it with the interface by which it is entered (as well as the associated vlan) and assigns it a lifetime (300 seconds By default on a Cisco switch).
    2. If it is present and associated with the same interface, the switch refreshes the lifetime.
    3. If it is present but associated with another interface, the switch creates a new entry as if it were a new MAC address and then deletes the old entry.
  4. The switch analyzes the destination MAC address.
    1. If the MAC address exists in the MAC address table and associated with an interface in the same vlan as that of the input, the switch propagates the frame only through this interface.
    2. If the MAC address is not present in the MAC address table, the switch propagates the frame through all interfaces of the same vlan except the one from which it originates.
    3. If the MAC address is either the broadcast address or a multicast address, the switch propagates the frame through all the interfaces of the same vlan except the one from which it originates.

Advantages of the switch:

A switch with a complete MAC address table will only send frames to the machine concerned, which in addition to avoiding occupying part of the network for nothing, avoids that any machine receives (HUB for example, which propagates a clean and strong signal by all its ports except the one from which it comes).
Another important fact is that the switch makes it possible to create a micro-segmentation of the network. That is to reduce the areas of collisions to their bare minimum. If (and only if) at each interface of a switch is connected one and only one other device (except a HUB that behaves like a power strip in some way) then the collision domain of each interface has only two Machines (the switch and the one to which it is connected). The transmission and reception are no longer shared. There is no longer any possible collision. The switch and the other machine can then dialog in Full-Duplex (send and receive simultaneously). Reducing the risk of collision (and therefore retransmission etc) and potentially doubling the bandwidth (eg 100Mbits / s in transmission + 100Mbps in reception).

But that's not all…

In order for the switch to perform its tasks without impacting on network performance (mainly latency), the switch has specialized and dedicated electronic circuits (ASICs) enabling it to process a multitude of information in parallel. This is in a way the same principle as the graphics card of a PC. This allows the central processing unit (CPU) to be relieved of certain tasks. The features of a graphics card are more limited but much more specialized.
Among the specialized elements of the switch, there is the "Content Addressable Memory Table" (CAM Table) which is nothing but the place where it stores the information needed to switch the frames. The logic explained above remains true. The CAM table is a specialized memory area dedicated to the storage of this information and therefore more efficient in its operation.
Roughly speaking ... displaying the contents of the MAC address table or the table CAM is the same.

A little practice:

Let's start by displaying the MAC address table of a switch to which nothing is connected ...
    

 3750-1 # show mac address-table
 Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
 All 0100.0ccc.cccc STATIC CPU
 All 0100.0ccc.cccd STATIC CPU
 All 0180.c200.0000 STATIC CPU
 All 0180.c200.0001 STATIC CPU
 All 0180.c200.0002 STATIC CPU
 All 0180.c200.0003 STATIC CPU
 All 0180.c200.0004 STATIC CPU
 All 0180.c200.0005 STATIC CPU
 All 0180.c200.0006 STATIC CPU
 All 0180.c200.0007 STATIC CPU
 All 0180.c200.0008 STATIC CPU
 All 0180.c200.0009 STATIC CPU
 All 0180.c200.000a STATIC CPU
 All 0180.c200.000b STATIC CPU
 All 0180.c200.000c STATIC CPU
 All 0180.c200.000d STATIC CPU
 All 0180.c200.000e STATIC CPU
 All 0180.c200.000f STATIC CPU
 All 0180.c200.0010 STATIC CPU
 All ffff.ffff.ffff STATIC CPU
 Total Mac Addresses for this criterion: 20
 # 3750-1 
 
Nothing connected but still 20 entries? Indeed, but all this has a logical explanation. These are the MAC addresses used by the switch for certain protocols, such as the Cisco Discovery Protocol (CDP), the Dynamic Trunking Protocol (DTP), or the Spanning-Tree (STP) protocol. So for the analysis you can omit this information, you will find them every time.
It would be better if we could only display the entries learned dynamically by the switch ...
  
  3750-1 # show mac address-table dynamic
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
 # 3750-1 
 
Here we are, except for what is "hard-coded" the switch knows no MAC address yet. Now let's connect a machine to one of the interfaces and see what happens ...
  
  # 3750-1
 * Mar 1 00: 19: 45.259:% LINK-3-UPDOWN: Interface FastEthernet1 / 0/1, changed state to up
 * LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1 / 0/1, changed state to up
 3750-1 # show mac address-table dynamic
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
 1 0015.5d01.0e08 DYNAMIC Fa1 / 0/1
 Total Mac Addresses for this criterion: 1
 # 3750-1 
 
It can be seen here that the switch has added the MAC address of the connected machine to its interface Fa1 / 0/1 as expected. And henceforth when it receives a frame addressed to 0015.5d01.0e08, it will transmit it only through the interface Fa1 / 0/1.
What happens when the machine is disconnected from the switch? (The machine is switched off or the cable is disconnected).
  
  # 3750-1
 * 1: 25: 29.520:% LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1 / 0/1, changed state to down
 * Mar 1 00: 25: 30.526:% LINK-3-UPDOWN: FastEthernet Interface1 / 0/1, changed state to down
 3750-1 # show mac address-table dynamic
           Mac Address table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
 # 3750-1 
 
The switch interface is switched from UP / UP to DOWN / DOWN (not connected), thereby removing all entries from the MAC address table associated with that interface.
What happens if the MAC address changes from one interface to another without passing down / down? This would be the case if, for example, you have a machine connected to the network using WiFi and the machine switches from one access point to another. To simulate this, I will simply insert other switches but only focus on changing the clc MAC address table that concerns us.
Initially we have for example this:
  
  3750-1 # show mac address-table dynamic
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
    1 0015.5d01.0e00 DYNAMIC Fa1 / 0/2
    1 0015.5d01.0e02 DYNAMIC Fa1 / 0/5
    1 0015.5d01.0e03 DYNAMIC Fa1 / 0/4
    1 0015.5d01.0e08 DYNAMIC Fa1 / 0/3
 Total Mac Addresses for this criterion: 4
 # 3750-1 
 
If the machine 0015.5d01.0e00 passes on another interface, here is the immediate result ...
  
  3750-1 # show mac address-table dynamic
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
    1 0015.5d01.0e00 DYNAMIC Fa1 / 0/1
    1 0015.5d01.0e02 DYNAMIC Fa1 / 0/5
    1 0015.5d01.0e03 DYNAMIC Fa1 / 0/4
    1 0015.5d01.0e08 DYNAMIC Fa1 / 0/3
 Total Mac Addresses for this criterion: 4
 # 3750-1 
 
As explained earlier, the switch has detected that a known MAC address is now associated with another interface, so it creates a new entry associated with its Fa1 / 0/2 and deletes the old one. So you cannot have the same MAC address associated with multiple interfaces. It is always the most recent entry that remains.
If this happens too frequently, this may be a symptom of a loop between the switches, then you will see a "flapping" alert message from a MAC address between several interfaces.
It is also possible to search for a MAC address in the table:
  
  3750-1 # show mac address-table address 0015.5d01.0e00
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
    1 0015.5d01.0e00 DYNAMIC Fa1 / 0/2
 Total Mac Addresses for this criterion: 1
 # 3750-1 
 
Or to display the MAC addresses associated with a given interface:
  
  3750-1 # show mac address-table interface fastEthernet 1/0/2
           Mac Address table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
    1 0015.5d01.0e00 DYNAMIC Fa1 / 0/2
    1 001b.d59e.3103 DYNAMIC Fa1 / 0/2
 Total Mac Addresses for this criterion: 2
 # 3750-1 
 
Or also to display dynamically learned MAC addresses in a given VLAN:
  
  3750-1 # show mac address-table dynamic vlan 1
 Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
 1 0015.5d01.0e00 DYNAMIC Fa1 / 0/2
 1 0015.5d01.0e02 DYNAMIC Fa1 / 0/5
 1 0015.5d01.0e08 DYNAMIC Fa1 / 0/3
 1 001b.d59e.3103 DYNAMIC Fa1 / 0/2
 1,001b.d59e.5583 DYNAMIC Fa1 / 0/1
 Total Mac Addresses for this criterion: 5
 # 3750-1 
 
Finally, in rare cases, you may want to manually add a MAC address to the table.
For example, to add the MAC address 1234.5678.abcd to the interface Fa1 / 0/2 in the vlan 1:
  
  3750-1 (config) # mac address-table static 1234.5678.abcd vlan 1 interface fastEthernet 1/0/2

This will give the following result:
  
  3750-1 # show mac address-table static |  Exclude CPU
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
    1 1234.5678.abcd STATIC Fa1 / 0/2
 Total Mac Addresses for this criterion: 21
 # 3750-1 
 
Note: Here I have taken advantage of the command line tricks to filter the output of the show and display only those lines that do not contain the keyword "CPU".
 
And if you now want frames sent from a machine whose MAC address you know to be automatically destroyed in a given VLAN (for example, frames from 1234.1234.1234 in VLAN1):
  
  3750-1 (config) # mac address-table static 1234.1234.1234 vlan 1 drop
Small check of use ...
  
  3750-1 # show mac address-table static |  Exclude CPU
           Mac Address Table
 -------------------------------------------
 
 Vlan Mac Address Type Ports
 ---- ----------- -------- -----
   1 1234.1234.1234 STATIC Drop
    1 1234.5678.abcd STATIC Fa1 / 0/2
 Total Mac Addresses for this criterion: 22
 # 3750-1 
 
Finally, you can also display "aging-time" entries in the MAC address table (the time after which the entry is deleted if it has not been refreshed, by default 300 seconds).
  
  3750-1 # show mac address-table aging-time
 Global Aging Time 300
 Vlan Aging Time
 ---- ----------
 # 3750-1 
 
This value can also be adjusted globally ...
  
  3750-1 (config) # mac address-table aging-time 150 
 
... or even vlan by vlan ...
  
  3750-1 (config) # mac address-table aging-time 100 vlan 1
The result:
  
  3750-1 # show mac address-table aging-time
 Global Aging Time: 150
 Vlan Aging Time
 ---- ----------
    1 100
 # 3750-1 
 
We thus have a global aging-time of 150 seconds, and of 100 seconds for the entries relative to the vlan 1.


1:16 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top