Switching (2013)

LAN designTypical hierarchical design:• Access layer includes end devices. The main purpose is to connect devices and to control whichones are allowed to communicate on the network.– port security– VLANs– fast/gigabit ethernet– link aggregation– quality of service• Distribution layer controls the flow of network traffic.– layer 3 support– high forwarding rate– 1/10 gigabit ethernet– renundancy– security policies– link aggregation– quality of service• Core layer connects distribution layer devices and can have connection to internet resources.– layer 3 support– very high forwarding rate– 1/10 gigabit ethernet– redundancy– link aggregation– QoSBenefits of hierarchical model:• scalability• redundancy• performance (data is transmitted through high-performing switches)• security (easy to manage)• manageability (settings can be copied rapidly between switches)• maintainability (scaling without increasing in complexity)Network diameter is number of devices that a packet has to cross to its destination.Device latency - time to handle incoming packet or frame.Link aggregation - aggregating links between some devices to achieve higher throughput.Redundancy:• doubling connections• doubling devices1Switch form factors:• fixed configuration• modular (line cards containing ports can be easily added)• stackable (several switches operate as one large switch)Port density - number of available ports.Converging network design is combining data with voice and video on a common network.Basic switch conceptsCSMA/CD:• Carrier sense: devices that have messages must listen before transmitting.• Multi-access• Collision detection: registered when there is the amplitude increase.Jamming signal notifies other devices about the collision.Communications in LAN:• unicast• broadcast• multicast (frame is sent to a specific group of devices, which are members of multicast group)Ethernet frame:• preamble and start frame delimiter (used for synchronization)• destination MAC• source MAC• length/type field• data and padding• frame check sumDuplex settings:• half-duplex– unidirectional– hub connectivity– higher potential for collision• full-duplex– point-to-point only– attached to switches2– collision-freeSwitch has MAC-addresses table.

If there is no needed record, the frame is forwarded to all ports.Collision domain - physical network segment.Broadcast domain - collection of interconnected switches.LANs should be segmented into smaller collision and broadcast domains using routers and switches.Bottleneck - a place where high network congestion results in slow performance.Forwarding methods:• store-and-forward (also error checking)• cut-through– fast-forwarding (as soon as destination address is read)– fragment-free (waiting for the first 64 bytes)Asymmetric switching uses different bandwidth for different ports.Memory buffering:• port-based (queue for every income port)• sharedLayered (OSI) switching:• 2-layer (typical)• 3-layer (IP addressing and routing functions)– don't support WAN interface cards– no advanced routing protocols– wire-speed routingSwitch loading process:1. loading of boot loader from NVRAM2.

CPU initialization, POST, flash filesystem initialization, OS loading3. running config.text from flash memoryTroubleshooting:• MAC flooding• spooning attacks (DHCP)• CDP attack (gathering device info)• telnet attack– Brute force password attack: guessing the password.– DoS: a lot of requests.3VLANsVirtual LAN is logically separate IP subnetwork.Benefits:• security• cost reduction (from less need to expensive network upgrades and more efficient use of bandwidth)• higher performance (no unnecessary traffic)• broadcast storm mitigation• improved IT staff efficiency (minimal efforts to add new switch)• simpler managementID ranges:• normal range (1-1005)– configuration is stored in vlan.dat in flash memory– 1 and 1002-1005 are automatically created and cannot be removed– suitable for VTP• extended (1006-4094)– designed for service providers– stored in running configVLAN types:• data (only user-generated traffic)• default (all ports after boot-up)• native (all untagged traffic goes to it; assigned to 802.1Q trunk port)• management (any configured vlan to access management capabilities)• voice (can be configured with other type VLAN)Network traffic types:• IP telephony (signalling and voice traffic)• IP multicast (e.g.

TV broadcast)• normal data• scavenger (entertainment)Switch port modes:• static (manually assigned)• dynamic (configured using special VLAN server)• voice4Switch virtual interface (SVI) - logical interface that should be configured to switch between VLANs.Trunk - point-to-point link between two network devices that carries more than one VLAN.

Allows notto have separate link for each subnet.Tag control information field (used in frames):• 3 bits of priority• 1 bit of Canonical format identifier• 12 bits of VLAN IDTrunk link is a link with trunk port on each end.Trunking modes:• 802.1Q: supports simultaneous traffic.• ISL: all packets are expected to be encapsulated. Native frames are dropped.Trunking modes (considering DTP):• on• dynamic auto• dynamic desirable (request to go to trunk)• offConfiguring overall steps:• create VLANs• assign switch ports to VLANs statically• verify vlan configuration• enable trunking on the inter-switch connections• verify trunk configurationProblems:• native VLAN mismatch• trunk mode mismatch• IP subnets• allowed VLANs on trunks5VTPBenefits:• configuration consistence across the network• accurate tracking and monitoring of VLANs• dynamic reporting of added VLANs across the network• dynamic trunk configuration when VLANs are addedVTP domain consists of one or more interconnected switches that share configuration details and domain name.

Separated by layer 3 devices.VTP advertisements messages to distribute and synchronize VLAN configurations.Switch modes:• Server: advertising information; creating, deleting, changing VLANs. Information for entire domain is stored in NVRAM. Used by default.• Client: the same as server, but cannot modify VLANs. Information for the entire domain is storedonly when switch is on.• Transparent: only advertisements forwarding. Created VLANs are only local.VTP pruning increases bandwidth by restricting flooded traffic to specific trunks.

Without it traffic issent to all trunks that are configured on the appropriate VLAN.Advertisements are multicasted using ethernet frames.Ethernet frame:• special multicast address• LLC (destination service access point, source service access point)• subnetwork access protocol (SNAP) (OUI=Cisco, PID=2003 for VTP)• VTP header– domain name– domain name length– version– message type– revision number (shows the number of changes)• VTP message• FCSAdvertisements send global domain information:• domain name• updater notify and timestamp• MD5 digest• frame format6Advertisements sent this VLAN information:• VLAN ID• VLAN name• VLAN type• VLAN state• additional configurationVTP advertisements:• Summary: domain name, revision number, etc– sent every 5 minutes to neighbors (client or server)– immediately after configuration change• Subnet: VLAN information.– creating or deleting VLAN– suspending or activating– changing VLAN name– changing MTU• Request: sent to server in order to get summary and subnet updates.– domain name change– receiving message with higher revision number– subnet advertisement is missed– switch resetSTPBroadcast storm occurs when there are so many broadcast frames caught in layer 2 loop that all bandwidth is consumed.Duplicate unicast frames are sent to loopes network where are duplicated.STP intentionally blocks redundant paths that could cause a loop.Bridge protocol data unit (BPDU) - hello packet.Root bridge - switch with lowest bridge ID.Port types:• root (port with the lowest path cost to root bridge)• designated (non-root ports permitted to forward traffic)• non-designated (configured to be in blocking state)• disabled (administratively down)Bridge ID fields:• priority7• extend system ID (old style; used for VLANs)• switch MACBPDU format:• protocol ID, version, message type, status flag• root ID, cost of path, BID, port ID• message age, max age, hello time, forward delayPort states:• blocking (non-designated) (receiving BPDUs)• listening (receiving and processing BPDUs)• learning (prepares to participate in forwarding and begin to populate MAC address table)• forwarding• disabled (no frames forwarding)BPDU timers:• hello (between sending BPDUs, 2s)• forward delay (time spent in listening and learning state, 15s)• maximum age (time for which BPDU information is stored)Port fast techology is used on access ports and translates it from blocking to forwarding immediately.STP convergence - time it takes to determine root bridge, go through different port states, and set allswitches ports to final spanning-tree port roles.• Electing a root bridge: after switch booting, it sends BPDU every 2 seconds.

By default root IDmatches local BID. If root ID in received BPDU is lower, root ID and cost are updated.• Electing root ports: port with best cost becomes root port. If there is several paths, the port ID isused to break a tie: the one becomes root, other are non-designated.• Electing designated and non-designated port: the switch with smaller BID wins the competitionand sets port to designated while other becomes non-designated.When topology changes (port is going down or transitions to forwarding), topology change notification(TCN) is sent to the root port. The answer is topology change acknowledgement (TCA).

Root bridgeanswers with topology change (TC) messages.Advanced layer 3 switches can:• build a forwarding table• receive packets and route to the correct interfacePer-VLAN STP (PVST) - spanning tree for each VLAN. Load balancing on 2 layer. Uses ISL. Includesextensions like BackconeFast, UplinkFast, PortFast.PVST+ supports 802.1Q. BPDU guard and Root guard extensions. In BID priority field is reduced to 4bits, 12 bits for VLAN.Multiple STP enables ms to be mapped in the same spanning-tree.8RSTPRSTP uses flag byte in BPDU:• bits 0 and 7 for topology change and ack• 1 and 6 for proposal agreement process• 2-5 encode the role and state of the portEdge port is port that is never intended to be connected to switch.

Immediately transitions to forwarding. When it receives BPDU it becomes normal spanning-tree port.Non-edge ports can be point-to-point or shared.Port states:• Discarding: in both stable and synchronization steps. Prevents data forwarding.• Learning: also in both steps. Accepting data frames to populate MAC table.• Forwarding: only when stable.Port roles:• Root: on every non-root bridge that is the chosen path to the root.• Alternate: offers an alternate path toward root bridge, assumes discarding state.• Backup: additional port with redundant link. Higher priority, assumes discarding state.• Designated: assumes the forwarding state.

Only one per segment.RSTP is faster because it converges on link-by-link basis and does not rely on timers. Also there arealternate ports.Inter-VLAN routingRouter-on-a-stick is a router in which a single interface routes traffic between multiple VLANs.Subinterfaces - multiple virtual interfaces associated with one physical interface.Switch configuration issues:• Ports are in VLAN 1 by default.• The switch interface connected to router-on-a-stick must be in trunk mode (if using subinterfaces)Router configuration issues:• connecting to ports with appropriate VLAN• correct encapsulation numberIP addressing issues:• correct IP and subnet maskEtherChannel is used to reduce the risk of failed inter-switch link.9Wireless conceptsClients connect to the network through wireless access points (AP).