Network switch

A network switch (or just switch for short) is a networking device that performs transparent bridging (connection of multiple network segments with forwarding based on MAC addresses) at full wire speed in hardware. The use of specially designed hardware also makes it possible to have large numbers of ports (unlike a PC based bridge which is very limited by expansion slot count).

If a network has only switches and no hubs then the collision domains are either reduced to a single link or, if both ends support full duplex, eliminated altogether. The principle of a fast hardware forwarding device with many ports can be extended to higher layers giving the multilayer switch.

Switch's operation

A switch can connect Ethernet, Token Ring, Fiber Channel or other types of packet switched network segments together to form a heterogeneous network operating at OSI Layer 2 (though there may be complications caused by the different MTUs of the standards).

As a frame comes into a switch, the switch saves the originating MAC address and the originating (hardware) port in the switch's MAC address table. This table often uses content-addressable memory, so it is sometimes called the "CAM table". The switch then selectively transmits the frame from specific ports based on the frame's destination MAC address and previous entries in the MAC address table. If the destination MAC address is unknown, for instance, a broadcast address or (for simpler switches) a multicast address, the switch simply transmits the frame out of all of the connected interfaces except the incoming port. If the destination MAC address is known, the frame is forwarded only to the corresponding port in the MAC address table. If the destination port is the same as the originating port, the frame is filtered out and not forwarded.

Switches, unlike hubs, use microsegmentation to create collision domains, one per connected segment. This way, only the NICs which are directly connected via a point-to-point link, or directly connected hubs are contending for the medium. If the switch and the equipment (other than a hub) it connects to support full-duplex then the collision domain is eliminated entirely.

The higher level operation also allows some more advanced features that would be impractical with simple hubs. For example Virtual LANs can be used in switches to reduce the size of the broadcast domains and at the same time increase security and switches can also implement spanning tree protocol allowing use of redundant links.

Forwarding methods

There are four forwarding methods a switch can use:

Store and forward - the switch buffers and typically, performs a checksum on each frame before forwarding it on.
Cut through - the switch only reads up to the frame's hardware address before starting to forward it. There is no error checking with this method.
Fragment free - A method which attempts to retain the benefits of both Store and Forward and Cut-through. Fragment Free checks the first 64 bytes of the frame, where addressing information is stored. This way the frame will always reach its intended destination. Error checking of the actual data in the packet is left for the end device in Layer 3 or Layer 4 (OSI).
Adaptive switching - a method automatically switching between the other three modes.

Note that "cut through" switches have to fall back to "store and forward" if the outgoing port is busy at the time the packet arrives.

Hubs vs switches

A hub, or repeater, is a fairly unsophisticated broadcast device. Any packet entering any port is broadcast out on every port and thus hubs do not manage any of the traffic that comes through their ports. Since every packet is constantly being sent out through every port, this results in packet collisions, which greatly impedes the smooth flow of traffic.

A switch isolates ports, meaning that every received packet is sent out only to the port on which the target may be found (assuming the proper port can be found; if it is not, then the switch will broadcast the packet to all ports). Since the switch intelligently sends packets only where they need to go the performance of the network can be greatly increased.

More expensive switches can also do several other operations, such as isolating ports from each other by placing them in different VLANs, or allowing snooping by copying all packets on some set of ports to a special "sniffer" port.

This leaves the question of when a switch is most appropriate, versus a hub. If most of the network traffic involves only a few ports, then there will be little performance gain achieved by upgrading from a hub to a switch. But if the traffic involves more than a few ports, using a switch can yield a significant improvement in performance. Also, modern Fast Ethernet switches designed for small office / home office (SOHO) use are priced comparably to hubs, making use of a hub somewhat pointless if new equipment must be purchased anyway.

Switches are also more secure than hubs. Because the data is only sent to where it is needed to go, if another user on the network used Ethereal in promiscuous mode, they'd find that they'd only see their own data. However, with hubs, because everything is broadcasted everywhere your unencrypted data is very insecure! Having said that there are a number of common tricks (e.g. arp spoofing and mac flooding) that mean that unmanaged switches are also very vulnerable to sniffing.

Flaws

It is difficult to monitor traffic that is bridged using a switch, because all ports are isolated until one transmits data, and even then only the sending and receiving ports are connected.

Two popular methods that are specifically designed to allow a network manager rab to monitor traffic are:

Port mirroring - the switch sends a copy of network packets to a monitoring network connection.
SMON - "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Other methods (which could be classified as attacks) have been devised to allow snooping on another computer on the network without the cooperation of the switch:

ARP spoofing - fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
MAC flooding - overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".

Industry analysis

There are currently 6 major players competing for market share of the $3,659 Million networking and telecommunications industry. According to a Dell'Oro report for 1Q06 the market leaders in descending order are Cisco, Nortel, Hewlett-Packard, Foundry Networks, 3Com, and Extreme Networks.

In addition, to demand for the latest network technology, there is an increasing number of companies buying and selling networking hardware on the secondary-market. In addition to cost savings, IT departments are sourcing used equipment as new technology does not justify the increased investment. This poses a significant threat to sector growth and companies are working hard to develop equipment with significant performance enhancements to counteract this trend.

Switch's operation

Forwarding methods

Hubs vs switches

Flaws

Industry analysis

External links

See also

Gourt Home::Gourt :: Network switch

Switch's operation

Forwarding methods

Hubs vs switches

Flaws

Industry analysis

External links

See also