Recent Articles

Switches

A network switch is a computer networking device that connects network segments. It uses the logic of a Network bridge but allows a physical and logical star topology. It is often used to replace network hubs.

Switch Operation

A switch can connect Ethernet, Token Ring, or other types of packet switched network segments together to form a heterogenous network operating at OSI Layer 2.

Switches selectively transmit frames out specific ports based on the frames destination MAC address. If the MAC address is unknown, or a broadcast or multicast address, the switch simply forwards it out all of the connected interfaces except the incoming port.

In order to learn this information the switch records the MAC address of frames that enter the switch and the port it came in on onto a table.

Switches unlike hubs, use microsegmentation to divide collision domains, one per connected segment. This way, only the NICs which are directly connected via a point-to-point link, or directly connected hubs are contending for the medium.

By nearly eliminating the possibility of collisions, full-duplex point-to-point connections on the switch become possible.

Forwarding Methods

There are four forwarding methods a switch can use:

• Cut through
• Store and forward - the switch, unlike cut through, bufferers and typically, performs a checksum on each frame before forwarding it on.
• Fragment free
• Adaptive switching

Flaws

Switches provide difficulties in monitoring traffic because each port is isolated until it transmits data, and even then only the sending and receiving ports are connected.

Two popular methods that are specifically designed to allow a network manager to monitor traffic are:

• Port mirroring -- the switch sends a copy of network packets to a monitoring network connection.
• SMON -- "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Other methods have been devised to allow snooping on another computer on the network without the cooperation of the switch:

• ARP spoofing -- fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
• MAC flooding -- overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".

See also

• Router
• Multilayer switch
• Telephone switch