Understanding Data Link Layer switches

If you're working in a production network or studying for your Cisco exams, what you really need is to be armed with a good grasp of exactly what a Layer 2 switch is, as well as how a switch works with an internetwork. Let Todd Lammle help.

There's a lot of Cisco material these days buzzing about multilayer switches and the benefits they can afford the internetwork. But if you're working in a production network or studying for your Cisco exams, what you really need is to be armed with a good grasp of exactly what a Layer 2 switch is and how a switch works within an internetwork.

In my last Daily Drill Down, you learned about the OSI model and how Cisco creates networks based on it. Cisco switches are primarily sold as Layer 2 (Data Link) devices. This should tell you that these switches perform their filtering and segmenting tasks using only the hardware (MAC) address of a given device.

By default, Layer 2 switches break up collision domains but not broadcast domains. You can purchase optional cards from Cisco that increase the switches’ functionality into the routing arena, thereby allowing them to also break up broadcast domains. But I'm not going there in this Daily Drill Down. First things, first. For now, we're only going to look into how Cisco switches are used in an internetwork at Layer 2.

Layer 2 switching
As I said, Layer 2 switching is hardware-based, meaning it uses the Media Access Control (MAC) address from the host's network interface cards (NICs) to filter the network. Cisco switches use application-specific integrated circuits (ASICs) within their switches to build and maintain filter tables. Since all network segments aren't concerned with the same types of data, it's quite advantageous in terms of efficiency to be able to "shelter" various segments from having certain types of data unnecessarily traversing them. And switch filter tables do exactly that—they exist to prevent unwanted or unneeded traffic from traversing certain network segments.

For a switch to provide this type of segmentation on the network, it creates something called a collision domain. Let's talk about collision domains in more detail.

Collision domains
A collision domain is defined as a network segment that shares bandwidth with all other devices on the same network segment. When two hosts on the same network segment transmit at the same time, the resulting digital signals will fragment or collide, hence the term collision domain. It's important to know that a collision domain is found only in an Ethernet half-duplex network. Since most of today's LANs use some type of Ethernet network, collision domains are likely to be an important part of your network design.

Historically, hubs have created collision domains. Hubs are really multiple port repeaters. It works like this: A repeater receives a digital signal, reamplifies or regenerates that signal, and then forwards it out all active ports without looking at any data.

An active hub provides the same function as a repeater but with more ports. In Figure A, you can see that when a digital signal is sent from host A, that signal is regenerated or reamplified and transmitted out all active ports on the hub.

Figure A
This hub is connected to four PCs.

Hubs, like repeaters, don't examine any traffic as the signal enters a port or as it is transmitted onward to other network segments. Hubs create a physical star network topology where the hub is a central device and cables radiate outward from it in all directions (creating a visual "star" effect). But Ethernet networks use a logical bus topology instead. What's a logical bus topology? Well, buses run from one end of a route to the other end, stopping at all bus stops along their given routes, right? It's the same concept that gives logical bus topology its name—the signal has to run from end to end on the network, and every device connected to the hub, or hubs, must listen if a device transmits.

If two devices on this network send a digital signal simultaneously, a collision occurs. When that happens, a jam signal is sent from the transmitting devices telling the rest of the devices on the network not to transmit. All devices then start a back-off algorithm clock. This is set to a predetermined amount of time, plus a random number, so that no two devices will begin transmitting again at the same time (we hope).

Layer 2 switches
Since building our networks on hope is not a good idea, switches were developed to address the hub-related hope issue existing in an Ethernet network. The greatest benefit gained by using switches instead of hubs is that each switch port is its own collision domain. Remember? Switches can provide this cool feature because they segment your network by MAC (hardware) address. But also recall that switches do not break up broadcast domains, meaning that if a device sends a broadcast, all devices connected to that switch must listen.

Another benefit of using switches instead of hubs in your network is shown in Figure B.

Figure B
Cisco switches forward broadcast addresses by default.

Figure B demonstrates how a switch sends a signal only to the destination device on a network by using a MAC address filter table. Notice that the other devices connected to the switch aren't receiving the frame. This keeps unneeded or unwanted traffic from using bandwidth on any segment other than the segment where the actual destination device is located.

Broadcast domains
All devices plugged into a hub are in the same collision domain and the same broadcast domain. All devices plugged into a switch are in separate collision domains but the same broadcast domain.

A broadcast domain is defined as all devices on a network segment that hear broadcasts sent on that segment. Figure C shows a host sending a broadcast and how it's sent to all devices.

Figure C
The broadcast is propagated to all switch ports.

When host A sends a broadcast, the frame is sent out to all ports except the one the frame was originally received on.

To break up broadcast domains, we've traditionally used routers. In many ways, you can think of a router as a Layer 3 switch because packets received on an interface are switched to an exit port specified by routing table entries. Presently, more and more devices are being designed and built as multilayer switches, which gives us a bunch of functions all in one box.

Layer 2 switching in an internetwork
Layer 2 switching is efficient because there's no modification to the data packet; if the frame is going from one Ethernet segment to another Ethernet segment on the same switch, the frame is forwarded without any modification at all. Only the hardware address is read in the frame to determine the destination segment. That's all that is necessary because the frame is forwarded only to the segment the destination host is located on.

Layer 2 switching is used for workgroup connectivity and network segmentation (breaking up collision domains), which give you the capability to do two things: create a flatter network design, and one that avails more network segments than traditional 10Base-T shared networks did. This enhanced capacity has helped spawn new players in the network infrastructure, such as server farms and intranets.

Server farms
Servers are no longer distributed to various physical locations because virtual LANs can be created to create broadcast domains in a switched internetwork. This means that all servers can be placed in a central location, yet a certain server can still be part of a workgroup in a remote branch.
Virtual LANs are a way to break up broadcast domains in a Layer 2 switched network.
These allow for organization-wide client/server communications based on a Web technology.

These new technologies are allowing more data to flow off of local subnets and onto a routed network. Therefore, this is where a router's performance, or lack thereof, can produce the bane of many a network—the bottleneck.

Cisco Catalyst switches
Here's some information on Cisco switches and what is available today. This information changes almost every month (seriously), so either check out Cisco's Web site or a reseller for the most current information.

Closet switches
Cisco calls this layer the access layer, as this is the point where users gain access to the internetwork. The switches that Cisco recommends at this layer are listed below:
  • 1900/2800 provides switched 10Mbps to the desktop or to 10Base-T hubs in small to medium campus networks.
  • 2900 provides 10/100Mbps switched access for up to 50 users and gigabit speeds for servers and uplinks.
  • 4000 provides a 10/100/1000Mbps advanced high-performance enterprise solution for up to 96 users and up to 36 Gigabit Ethernet ports for servers.
  • 5000/5500 is used in large campuses to provide access for more than 250 users. The Catalyst 5000 series supports 10/100/1000Mbps Ethernet switching.

Aggregation point switches
Cisco calls this layer the distribution layer, and its main purpose is to connect the access layer closet switches to the internetwork. The Cisco switches recommended at this layer are:
  • 2926G—A robust switch that uses an external router processor like a 4000 or 7000 series router.
  • 5000/5500—The most effective distribution layer switch, it can support a large amount of connections and also an internal route processor module called a Route Switch Module (RSM).
  • 6000—The Catalyst 6000 can provide up to 384 10/100 Ethernet connections, 192 100FX Fast Ethernet connections, and 130 Gigabit Ethernet ports.

Backbone switches
Cisco calls these switches the core layer switches. The following switches are recommended by Cisco for use in the core:
  • 5000/5500—The 5000 is a great distribution layer switch, and the 5500 is a great core layer switch. The Catalyst 5000 series of switches includes the 5000, 5002, 5500, 5505, and 5509.
  • 6500—The Catalyst 6500 series switches are designed to address the need for gigabit port density, high availability, and multilayer switching for the core layer backbone and server-aggregation environments.
  • 8500—The Cisco Catalyst 8500 is a core layer switch that provides high-performance switching. The Catalyst 8500 uses application-specific integrated circuits (ASICs) to provide multiple-layer protocol support, including Internet Protocol (IP), IP multicast, bridging, Asynchronous Transfer Mode (ATM) switching, and CiscoAssure policy-enabled Quality of Service (QoS).

Cisco switches are not the best-designed switches in the world, and most network managers know this. However, we still buy Cisco switches because Cisco has the best tech support system available compared to any other network company.

Layer 2 switches are very popular because you can just replace hubs in an internetwork and your network is better without any configuration. By adding VLANs and other optional routing cards, you can also break up broadcast domains and make your network even better. If you don't know what you’re doing, however, and don’t understand the difference between a Layer 2 and a Layer 3 device, you can make your network worse!

This Daily Drill Down gives you basic background on why you would use Layer 2 switches in your internetwork. My next Daily Drill Down will focus on Layer 3 devices and how to use routers in your internetwork.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks