Switches and Routers
Switch
OSI Layer 2
Physically connects end systems / nodes in a network. allows them to
connect to each other.
Based on MAC address; unconcerned with and oblivious of IP address.
Separates collision domains. micro-segmentation per port.
Full-duplex links: switch port can be TX or RX at same time as node's NIC can be RX or TX (TX-RX or RX-TX).
enables virtual point-to-point connections in LAN: each node/host/end system can be communicating with another
simultaneously.
Forwards incoming frame to node if switch knows which of its ports is the one connected to that node.
learns what MAC(s) at other end of link by reading incoming frame's SRC MAC.
Stores this port--MAC address pair in its MAC address table.
Floods if node's port not learned yet or is a broadcast frame.
Port mirroring: copy frames out a particular (SPAN) port to a monitoring system, eg. IDS, IPS
VLAN: virtual LAN defined by set of ports on [one or more trunked] switch[es].
Vlan == broadcast domain == subnet == IP network
Trunk link between switches tags frames with 802.1Q 4B Vlan# header.
End systems are oblivious of Vlan; they only know what IP network (subnet) they are in.
STP 802.1D: spanning tree protocol avoids switch loops in network with redundant links.
A LAN with multiple switches (for efficiency and redundancy) can have multiple paths
in the LAN to destination node; a loop might keep a frame cycling forever, so STP eliminates all loops.
802.1w Rapid STP: quicker convergence
Switches
Router
OSI Layer 3
Connects IP networks together into an internetwork.
Based on IP address: hierarchical (network and host).
Each interface is in different IP network and has valid host IP address in that net.
Forwards packet to next hop in its journey in the internet.
Routing table indicates which interface a packet should be forwarded out.
Routing table created and maintained by a routing protocol.
Routers in the internet communicate among themseleves to
converge upon the optimal routes to networks.
Security role: packet filtering firewall block/allow specified
types or addresses of traffic.
Traffic management role: packets with unknown addresses dropped.
Separates broadcast domains (broadcasts are not forwarded to other networks).
Edge network has a default gateway: all packets destined to other networks go to it.
RULEs: an (IP) network should have only IP addresses of that network for
the hosts of that network
(i.e. no interlopers from other IP networks) AND
all IP host addresses of that IP network should be in this network
(i.e. no host addresses of this IP network should be in other networks).
2600 routers
Wiring closet rack
VLAN
