What information within a frame does a switch use to determine where an incoming frame should go to?

6.2.3.5 Handling of broadcast

One specific aspect that introduces some challenges for mobile systems is the frequent use of broadcast in Ethernet networks. Ethernet broadcast frames are e.g. used by the ARP (Address Resolution Protocol) and IPv6 ND (Neighbor Discovery) protocols to discover what MAC address corresponds to a certain IPv4 or IPv6 address. In general, if a UE or a peer on the DN issues a broadcast, it would be replicated onto all Ethernet PDU Sessions belonging to the same DN. Local policies in the UPF can indicate whether broadcast replication is allowed.

In case a broadcast is due to ARP or ND protocols, only one of the UEs would reply to such broadcast message and the rest would discard it. Not only would this flood the NG-RAN for little benefit, it would also wake up all UEs in CM-IDLE state for no real reason. Therefore, it is possible for the SMF/UPF to reply to an ARP/ND message on behalf of the UE owning the MAC address and thus avoid sending the ARP/ND message to any UE.

It can be noted that a prerequisite for the SMF/UPF to be able to reply to an ARP/ND on behalf of the UE is that SMF/UPF knows the mapping between IP address and MAC address and has stored this mapping. The ARP/ND proxy feature thus requires that IP address allocation to the UE and devices behind the UE is handled by some protocol running over the user plane (e.g. DHCP) and that SMF/UPF can inspect that traffic to deduce IP address to MAC address mapping.

Neighbor Discovery Protocol

The Neighbor Discovery protocol is the way that IPv6 hosts and routers find things out about their immediate neighborhood, typically the LAN segment. A lot of effort was expended in IPv4 to find out configuration necessities such as default routers, any alternate routers, MAC addresses of adjacent hosts, and so on. In some cases, these addresses could not be found automatically with IPv4 and had to be entered manually (the default router). IPv6 was designed to be almost automatic in this regard.

When an IPv6 host comes up for the first time, the host advertises its MAC layer address and asks for neighbor and router information. Because these messages are in the form of ICMPv6 messages, only the basics will be presented here.

Why Neighbor and Router Discovery?

Why does IPv6 have separate neighbor and router discovery messages? After all, IPv4 did fine using a single broadcast frame structure for host–host and router–host address discovery.

IPv6 is more sophisticated than IPv4 when it comes to devices and networks. In IPv6, devices can be located on a local multiple access link (LAN), which are considered on link, or off link. Generally, there are a lot more hosts on a network than routers. IPv6 directs messages that discover host addresses only to the local hosts, while messages to discover one or more default routers are processed only by the routers.

Instead of a single mass broadcast, neighbor discover in IPv6 is done with multicast groups. We'll talk about multicast in more detail in a later chapter.

Many routers today forward packets in hardware, but broadcasts have to be processed by software. IPv6 routers can ignore the numerous messages sent from host to host on a LAN. This makes the use of the network resources with IPv6 more efficient.

The ARP function in IPv6 is performed by four messages in ND. The Router Solicitation/Router Advertisement mechanism is noteworthy in that it provides the key for host IPv6 address configuration, default route selection, and potentially even bootstrap configuration information.

Neighbor Solicitation—This message is sent by a host to find out the MAC layer address of another host. It is also used for Duplicate Address detection (Does another host have the same IPv6 address?) and for Neighbor Unreachability Detection (Is the other host still there?). The receiving host must reply with a Neighbor Advertisement.

Neighbor Advertisement—This message contains the MAC layer address of the host and is sent in reply to a Neighbor Solicitation message. Hosts also send unsolicited Neighbor Advertisement when they first start up or if any of the advertised information changes.

Router Solicitation—This message is sent by a host to find routers. The receiving router must reply with a Router Advertisement.

Router Advertisement—This message contains the MAC layer address of the router and is sent in reply to a Router Solicitation message. Routers also send an unsolicited Router Advertisement when they first start up if any of the advertised information changes.

Broadcast Domains

The Ethernet LAN devices and topologies we have discussed thus far handle broadcast traffic in different ways. The isolation of broadcast packets to a certain portion or segment of the network creates broadcast domains. Let's look at a few examples more closely.

Previously, Figure 7.5 showed that we have a 10Base2 hub with 12 workstations. The broadcast domain for this network comprises all segments connecting all devices. A broadcast frame sent from Workstation 1 is received and processed by all other workstations on the hub. In Figure 7.6, we have a 10BaseT Hub with six workstations attached to it. Once again, a broadcast frame sent from Workstation 1 is seen and processed by all other workstations on the hub. In Figure 7.7, we introduced the Ethernet bridge and the concept of network segmentation within a device. Although the bridge is segmenting the network as far as segment-to-segment communication is concerned, it has no effect on broadcast traffic. Broadcast frames are flooded to all ports and all segments, thereby requiring every device to read and process the frame. The Ethernet switches of Figures 7.8 and 7.9, without VLAN configurations, function in the same manner as the previously mentioned hub and bridges when they deal with broadcasts. A broadcast frame sent from Workstation 1 is seen and processed by all devices connected to the switch. In Figure 7.10, we saw the first configuration that controls broadcasts by creating a separate broadcast domain for each VLAN. A broadcast packet sent from Workstation 1 is received and processed by Workstations 2 and 3 only. The same broadcast isolation applies to the devices in VLANs 2 and 3. The number of devices and estimated broadcast traffic should be VLAN design considerations.

Example ARP Operation

What the ARP process adds to TCP/IP is a mechanism for a source device to ask, “Who has IP address 10.10.12.52 (this was our first example from the Illustrated Network) and what is the physical (hardware) address associated with it?”

ARP messages are broadcast frames sent to all stations. The proper destination IP layer realizes that the destination IP address in the packet matches its own and replies directly to the sender. The target device replies by simply reversing the source and destination IP address in the ARP packet. The target also uses its own hardware address as the source address in the frame and message.

The ARP process is shown in Figure 6.6. The steps are numbered and taken from the example earlier in this chapter, where lnxclient ARPs to find the MAC address of winsvr2.

The system lnxclient (10.10.12.166) assembles an ARP request and sends it as a broadcast frame on the LAN. Because it is unknown, the requested MAC address field in the ARP message uses all zeros (0s), which are placeholders.

All devices attached to the LAN receive and process the broadcast, even the router CE6. But only the device with the target’s IP address in the ARP message (winsvr2 at 10.10.12.52) replies to the ARP. The target also caches the MAC address associated with 10.10.12.166 (the source address in the broadcast frame).

The target system winsvr2 sends a unicast ARP reply message back to lnxclient. The reply has the MAC address requested both in the frame (as a source address) and in the ARP message field sent as 0s.

The originating source system and the target system will cache the hardware address of the destination and proceed to send “live” IP packets with the information, at the same time supplying the proper frame address as a parameter to the network access layer software.

Figure 6.7 shows how the ARP request and reply message shown at the beginning of this chapter look like “on the wire.” The field values can be compared to the ARP message format shown in Figure 6.5. Again, the lnxclient to winsrv2 ARP pair are used as the example. Trailing zeros are not shown.

ARP operation is completely transparent to the user. ARP operation is usually triggered when a user runs some TCP/IP application, such as FTP, and the frame’s destination MAC address is not in the ARP cache.

VLAN Frame Tagging

VLAN devices can come in all shapes and sizes, and configuration of the broadcast domains can be just as variable. Interoperability of LAN switches is compromised when there are multiple ways for a device to recognize the boundaries of broadcast domains. To promote interoperability, the IEEE established IEEE 802.1Q to standardize the creation of VLANs through the use of frame tagging.

Some care is needed with this aspect of VLANs. VLANs are not really a formal networking concept, but they are a nice feature that devices can support. One key VLAN feature is the ability to place switch ports in virtual broadcast domains. The other key feature is the ability to tag Ethernet frames with a VLAN identifier so that devices can easily distinguish the boundaries of the broadcast domains. These devices and tags are not codependent, but you have to use both features to establish a useful VLAN.

In a later chapter, we'll see how the Virtual Extensible LAN (VXLAN) builds on the basic VLAN idea here.

Multiple tags can be placed inside Ethernet frames. There is also a way to assign priorities to the tagged frames, often called IEEE 802.1p, but officially known as IEEE 802.1D-1998. Internetworking devices, not just LAN switches, can read the tags and establish VLAN boundaries based on the tag information.

VLAN tags add 4 bytes of information between the Source Address and Type/Length fields of Ethernet frames. The maximum size of the modified Ethernet frame is increased from 1518 to 1522 bytes, so the frame check sequence must be recalculated when the VLAN tag is added. VLAN identifiers can range from 0 to 4095.

The use of VLAN “q in q” tags increases the available VLAN space (ISPs often assign each customer a VLAN identifier, and customers often have their own VLANs as well). In this case, multiple tags are placed in an Ethernet frame. The format and position of VLAN tags according to IEEE 802.3ac are shown in Figure 2.7.

VLANs are built for a variety of reasons. Among them are:

Security—Frames on an Ethernet segment are delivered everywhere, and devices only process (look inside) MAC frames that are addressed to them. Nothing stops a device from monitoring everything that arrives on the interface (that’s essentially how Ethereal works). Sensitive information, or departmental traffic, can be isolated with virtual LANs.

Cutting down on broadcasts—Some network protocols are much worse than others when it comes to broadcasts. These broadcast frames can be an issue because they rarely carry user data and each and every system on the segment must process the content of a broadcast frame. VLANs can isolate protocol broadcasts so that they arrive only at the systems that need to hear them. Also, a number of hosts that might otherwise make up a very large logical network (e.g., Page 19 what we will call later a “/19-sized wireless subnet”) could use VLANs because they can be just plain noisy.

Router delay—Older routers can be much slower than LAN switches. VLANs can be used to establish logical boundaries that do not need to employ a router to get traffic from one LAN segment to another. (In fairness, many routers today route at “wire speed” and do not introduce much latency into a network.)

The Illustrated Network uses Gigabit Ethernet links to connect the customer-edge routers to the ISP networks. Many ISPs would assign the frame arriving from LAN1 and LAN2 a VLAN ID and tag the frames at the provider-edge routers. If the sites are close enough, some form of Metro Ethernet could be configured using the tag information. However, the sites are far enough apart that we would have to use some other method to create a single LAN out of LAN1 and LAN2.

In a later chapter, we’ll use VLAN tagging, along with some other router switching features, to create a “virtual private LAN” between LAN1 and LAN2 on the Illustrated Network, mainly for security purposes. Then we’ll look at VXLANs in a chapter on Ethernet VPNs (EVPNs).

After that, we’ll use VXLAN as well.

Managed Hubs

Some hubs are equipped with the ability to capture statistics about network traffic and to accept control commands from a workstation on the network. Such managed hubs make it easier to troubleshoot and maintain a network.

The type of information and control a managed hub can provide usually includes the following:

View status of the hub: As illustrated in Figure 4-5, the information provided to the user includes a measure of the utilization of the hub, the percentage of time taken up by collisions, the number of packets (frames) broadcast per second, and the percentage of errors detected in the Frame Check Sequence (FCS).

View the status of a single port: As you can see in Figure 4-6, individual port statistics are the same as those for the entire hub.

Configure the hub: In Figure 4-7, for example, you can see that the software shows a replica of the managed hub and allows the user to use a mouse to activate and deactivate individual ports. In addition, the user can set IP addresses and choose what information is gathered about the system.

Manage security.

Collect hub and port usage statistics over time.

2.3 The MAC layer

There are many similarities of the MAC layer (Fig. 11.3) to XG-PON [9]. A single wavelength is utilized for both downstream and upstream traffic. In XG-PON, a time slot lasts 125 μs and includes a number of frames. The nature of the logical topology depends upon passive equipment, so every downstream frame is broadcast and chosen from the destination ONU according to its embedded XGEM identifier [9]. In other words, every ONU inspects all broadcast frames and keeps the one that targets itself as destination.

Among the similarities (frame duration, XGEM structure, etc) there are also subtle differentiations, since the downstream procedure is not truly broadcast. There are two implementation options in the physical layer (passive splitter or WDM) that actually offer a point-to-point downstream connection between the CO and ONUs and if the XGEM identifiers are absent, the CO includes an additional subsystem that assigns frames to ONUs on the basis of their wavelength, as shown in Fig. 11.3. From a practical perspective, the frame to wavelength mapping can be extracted from the (XGEM identifier, ONU, wavelength) triplet at the CO. Moreover, if the XGEM frame structure is maintained, the XG-PON ONUs are fully compliant with PANDA in the downstream direction.

The fact of using a single wavelength to upstream data, makes PANDA compatible with XG-PON in this data direction. So, the ONUs structure their upstream data in bursts and the CO is responsible for allowing to transmit them according to a schedule (also called Dynamic Bandwidth Assignment). During this procedure, the CO ensures that there is not overlapping of upstream frames at the single wavelength connection between itself and the main splitter (or WDM according to each implementation). There are two ways for the CO to be aware of ONU bandwidth requirements: (1) explicitly through received reports and (2) by inspecting the amount of empty upstream frames. According to these actions, it is able to apply a sophisticated algorithm for achieving better resource utilization of the network.

4.2.5 Service Frame Delivery Attribute (Unicast, Multicast, Broadcast, and L2CP Related)

To ensure the full functionality of the subscriber network, it is important to have an agreement between the subscriber and the CEN carriers on which frames get carried over the network and which do not. The frames traversing the network could be data frames or control frames. Some Ethernet services support delivery of all types of Ethernet protocol data units (PDUs), others may not support delivery of all types of frames. The EVC service attribute can define whether a particular frame is discarded, delivered unconditionally, or delivered conditionally for each ordered UNI pair.

Data frame processing—different possibilities of the Ethernet data frames are as follows:

Unicast frames—these are frames that have a specified destination MAC address. If the destination MAC address is known by the network, the frame gets delivered to the exact destination. If the MAC address is unknown, the LAN behavior is to flood the frame within the particular VLAN.

Multicast frames—these are frames that are transmitted to a select group of destinations. This would be any frame with the least significant bit of the destination address set to 1, except for broadcast, where all bits of the MAC destination address are set to 1.

Broadcast frames—IEEE 802.3 defines the broadcast address as a destination MAC address of FF-FF-FF-FF-FF-FF.

Layer 2 control processing—different L2CP frames are needed for specific applications. For example, BPDU packets are needed for STP. The provider might decide to tunnel or discard these frames over the EVC, depending on the service. The following is a list of currently standardized L2 protocols that can flow over an EVC:

IEEE 802.3x MAC control frames—IEEE 802.3x is an XON/XOFF flow-control mechanism that lets an Ethernet interface send a PAUSE frame in case of traffic congestion on the egress of the Ethernet switch. The 802.3x MAC control frames have destination address 01-80-C2-00-00-01. PAUSE frames are not processed in a carrier Ethernet service. They are ignored.

Link aggregation control protocol (LACP)—this protocol allows the dynamic bundling of multiple Ethernet interfaces between two switches to form an aggregate bigger pipe. The destination MAC address for these control frames is 01-80-C2-00-00-02.

IEEE 802.1x port authentication—this protocol allows a user (an Ethernet port) to be authenticated into the network via a back-end server, such as a RADIUS server. The destination MAC address is 01-80-C2-00-00-03.

Generic Attribute Registration Protocol (GARP)—the destination MAC address is 01-80-C2-00-00-2X.

STP—the destination MAC address is 01-80-C2-00-00-00.

All-bridge multicast—the destination MAC address is 01-80-C2-00-00-10.

Switch Concepts

The bottom line is that switches have many major advantages over hubs in terms of efficiency and security in communications. Much has been learned of using network switching technology and both IT administrators and purchasers have a deeper understanding of the costs and benefits of using switches in an enterprise. Before we dive into the technicalities, let's start with some terms that will help us along:

Collision Occurs when two hosts attempt to access (or transmit) on a shared medium at the same time, resulting in a collision of their frames.

Broadcasts Refers to both Open Systems Interconnection (OSI) Layer 2 (data link) broadcasts where frames are destined to all hosts on a subnetwork, and OSI Layer 3 (Internet) broadcasts where packets are destined to all hosts on a network. Layer 2 broadcast frames have a destination Media Access Control (MAC) address of FF:FF:FF:FF:FF:FF and Layer 3 broadcast addresses have a destination Internet Protocol (IP) address that is set for the broadcast of that particular network (the address varies, so don't always assume that an IP address ending with 255 is the broadcast address).

MAC address Refers to the hardware, Ethernet, or burned-in address of an Ethernet network interface. It is composed of a 48-bit address in a hexadecimal string of characters that designate the manufacturer ID and a unique serial number for the device.

Host For the purposes of this discussion, a computer with a network card capable of communicating on an Ethernet network.

Bridges The predecessors to switches and switching technology. Bridges have limitations that switches improve on.

Frame A unit that is applied to the OSI model that defines the size and composition of a stream of network communication. In terms of the Ethernet specification, it is basically composed of a source MAC address, a destination MAC address, protocol information, and a data payload consisting of data from the upper layers of the OSI model.

Advantages over Hubs

Not long ago, switches were considered an extravagance, and the mainstream network product to deploy onto a campus network was a hub. In fact, easy-to-remember formulas allowed anyone to determine in what circumstance hubs should be deployed in a network.

The good news is that we've passed a major milestone where the price of switches has come down and they are easy to find on most any retail shelf. This helps attract penny-focused firms and motivates them to take the plunge and purchase more switching hardware. In fact, when comparing dollars to performance improvement switches cost an infrastructure less money and offer more performance if properly used. Not every system is pushing 100 million or 1 billion bits per second in and out of the switch, all of the time. Think of the bandwidth in terms of slices. For example, say that at one moment you are nearly saturating the network with a database query request that goes out of the switch's upstream port to somewhere out of the office. The next moment your system is quiet; this is where your coworker is using the bandwidth to download an Adam Sandler video from YouTube. Because switches are using switched architecture to keep these two communications separate from each other, the finite amount of bandwidth is appropriately used. If this occurred on a cheaper set of hubs, both you and your coworker would have been saturating the network, preventing each other from transmitting any packets and possibly causing frame collisions.

The other reason switches are a better investment in terms of efficiency compared to cost is at the heart of the switching technology built inside switches. Without getting into electrical and computer engineering concepts, switches are effective at keeping conversations that occur between two ports separated from any other ports or pairs of ports, without sacrificing the speed of transmission/reception or bandwidth. So, suppose you want to download that Adam Sandler video from your coworker. Both of you will make maximum use of the bandwidth between you as long as you are on the same switch. But now say that two other coworkers are busy downloading PC games from a game-sharing Web site using Hypertext Transfer Protocol (HTTP). If they happened to be on the same switch as you and your cubical neighbor, both sets of network traffic communications would not interfere with each other, and this raises the efficiency of the workplace, at least on a theoretical facilitation aspect.

Now, it's pretty tough to find a hub these days, let alone one that has more than a handful of ports, and that helps when it comes to computer security. A hub is really a multiport repeater. Given that you are now on a basic network hub, now the network traffic that hits the wire when you send your database query request actually goes to every port and every workstation that is connected to the hub, possibly causing frame collisions. (Remember back in the old days, Ethernet transmission collisions occurred when two workstations transmitted their bits onto the network at nearly the same time over a shared medium unbeknownst to each other. This series of bits overlapped each other, resulting in a collision. Then every workstation had to cease “talking” for a short but random period of time until everything settled back down on the network.) Switches manage to keep the medium shared in such a way that broadcast frames are transmitted to each port of the switch, but unicast frames are not, in most cases. A switch has to broadcast a unicast frame when it does not know which port a destination MAC address is connected to, so it has to broadcast it to every port, and when its port-to-MAC address table (known as the content-addressable memory, or CAM) is filled and cannot accept more entries, it is forced to revert to the behavior of a hub. Otherwise, it keeps switched conversations apart from each host that is communicating on the switch.

Since the conversations are separated from each other, it also means that our workstation cannot eavesdrop on or “sniff” the unicast traffic using a network analyzer because of the separation in most cases. However, sometimes you can configure a computer network card to accept traffic destined to anyone else (called promiscuous mode) as well as being physically located on either one of the switch's truck ports or traffic spanning port that was left unsecured.

Every advance in progress, and especially in technology, has a caveat or vulnerability. So, when you feel the urge to boast about how secure your new rack full of switches is, ensure that the IOS (or CatOS, if that is the case) is the latest supported version, logins and passwords are managed, data logging is going to a syslog facility of some sort, unwanted or unneeded services are turned off, and configurations are routinely checked. You should do all of this and more to reduce the chance of commercial or open source tools turning your fancy switch farm into a hub by flooding its port-to-MAC association table.

MAC handler software

This is implemented within the function mac_Handler(). On entry, the controller's DMA will contain the full Ethernet frame, as indicated by a TRUE return from a previously called nic_Poll() function. The operation of the handler is simple; IP type frames are passed on, and ARP frames are acted upon locally. The stages are described in the following text.