1.13 Describe switching concepts
1.13.a MAC learning and aging
1.13.b Frame switching
1.13.c Frame flooding
1.13.d MAC address table
I wanted to explain each section in order, but it just doesn’t make sense. I tried, but when I got to Section 1.2 I realized that I couldn’t explain some concepts without background information. The entire model of the internet is built on layers and we shouldn’t jump to another layer until we understand the one below it. I’m also going to start using the Cisco icons in my diagrams because we need to get serious.
Every network device – from the factory – receives a MAC address. It’s like a serial number. It’s unique to that device. The MAC address is twelve characters long, and it’s also known as the physical address or a global MAC address.
How big is the MAC address again? It’s 12 characters – 12 Hex digits to be exact (Hex digits are the numbers 0 through 9 and the letters A through F – no other characters are allowed). That makes it 24 bytes long. When we write a MAC address, it’s common to separate every two digits with colons. AA:AA:BB:BB:CC:CC could be a MAC address. The MAC address isn’t case sensitive. We might also separate every four digits with a period. aaaa.bbbb.cccc is also a MAC address.
How do we ensure that every device receives a unique MAC address? An international organization (IEEE) assigns a unique 6-digit prefix to each device manufacturer. If I’m a manufacturer and my prefix is AA:BB:CC, then all my MAC addresses must start with AA:BB:CC. Then it’s up to me to make sure that the remaining six digits are unique for every device that I manufacture.
My network is below, and I have several devices connected to my switch. On the right is a printer. How does data get from my computer to my printer? For the sake of simplicity, we’re going to pretend that the MAC address is four characters long. And we’re going to ignore the switch’s MAC address because it isn’t important. And we’re going to ignore other devices like routers. We just want to focus on the local network.
My computer’s MAC address is “aaaa”, and my printer’s MAC address is “dddd”. My computer already knows that “dddd” is on the LAN (Local Area Network). We’re not going to worry about how it knew that just yet. Just know that my computer thought about where the printer was and concluded that it is on the local network. Thus, my computer sends an Ethernet frame to the address “dddd”.
The frame looks like this
| Ethernet Header | Data, IP Address, etc. | Ethernet Trailer |
The frame travels to the switch. Let’s pretend that this is a brand-new switch, and that each of my devices is connected to the switch via an Ethernet cable. My computer is in port #1, and the printer is in port #4.
The switch receives the frame on port #1. It learns two things from this frame
- The device connected to port #1 has a MAC address of “aaaa” (from the “from” address of the frame)
- I need to send this frame to a device with the MAC address “dddd”, wherever that is
I’m going to backtrack here and talk about MAC Address Tables. A switch remembers the MAC address of every device that is connected to it. Well, the switch has a huge table called the MAC Address Table. When the switch first powers on, this table is completely blank. Each time the switch receives a frame, it checks the source MAC address on the frame, and it updates the table.
When the switch powers on, its MAC Address Table looks like this:
| Port # | MAC Address(es) |
It’s blank.
When the first frame enters, its MAC Address Table looks like below. The switch learns that “aaaa” is connected to port #1 because the source MAC address of the frame that arrived on port #1 was sent from “aaaa”.
| Port # | MAC Address(es) |
| 1 | aaaa |
The switch checks the table to see which port it should send the frame out of. It should send it out of port #4, but it doesn’t know that the printer is in port #4, because “dddd” is not in the MAC Address Table. There is no “dddd’ entry in the table yet.
What does the switch do? It sends the frame out of all the ports (except the one that sent it). If it’s a 48-port switch, then it sends the frame out of 47 ports. If it’s a 24-port switch, then it sends the frame out of 23 ports. All the ports except port #1. It doesn’t send the frame out of the port that it entered through because that would be pointless. This action is known as frame flooding.
If the printer (dddd) replies to the computer (aaaa), the switch learns what port the printer is plugged into. Now the table looks like this:
| Port # | MAC Address(es) |
| 1 | aaaa |
| 4 | dddd |
The switch doesn’t have to flood the frame received from the printer. It knows that the destination is “aaaa” and according to the table, “aaaa” is in por #1. Thus, the switch sends the frame out of port #1 only.
The entries in the table only last about five minutes. If the switch doesn’t see traffic from a specific MAC address after five minutes, it deletes the corresponding entry in the table. This lets the switch keep track of changes and delete incorrect entries. We can adjust this time up or down when we configure the switch.
These addresses such as “aaaa” and “bbbb” are known as unicast addresses because each one has a single destination. When we send a frame addressed to “aaaa”, it goes to only one device.
There is a special MAC address (FF:FF:FF:FF:FF:FF). This is the broadcast MAC address. If a device wants to send a frame to everybody on the LAN, it addresses it to the broadcast address. Every network switch knows to forward this address, and every device knows to accept traffic on this address.
The switch will flood a frame addressed to FF:FF:FF:FF:FF:FF on all of its interfaces regardless of what’s in the table.
Before we had switches, we had hubs. Some networks still use hubs. A hub is like a switch without a MAC address table. It floods every frame that it receives, no matter what.
In my network here, every device can talk at the same time. If this network was connected via a hub, only one device could talk at the same time. Think about it. If ‘aaaa’ sends a message, the hub receives it and repeats it to ‘bbbb’, ‘cccc’, and ‘dddd’. While those devices are receiving the message, they won’t be able to talk.
What happens if two devices try to talk at the same time? It results in a collision.
We can stop collisions through CSMA/CD, or Carrier Sense Multiple Access with Collision Detection. What happens if two devices try to talk at the same time on the same cable? Each device transmits a frame at the same time and a collision takes place.
A collision is bad, but with CSMA/CD, at least we know that it happened. Both devices stop talking immediately. Each device sends a “jam signal” – a message to the other devices that tells them to be quiet. Each device picks a random amount of time to wait and then resends its frame. Hopefully, the next time, the line is free, because each device waited a different length of time.
The collision detection method depends on the type of ethernet wiring in use.
In modern networks, CSMA/CD is not required. Collisions only took place on the old form of ethernet wiring, where many devices were connected to the same cable. Today, you won’t see multiple devices connected to the same cable, but you might find hubs.
Cisco calls networks that use hubs ethernet shared media and networks that use switches ethernet point to point.