Network switch
From Wikipedia, the free encyclopedia
A network switch (or just switch) is a networking device that performs transparent bridging (connection of multiple network segments with forwarding based on MAC addresses) at up to the speed of the hardware. Common hardware includes switches, which can connect at 10, 100, or 1000 megabits per second (Mbit/s), at half or full duplex. Half duplex means that the device can only send or receive at any given time, whereas full duplex can send and receive at the same time. The use of specially designed expansion also makes it possible to have large numbers of connections utilizing different mediums of networking, including Ethernet, Fibre Channel, ATM, 802.11, to name frequently used technologies.
A switch can connect Ethernet, token ring, Fibre Channel or other types of packet switched network segments together to form an internetwork.
If a network has only switches and no hubs then the collision domains are either reduced to a single link or, if both ends support full duplex, eliminated altogether. The principle of a fast hardware forwarding device with many ports can be extended to higher layers giving the multilayer switch.
A multiport repeater is the simplest multi-port device in use. However, its technology has been considered outdated since a hub is a "dumb device", as it resends every datagram it receives to every port except the original incoming. With multiple computers, the speed quickly slows down, and collisions start occurring, making the connection even slower. However, with the advent of the network switch, this problem has been solved.
Contents |
[edit] Forwarding methods
There are four forwarding methods a switch can use:
- Store and forward - The switch buffers and, typically, performs a checksum on each frame before forwarding it on.
- Cut through - The switch only reads up to the frame's hardware address before starting to forward it. There is no error checking with this method.
- Fragment free - A method which attempts to retain the benefits of both "Store and Forward" and "Cut-through". Fragment Free checks the first 64 bytes of the frame, where addressing information is stored. This way the frame will always reach its intended destination. Error checking of the actual data in the packet is left for the end device in Layer 3 or Layer 4 (OSI), typically a router.
- Adaptive switching - A method of automatically switching between the other three modes.
Note that "cut through" switches have to fall back to "store and forward" if the outgoing port is busy at the time the packet arrives.
Note that these forwarding methods are not controlled by the user and are configured only by the switch itself.
[edit] Types of switches
[edit] Form factor
- Rack mounted
- Non rack mounted
[edit] Possibility of configuration
- Non managed
- Managed
- Smart / intelligent
Unmanaged switches have no configuration interface. They are typically found in SOHO environments. Configuration options for managed switches vary with manufacturer and model. You can access the configuration interface for managing your switch (hence the name). Older models, yet some high-end routers, use a serial console. More recent devices use a web interface. (Sometimes you can configure them via pushing buttons on the switch also, although with Cisco routers this is not typical.) Managed switches are found in medium/large network environments and come at a higher price and quality (eg. with a backplane with higher transfer speeds). The task of managing usually requires understanding of Layer 2 networks (eg. Ethernet). Smart (or intelligent) switches are usually managed switches with a limited set of features.
Possible features (generally in the order of basic to advanced features):
- Turn some particular port range on or off
- Link speed and duplex settings
- Priority settings for ports
- MAC filtering
- Use of Spanning Tree Protocol
- SNMP monitoring of device and link health
- Port mirroring (also named: monitoring port, spanning port, SPAN port, Roving Analysis Port, link mode port)
- Link aggregation (also called: bonding/trunking)
- VLAN settings
Frame capturing (and other network administration tasks) can be difficult in a switched ethernet. Port monitoring addresses this problem with replicating the traffic from all ports (or VLANs) onto a single port, on which you can set up an isolated monitoring network. Link aggregation allows you to use multiple ports for the same connection achieving higher data transfer speeds. Creating VLANs can solve collision problems and serve security goals (by reducing the broadcast/collision domain).
[edit] Form of power source
- Standard
- Power over Ethernet
[edit] Hubs vs switches
An Ethernet hub, or repeater, is a fairly unsophisticated broadcast device. Hubs do not manage any of the traffic that comes through them, and any packet entering any port is broadcast out on every other port (every port other than the port of entry). Since every packet is being sent out through every other port, packet collisions result--which greatly impedes the smooth flow of traffic.
A switch isolates ports, meaning that every received packet is sent out only to the port on which the target may be found (assuming the proper port can be found; if it is not, then the switch will broadcast the packet to all ports except the port from which the request originated). Since the switch intelligently sends packets where they need to go, the performance of the network can be greatly increased.
More expensive switches can also do several other operations, such as isolating ports from each other by placing them in different VLANs, or allowing snooping by copying all packets on some set of ports to a special "sniffer" port.
This leaves the question of when a switch is most appropriate, versus a hub. If most of the network traffic involves only a few ports, then there will be little performance gain achieved by upgrading from a hub to a switch. But if the traffic involves more than a few ports, using a switch can yield a significant improvement in performance. Also, modern Fast Ethernet switches designed for small office / home office (SOHO) use are priced comparably to hubs, making use of a hub somewhat pointless if new equipment must be purchased anyway.
Because data is routed through the correct ports and not broadcast indiscriminately as with hubs, switches are somewhat more secure. Were a user with the intent of capturing other users' data to run a packet sniffer while connected through a switch, they'd usually see only their own data. In contrast, a hub would broadcast all traffic to all users. This said, even the extra security provided by switches can still be breached with techniques such as MAC flooding and ARP spoofing.
[edit] Flaws
It is difficult to monitor traffic that is bridged using a switch, because all ports are isolated until one transmits data, and even then only the sending and receiving ports are connected.
Two popular methods that are specifically designed to allow a network manager to monitor traffic are:
- Port mirroring - the switch sends a copy of network packets to a monitoring network connection.
- SMON - "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.
Other methods (which could be classified as attacks) have been devised to allow snooping on another computer on the network without the cooperation of the switch:
- ARP spoofing - fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC. This tricks the switch into sending your computer another computer's data.
- MAC flooding - overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".