Switches Learn, Filter, Forward and Flood Ethernet frames.
After taking a switch out the box, plugging it in, and connecting devices to it, the switch goes through the following processes:
A switch begins learning the local MAC addresses as soon as it is connected to other devices or to a network. This learning capability makes switches easy to use on a network.
The switch learning process works like this:
- As a PC or other networked device sends a frame to another device through the switch, the switch captures the source MAC address of the frame and the interface that received it.
- The switch confirms or adds the MAC address and the port to the lookup table.
A switch also keeps a timer for each of the MAC address entries in its lookup table. By default, many vendors set this time to hold an address entry to 300 seconds (5 minutes). This can be changed if you want. The timer lets the switch get rid of old entries to keep the lookup process short and fast.
The aging timer also helps when a device moves to another switch port. In that case, the address would appear in both places in the lookup tables. When a frame arrives headed for that address, the switch can compare the aging timer for both entries and select the most recent if the entry has not already timed out.
Most often, the initial communication to a switch is an Address Resolution Protocol (ARP) request. The inbound ARP contains the sender’s MAC address, and the switch adds that address to its lookup table. The ARP Response contains the MAC address of the intended target. The ARP response also updates the switch’s lookup table.
As part of the learning process, a switch will flood the single frame out all of its other ports when it cannot find the destination MAC address in the switch’s lookup table.
This flooding process is necessary network overhead. One challenge is that any user at another system attached to the flooding switch that is running a protocol analyzer can see the flooded frame.
Forwarding and Filtering processes:
When a switch has learned the locations of the devices connected to it, the switch is ready to either forward or filter frames based on the destination MAC address of the frame and the contents of the switch lookup table.
The switch has already found the port of device A by its MAC address 02 60 8c 12 34 56 and switch port number 2. The switch recognizes device C with a MAC address 00 10 4c 39 47 6c when it replies to port 7 on the switch. The switch will receive the incoming frame, examine the destination address of the Ethernet frame, and check its lookup table. The switch will then make a decision to forward the frame out port 2, and only port 2.
The switch filters out (or does not send the frame to) other ports on the switch since they do not have the target MAC address in the lookup table. That way, no one else can look at the contents of the frame.
A switch also floods all of its other ports under two other circumstances:
- If a broadcast frame is received with a destination MAC address ff ff ff ff ff ff, the switch forwards the broadcast frame out all of the other ports. VLAN exceptions to this rule are discussed later in this section.
- If a multicast frame is received, the switch forwards the multicast frame (the first byte contains an odd value such as 01 00 50 00 00 09) out all the switch’s remaining ports. VLAN exceptions apply to flooding by limiting it to the same VLAN as the sender.
The flooding process for broadcast is necessary for protocols such as ARP which maps an IP address to a MAC address via broadcasting. One significant problem with this flooding process occurs when switches in a network are redundantly connected into physical loops. Flooding broadcast frames can cause a “broadcast storm” on a network, causing it to fail.