the all-new switch book - gbv
TRANSCRIPT
The All-New Switch Book
The Complete Guide Switching Technology
Second Edition i
Rich Seifert Jim Edwards
WILEY
Wiley Publishing, Inc.
Contents
Preface
Introduction
Part One Foundations of LAN Switches
Chapter 1 Laying the Foundation Network Architecture
Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer Layering Makes a Good Servant but a Bad Master Inside the Data Link Layer
Modes of Operation Data Link Sublayering Logical Link Control
Addressing Local and Global Uniqueness LAN Data Link Addresses
Unicast and Multicast Addresses Globally Unique and Locally Unique MAC Addresses How LAN Addresses Are Assigned Written Address Conventions
LAN Technology Review Ethernet
xxiii
XXV
3 4 5 6 7 7 8 8 9 9
12 12 15 16 19 19 20 21 23 24 26 27 27
ix
Contents
Ethernet Medium Access Control 28 Ethernet Physical Layer Options and Nomenclature 31 Ethernet Frame Formats 33 Bit-Ordering 38
Token Ring 38 Token Ring Medium Access Control 39 Token Ring Physical Layer Options 41 Token Ring Frame Formats 41 Bit-Ordering on Token Ring LANs 43
Fiber Distributed Data Interface 43 FDDI Operation 43 FDDI Physical Signaling 45 FDDI Frame Format 45
Other LAN Technologies 46 IEEE LAN Standards 48
IEEE 802 Organization 49 IEEE 802 Naming Conventions, or "Mind Your Ps and Qs" 50 IEEE 802.1 51 IEEE 802.3 53 IEEE 802.5 54 Other Standards Organizations 54
Terminology 55 Applications, Clients, and Service Providers 56 Encapsulation 57 Stations and Interconnections 59
Chapter 2 Transparent Bridges 63 Principles of Operation 63
Unicast Operation 65 Unknown and Multicast Destinations 66 Generating the Address Table 68 Address Table Aging 69 Process Model of Table Operation 70 Custom Filtering and Forwarding 72 Multiple Bridge Topologies 73
Transparent Bridge Architecture 74 Maintaining the Link Invariants 76
The Hard Invariants Are Hard Indeed 78 Soft Invariants 80
Implementing the Bridge Address Table 84 Table Operations 85 Search Algorithms 85
Hash Tables 85 Binary Search 88 Content-Addressable Memories 90
How Deep Is Your Table? 92 Aging Entries from the Table 93
Contents xi
Bridge Performance 95 What Does It Take to Be the Best? 95 If You're Not the Best, How Good Are You? 97
The IEEE 802.1D Standard 98 Operating Parameters and Requirements 99
Aging Time 99 Bridge Transit Delay 99 Additional Operating Requirements 101
Bridge Address Assignment 102 Reserved Addresses 103
Chapter 3 Bridging Between Technologies 105 Bridging the LAN Gap 106
LAN Operational Mechanisms 107 Frame Format Translation 108
MAC-Specific Fields 109 User Data Encapsulation 110 Translating Versus Encapsulating Bridges 115
Issues in Bridging Dissimilar LANs 117 Maximum Transmission Unit (MTU) 117 Frame Check Protection 124 Bit-Ordering 126 Functional Groups Versus True Multicast Addressing 131 LAN-Specific Features 133
Thoughts on Bridging Dissimilar LANs 137 Bridging Between Local and Wide Area Networks 137
Applications of Remote Bridges 138 Technologies for Remote Bridges 139 Encapsulation 141 Issues in Remote Bridges 143
Error Rate 143 LAN Bandwidth and Delay 144
IEEE 802.1G —Not! 145
Chapter 4 Principles of LAN Switches 147 A Switch Is a Bridge Is a Switch 147 Switched LAN Concepts 148
Separate Access Domains 149 Segmentation and Microsegmentation 150 Extended Distance Limitations 152 Increased Aggregate Capacity 152 Data Rate Flexibility 153
Cut-Through Versus Store-and-Forward Operation 153 MultiLayer Switching 158
Layer 3 Switching 159 A Router by Any Other Name Would
Still Forward Packets 160
xii Contents
Layer 3 Switch Operation 162 Layer 4 Switching 173
A Switch Is a Switch Is a Switch Except When ... 176 Four Generations of Switch Integration 177 Switch Configurations 182
Bounded Systems 183 Stackable Switches 184
Stacking the Deck 184 A Block in the Ointment 185 United, We Are One 185
Chassis Switches 187 Switch Application Environments 188
Desktop Level 190 Workgroup Level 190 Campus Level 191 Enterprise Level 191 The Needs Change with the Level 192
Numbers of Ports 192 Layer 2 Versus Layer 3 Switching
(Bridging Versus Routing) 195 Table sizes 196 Link Technologies 198 Port Data Rates and Aggregate Capacity 198 Media Support 199
Chapter 5 Loop Resolution 201 Diary of a Loopy LAN 201
Getting Yourself in the Loop 203 Getting out of the Loop 204
The Spanning Tree Protocol 205 History of the Spanning Tree Protocol 205 Spanning Tree Protocol Operation 206
Spanning Tree Protocol Concepts 207 Calculating and Maintaining the Spanning Tree 213 Bridge Protocol Data Units 217 Port States 220 Topology Changes 222 Protocol Timers 224
Issues in STP Implementation 226 Queuing of BPDUs Relative to Data 227 Save a Receive Buffer for Me! 227 Spanning Tree Protocol Performance 228
Rapid Spanning Tree Protocol 229 RSTP State of the Port Address 229
Discarding 230 Learning 230 Forwarding 231
Contents xiii
Chapter 6
Port Roles 231 The Root Port 231 The Designated Port 232 The Alternate Port 232 The Backup Port 232
Forwarding State — Rapid Transition 234 Edge Port 234 Link Type 234
BPDUs (Bip-A-Doo-Two) 234 BPDU — The Final Frontier ...er ... uh ... The New Format 234 How It Is Now Handled 235
Multiple Spanning Tree Protocol 236 RSTP, MSTP, and STP (Can't we all just get along?) 236
Loops in a Remotely Bridged (WAN) Catenet 237 There's More Than a One-Letter Difference 238 Spanning Tree on a WAN 238
Link Utilization 239 Delay 239 Using a Single Path for All Traffic 239
Proprietary Loop Resolution Algorithms 241 Routing Versus Bridging on the WAN 242
An Example of Loop Resolution 242 Behavior of a Spanning Tree Catenet 245
Maintaining the Link Invariants 246 Data Flow on the Spanning Tree 246 Traffic Congregation at the Root 248 Topology Changes and Disruption 248
Configuring the Spanning Tree 248 "We'll All Be Planning That Root..." 249 Assigning Link Costs 250 Setting Protocol Timers 250 Managing the Extent of the Catenet 251
Up a Tree Without a Protocol? 252 Why Would Anyone Do This? 252 Interoperability 253 What to Do, What to Do? 253
Source Routing 255 Overview of Source Routing Operation 256 Eine Kleine Sourceroutinggeschichte 257 Source Routing Concepts 259
Nontransparency, or "Peek-a-Boo — I See You!" 260 Who's the Boss? 260 Connection Orientation 261 Be All That You Can Be (Without Joining the Army) 263 Even Token Rings Need to Get Out of the Loop Sometimes 263 Ring and Bridge Numbering 264
xiv Contents
Route Discovery 266 Maximum Transmission Unit Discovery 266
Source-Routed Frames 267 Differentiating Source-Routed and
Non-Source-Routed Frames 267 Non-Source-Routed Frames 269 Source-Routed Frame Format 269
Routing Control Fields 269 Route Descriptors 273
Source Routing Operation 274 Route Discovery 275
Route Discovery Algorithms 275 Route Discovery Frames 277 Route Selection 279 Issues in Route Discovery 280
Station Operation 282 Architectural Model of Source Routing 282 End Station Transmit Behavior 282 End Station Receive Behavior 284
Bridge Operation 285 Bridge Behavior for Specifically Routed Frames 286 Bridge Behavior for Explorer Frames (Both ARE and STE) 286
Interconnecting the Source-Routed and Transparently Bridged Universes 289
Don't Bridge — Route! 294 The Source Routing-to-Transparent Bridge 295 The Source Routing/Transparent Bridge 298
IEEE Standards and Source Routing 301 The Future of Source Routing 301
Part Two Advanced LAN Switch Concepts Chapter 7 Full Duplex Operation 305
Why a MAC? 305 Full Duplex Enablers 307
Dedicated Media 307 Dedicated LAN 310
Full Duplex Ethernet 311 "Ethernet Is CSMA/CD" 312 Full Duplex Ethernet Operating Environment 313 Subset of Half Duplex Operation 314 Transmitter Operation 315 Receiver Operation 315 Ethernet Minimum Frame Size Constraint 316
Dedicated Token Ring 317 Implications of Full Duplex Operation 319
Eliminating the Link Length Restriction of Half Duplex Ethernet 319
Contents xv
Increasing the Link Capacity 320 Increasing Switch Load 322
Full Duplex Application Environments 323 Switch-to-Switch Connections 323 Server and Router Connections 324 Long-Distance Connections 325
Chapter 8 LAN and Switch Flow Control 327 The Need for Flow Control 327
Default Switch Behavior 330 The Effect of Frame Loss 330 End-to-End Flow Control 332 Cost-Performance Tradeoffs 332
Controlling Flow in Half Duplex Networks 333 Backpressure 333
Aggressive Transmission Policies 337 MAC Control 341
MAC Control Architecture 341 MAC Control Frame Format 343
PAUSE Function 344 Overview of PAUSE Operation 346 PAUSE Frame Semantics 347 Configuration of Flow Control Capabilities 349
IEEE 802.3x Flow Control Implementation Issues 350 Design Implications of PAUSE Function 351
Inserting PAUSE Frames in the Transmit Queue 351 Parsing Received PAUSE Frames 352 PAUSE Timing 353 Buffering Requirements 354
Flow Control Policies and Use 356 Buffer Thresholds 356 Selection of PAUSE Times 357 Dealing with Unreliable Delivery 358
Flow Control Symmetry 358 Symmetric Flow Control 359 Asymmetric Flow Control 359
Chapter 9 Link Aggregation 361 Link Aggregation Benefits 362 Application of Link Aggregation 364
Switch-to-Switch Connections 365 Switch-to-Station (Server or Router) Connections 365 Station-to-Station Connections 367
Aggregate or Upgrade? 367 Issues in Link Aggregation 368
Addressing 368 Distributing Traffic Across an Aggregation 371
xvi Contents
Maintaining Link Invariants in an Aggregated Environment 372
Separating Traffic Flows 374 Conversation Determination Aids
the Realization of Aggregation 375 Mapping the Distribution Function to the Physical Link 377 Conversations Above the Data Link Layer 377 Summary of Distribution Functions 380 Changing the Distribution 381
Performance 384 Technology Constraints (a.k.a. Link Aggravation) 384
Mixing LAN Technologies in a Single Aggregation 384 Mixing Data Rates in a Single Aggregation 385 Aggregation and Shared LANs 385
Configuration Control 385 IEEE 802.3ad Link Aggregation Standard 388
Scope of the Standard 388 Features and Benefits of the Standard 390 Link Aggregation Architectural Model 392 Binding Physical Ports to Aggregators 394 Binding, Distribution, and Collection 397 Addressing 397 Marker Protocol Operation 398 Link Aggregation Control Protocol 401
LACP Concepts 401 LACP Frame Format 406
Split Up the Trunk 410
Chapter 10 Multicast Pruning 413 Multicast Usage 413
Who Assigns Multicast Addresses? 414 Application Use of Multicast 417 Implications of Default Behavior 419
Trimming the (Spanning) Tree 420 The Weekend Networker's Guide to Tree Pruning 421
Receiver Declaration 421 Registration of the Declaration 422 Propagation of the Registration 423 Source Pruning 424
IEEE 802.1p 424 GARP Multicast Registration Protocol 424
Generic Attribute Registration Protocol 426 GMRP Use of GARP 430
Chapter 11 Virtual LANs: Applications and Concepts 433 Applications of VLANs 434
The Software Patch Panel 434 LAN Security 437
Contents xvii
User Mobility 439 Bandwidth Preservation 442
VLAN Concepts 443 Playing Tag on Your LAN 445
Implicit Tags 445 Explicit Tags 446 VLAN Awareness and Tag Awareness 448
VLAN Awareness 448 What It Means to Be VLAN-Aware 449 VLAN-A ware Switches 449 VLAN-Aware End Stations 454 He Looks Around, Around, He Sees VLANs in the
Architecture, Spinning in Infinity... 456 Shared Media and VLAN Awareness 458 Non-VLAN-Aware Switches and End Stations 458
VLAN Association Rules (Mapping Frames to VLANs) 459 Port-Based VLAN Mapping 460 MAC Address-Based VLAN Mapping 461 Protocol-Based VLAN Mapping 462 IP Subnet-Based VLAN Mapping 465 A VLAN Phenomenon: The One-Armed Router 466 Application-Based VLAN Mapping 469 The Rules Follow the Application 471
Frame Forwarding 472
Chapter 12 Virtual LANs: The IEEE Standard 475 Overview and Scope of the Standard 477 Elements of the Standard 478 Tag and Frame Formats 480
VLAN Protocol Identifier 481 Tag Control Information Field 482 Embedded Routing Information Field 485
Route Control Portion 486 Route Descriptor Portion 487
Tagged Ethernet Frames 488 Flash! Ethernet MTU Increases by 4 Bytes! 492 Tagged Token Ring Frames 495 Tagged FDDI Frames 495 VLAN Tags on Other LAN Technologies 496 A Word on Bit and Byte Order 496
IEEE 802.1Q Switch Operation 497 Ingress Process 499
Acceptable Frame Filter 499 Ingress Rules 499 Ingress Filter 500
Progress Process 500 Forwarding in a VLAN-A ware Switch 500
xviii Contents
Maintaining the Filtering Database 501 Egress Process 502
Egress Rules 502 Egress Filter 504
System-Level Switch Constraints 506 GARP VLAN Registration Protocol 506
GVRPUseofGARP 507 Multicast Registration and VLAN Context 508 VLANs and the Spanning Tree ^ 508 The Multiple Spanning Tree Protocol 511
So Exactly What Are They Trying to Accomplish Here? 511 What the Heck Does This All Mean? 512
Tha-tha-tha-tha-tha...That's Right Folks! 512 Multiple Spanning Tree Instance 513 MST Regions 514
Chapter 13 Priority Operation 517 Why Priority? 517 LAN Priority Mechanisms 519
Token Ring Priority Mechanisms 520 FDDI Priority Mechanisms 521 Ethernet Priority Mechanisms 522
VLAN and Priority Tagging 525 Getting into the Priority Business 526 Priority Operation in Switches 529
The Ordering Invariant — Redux 530 IEEE 802.1p 530 Switch Process Flow for Priority Operation 532 Determining Frame Priority on Input 533
Tag, You're It! 533 LAN-Specific User Priority Indication 533 Implicit Priority Determination, or
"Whose Clues Do You Use?" 534 Priority Regeneration 535
Mapping Input Priority to Class-of-Service 536 Class of Service Versus Quality of Service 536 How Many Queues Do You Chueues? 538 Default Priority Mappings 540
Output Scheduling 541 Scheduling Algorithms 541 Indicating the Priority in Transmitted Frames 544 Mapping User Priority to Access Priority
at the Output Port 545 Chapter 14 LAN Security 547
Network Security Overview 548 Hackers, Crackers, Viruses, and Those Confounded Worms 549
Нас and Crac, the Ker Brothers. 549
'
Chapter 15
Malware Physical Security Proactive Measures
Virus Containment Firewalls End User Checks and Balances
LAN Security Security Concerns at Layer 2
Man in the Middle MAC Address Table Flooding DHCP Attacks Spanning Tree Attacks Private VLAN Attack VLAN Migration (Hopping) Attack ARP Spoofing Attack
Wrap Up
Switch Management The Simple Network Management Protocol
SNMP Concepts Manager /Agent Architecture Management Information Base The Simple Network Management Protocol The Simple Network Management Protocol Version 2 The Simple Network Management Protocol Version 3
Network Monitoring Tools Protocol Analysis in a Switched LAN
Mirror, Mirror on the Switch, Which Is the Port That's Got the Glitch?
Switch Mirroring Look Within Yourself for the Truth
RMON Capabilities and MIBs Ethernet Statistics Group Ethernet History Group Alarm Group Host Group HostTopN Group Matrix Group Filter Group Packet Capture Group Event Group
RMON Support for Virtual LANs Levels of RMON Support
Internal Switch Management Platforms Non-SNMP Management
Internal Web Servers Out-of-Band Management
Contents xix
550 551 552 553 553 555 555 555 557 557 559 560 561 561 563 563
565 566 568 568 569 573 575 576 577 580
581 583 585 586 586 589 590 591 594 594 596 597 597 598 598 598 601 602 602
xx Contents
Chapter 16
Chapter 17
Management by Telnet Management by Secure Shell Reach Out and Ping Someone
Network Troubleshooting Strategies The Trouble with Troubleshooting Housekeeping
Running the Network Baseline Proactive Troubleshooting
Troubleshooting Tools Troubleshooting Utilities
ping trace route netstat route ARP
More Advanced Tools of the Trade Network Analyzers (or whatever
they are calling them today) Other Testing Equipment ... and if all else fails
A Systematic Approach Defining the Problem Sharing the Known Determining the Issue Developing a Solution Resolving and Taking Action! Monitoring the Results The Final Step — Have a Beer!
Some Strategies for Layer 2 Troubleshooting Performing a Health Check Software, Hardware, and Configuration
Issues Relating to Software Issues Relating to Hardware Issues Relating to Configuration
Common Layer 2 Issues VLANS Duplex Mismatches Spanning Tree
Wrap Up Make the Switch! Keeping House
Housekeeping Functions Implementation and Performance
(or, It's Tough to Find a Good Housekeeper)
604 605 607
609 610 611 611 613 614 615 615 617 617 618 620 620
621 622 623 624 624 625 625 626 627 627 627 628 628 629 629 630 632 632 632 633 636 637
641 644 645
647
Contents xxi
Switch Data Receive Path Functions 647 Port Interfaces (Receive) 647 Receive Flow Control 649 Link Aggregation Collector 650 Classification Engine 650
Local Sinking of Reserved Multicast Addresses 651 VLAN Ingress Rules 651 Priority Assessment 653 Do It Once and Save the Results 653 Implementation of the Classification Engine 655
VLAN Filters 657 Lookup Engine 658
Generating the Output Vector 659 Maintaining the Filtering Database 662 Lookup Implementation 662
Switch Fabrics 665 Shared Memory 665
Shared Memory Fabric Operation 665 Multicasting in a Shared Memory Architecture 667 Buffer Organization 668 Memory Bandwidth Limitations 671 Increasing the Memory Bandwidth 672
Shared Bus 674 Crosspoint Matrix 677
Multicasting in a Crosspoint Matrix Fabric 677 Crosspoint Matrix Implementation 679 The Head-of-Line Blocking Problem 680 Solving the Head-of-Line Blocking Problem 682 Priority Levels in the Switch Fabric 690
Input Versus Output Queues 690 Input Queues and Shared Memory Switch Fabrics 691 Input Queues, Output Queues, and Flow Control 691
Switch Data Transmit Path Functions 692 Output Filters 692 Output Queues and Priority Handling 695 Link Aggregation Distributor 696 Transmit Flow Control 696 Hey, Kids! What Time Is It? 697 Port Interfaces (Transmit) 697
Appendix: Protocol Parsing 699
References 703
Glossary 711
Index 753