All-New Switch Book

Rich Seifert is President of Networks & Communications Consulting. He has contributed to the design of a wide range of products including LAN switches.Jim Edwards is a Nortel Networks certified support specialist specializing in network architecture, specifically switching, and virtual private networks. Working in the Premium Support Group consisting of Nortel's largest Enterprise customers, he has extensive experience with switching technologies.

• Preface xxiiiIntroduction xxvPart One Foundations of LAN SwitchesChapter 1 Laying the Foundation 3Network Architecture 4Physical Layer 5Data Link Layer 6Network Layer 7Transport Layer 7Session Layer 8Presentation Layer 8Application Layer 9Layering Makes a Good Servant but a Bad Master 9Inside the Data Link Layer 12Modes of Operation 12Data Link Sublayering 15Logical Link Control 16Addressing 19Local and Global Uniqueness 19LAN Data Link Addresses 20Unicast and Multicast Addresses 21Globally Unique and Locally Unique MAC Addresses 23How LAN Addresses Are Assigned 24Written Address Conventions 26LAN Technology Review 27Ethernet 27Ethernet Medium Access Control 28Ethernet Physical Layer Options and Nomenclature 31Ethernet Frame Formats 33Bit-Ordering 38Token Ring 38Token Ring Medium Access Control 39Token Ring Physical Layer Options 41Token Ring Frame Formats 41Bit-Ordering on Token Ring LANs 43Fiber Distributed Data Interface 43FDDI Operation 43FDDI Physical Signaling 45FDDI Frame Format 45Other LAN Technologies 46IEEE LAN Standards 48IEEE 802 Organization 49IEEE 802 Naming Conventions, or ’’Mind Your Ps and Qs’’ 50Ieee 802.1 51Ieee 802.3 53Ieee 802.5 54Other Standards Organizations 54Terminology 55Applications, Clients, and Service Providers 56Encapsulation 57Stations and Interconnections 59Chapter 2 Transparent Bridges 63Principles of Operation 63Unicast Operation 65Unknown and Multicast Destinations 66Generating the Address Table 68Address Table Aging 69Process Model of Table Operation 70Custom Filtering and Forwarding 72Multiple Bridge Topologies 73Transparent Bridge Architecture 74Maintaining the Link Invariants 76The Hard Invariants Are Hard Indeed 78Soft Invariants 80Implementing the Bridge Address Table 84Table Operations 85Search Algorithms 85Hash Tables 85Binary Search 88Content-Addressable Memories 90How Deep Is Your Table? 92Aging Entries from the Table 93Bridge Performance 95What Does It Take to Be the Best? 95If You’re Not the Best, How Good Are You? 97The IEEE 802.1D Standard 98Operating Parameters and Requirements 99Aging Time 99Bridge Transit Delay 99Additional Operating Requirements 101Bridge Address Assignment 102Reserved Addresses 103Chapter 3 Bridging Between Technologies 105Bridging the LAN Gap 106LAN Operational Mechanisms 107Frame Format Translation 108MAC-Specific Fields 109User Data Encapsulation 110Translating Versus Encapsulating Bridges 115Issues in Bridging Dissimilar LANs 117Maximum Transmission Unit (MTU) 117Frame Check Protection 124Bit-Ordering 126Functional Groups Versus True Multicast Addressing 131LAN-Specific Features 133Thoughts on Bridging Dissimilar LANs 137Bridging Between Local and Wide Area Networks 137Applications of Remote Bridges 138Technologies for Remote Bridges 139Encapsulation 141Issues in Remote Bridges 143Error Rate 143LAN Bandwidth and Delay 144IEEE 802.1G — Not! 145Chapter 4 Principles of LAN Switches 147A Switch Is a Bridge Is a Switch 147Switched LAN Concepts 148Separate Access Domains 149Segmentation and Microsegmentation 150Extended Distance Limitations 152Increased Aggregate Capacity 152Data Rate Flexibility 153Cut-Through Versus Store-and-Forward Operation 153MultiLayer Switching 158Layer 3 Switching 159A Router by Any Other Name Would Still Forward Packets 160Layer 3 Switch Operation 162Layer 4 Switching 173A Switch Is a Switch Is a Switch Except When 176Four Generations of Switch Integration 177Switch Configurations 182Bounded Systems 183Stackable Switches 184Stacking the Deck 184A Block in the Ointment 185United, We Are One 185Chassis Switches 187Switch Application Environments 188Desktop Level 190Workgroup Level 190Campus Level 191Enterprise Level 191The Needs Change with the Level 192Numbers of Ports 192Layer 2 Versus Layer 3 Switching (Bridging Versus Routing) 195Table sizes 196Link Technologies 198Port Data Rates and Aggregate Capacity 198Media Support 199Chapter 5 Loop Resolution 201Diary of a Loopy LAN 201Getting Yourself in the Loop 203Getting out of the Loop 204The Spanning Tree Protocol 205History of the Spanning Tree Protocol 205Spanning Tree Protocol Operation 206Spanning Tree Protocol Concepts 207Calculating and Maintaining the Spanning Tree 213Bridge Protocol Data Units 217Port States 220Topology Changes 222Protocol Timers 224Issues in STP Implementation 226Queuing of BPDUs Relative to Data 227Save a Receive Buffer for Me! 227Spanning Tree Protocol Performance 228Rapid Spanning Tree Protocol 229RSTP State of the Port Address 229Discarding 230Learning 230Forwarding 231Port Roles 231The Root Port 231The Designated Port 232The Alternate Port 232The Backup Port 232Forwarding State — Rapid Transition 234Edge Port 234Link Type 234BPDUs (Bip-A-Doo-Two) 234BPDU — The Final Frontier .er uh The New Format 234How It Is Now Handled 235Multiple Spanning Tree Protocol 236RSTP, MSTP, and STP (Can’t we all just get along?) 236Loops in a Remotely Bridged (WAN) Catenet 237There’s More Than a One-Letter Difference 238Spanning Tree on a WAN 238Link Utilization 239Delay 239Using a Single Path for All Traffic 239Proprietary Loop Resolution Algorithms 241Routing Versus Bridging on the WAN 242An Example of Loop Resolution 242Behavior of a Spanning Tree Catenet 245Maintaining the Link Invariants 246Data Flow on the Spanning Tree 246Traffic Congregation at the Root 248Topology Changes and Disruption 248Configuring the Spanning Tree 248‘‘We’ll All Be Planning That Root .’’ 249Assigning Link Costs 250Setting Protocol Timers 250Managing the Extent of the Catenet 251UpaTreeWithoutaProtocol? 252Why Would Anyone Do This? 252Interoperability 253What to Do, What to Do? 253Chapter 6 Source Routing 255Overview of Source Routing Operation 256Eine Kleine Sourceroutinggeschichte 257Source Routing Concepts 259Nontransparency, or ‘‘Peek-a-Boo — I See You!’’ 260Who’s the Boss? 260Connection Orientation 261Be All That You Can Be (Without Joining the Army) 263Even Token Rings Need to Get Out of the Loop Sometimes 263Ring and Bridge Numbering 264Route Discovery 266Maximum Transmission Unit Discovery 266Source-Routed Frames 267Differentiating Source-Routed and Non-Source–Routed Frames 267Non-Source–Routed Frames 269Source-Routed Frame Format 269Routing Control Fields 269Route Descriptors 273Source Routing Operation 274Route Discovery 275Route Discovery Algorithms 275Route Discovery Frames 277Route Selection 279Issues in Route Discovery 280Station Operation 282Architectural Model of Source Routing 282End Station Transmit Behavior 282End Station Receive Behavior 284Bridge Operation 285Bridge Behavior for Specifically Routed Frames 286Bridge Behavior for Explorer Frames (Both ARE and STE) 286Interconnecting the Source-Routed and Transparently Bridged Universes 289Don’t Bridge — Route! 294The Source Routing-to-Transparent Bridge 295The Source Routing/Transparent Bridge 298IEEE Standards and Source Routing 301The Future of Source Routing 301Part Two Advanced LAN Switch ConceptsChapter 7 Full Duplex Operation 305Why a MAC? 305Full Duplex Enablers 307Dedicated Media 307Dedicated LAN 310Full Duplex Ethernet 311‘‘Ethernet Is CSMA/CD’’ 312Full Duplex Ethernet Operating Environment 313Subset of Half Duplex Operation 314Transmitter Operation 315Receiver Operation 315Ethernet Minimum Frame Size Constraint 316Dedicated Token Ring 317Implications of Full Duplex Operation 319Eliminating the Link Length Restriction of Half Duplex Ethernet 319Increasing the Link Capacity 320Increasing Switch Load 322Full Duplex Application Environments 323Switch-to-Switch Connections 323Server and Router Connections 324Long-Distance Connections 325Chapter 8 LAN and Switch Flow Control 327The Need for Flow Control 327Default Switch Behavior 330The Effect of Frame Loss 330End-to-End Flow Control 332Cost-Performance Tradeoffs 332Controlling Flow in Half Duplex Networks 333Backpressure 333Aggressive Transmission Policies 337MAC Control 341MAC Control Architecture 341MAC Control Frame Format 343PAUSE Function 344Overview of PAUSE Operation 346PAUSE Frame Semantics 347Configuration of Flow Control Capabilities 349IEEE 802.3x Flow Control Implementation Issues 350Design Implications of PAUSE Function 351Inserting PAUSE Frames in the Transmit Queue 351Parsing Received PAUSE Frames 352PAUSE Timing 353Buffering Requirements 354Flow Control Policies and Use 356Buffer Thresholds 356Selection of PAUSE Times 357Dealing with Unreliable Delivery 358Flow Control Symmetry 358Symmetric Flow Control 359Asymmetric Flow Control 359Chapter 9 Link Aggregation 361Link Aggregation Benefits 362Application of Link Aggregation 364Switch-to-Switch Connections 365Switch-to-Station (Server or Router) Connections 365Station-to-Station Connections 367Aggregate or Upgrade? 367Issues in Link Aggregation 368Addressing 368Distributing Traffic Across an Aggregation 371Maintaining Link Invariants in an Aggregated Environment 372Separating Traffic Flows 374Conversation Determination Aids the Realization of Aggregation 375Mapping the Distribution Function to the Physical Link 377Conversations Above the Data Link Layer 377Summary of Distribution Functions 380Changing the Distribution 381Performance 384Technology Constraints (a.k.a. Link Aggravation) 384Mixing LAN Technologies in a Single Aggregation 384Mixing Data Rates in a Single Aggregation 385Aggregation and Shared LANs 385Configuration Control 385IEEE 802.3ad Link Aggregation Standard 388Scope of the Standard 388Features and Benefits of the Standard 390Link Aggregation Architectural Model 392Binding Physical Ports to Aggregators 394Binding, Distribution, and Collection 397Addressing 397Marker Protocol Operation 398Link Aggregation Control Protocol 401LACP Concepts 401LACP Frame Format 406Split Up the Trunk 410Chapter 10 Multicast Pruning 413Multicast Usage 413Who Assigns Multicast Addresses? 414Application Use of Multicast 417Implications of Default Behavior 419Trimming the (Spanning) Tree 420The Weekend Networker’s Guide to Tree Pruning 421Receiver Declaration 421Registration of the Declaration 422Propagation of the Registration 423Source Pruning 424IEEE 802.1p 424GARP Multicast Registration Protocol 424Generic Attribute Registration Protocol 426GMRP Use of GARP 430Chapter 11 Virtual LANs: Applications and Concepts 433Applications of VLANs 434The Software Patch Panel 434LAN Security 437User Mobility 439Bandwidth Preservation 442VLAN Concepts 443Playing Tag on Your LAN 445Implicit Tags 445Explicit Tags 446VLAN Awareness and Tag Awareness 448VLAN Awareness 448What It Means to Be VLAN-Aware 449VLAN-Aware Switches 449VLAN-Aware End Stations 454He Looks Around, Around, He Sees VLANs in the Architecture, Spinning in Infinity 456Shared Media and VLAN Awareness 458Non–VLAN-Aware Switches and End Stations 458VLAN Association Rules (Mapping Frames to VLANs) 459Port-Based VLAN Mapping 460MAC Address-Based VLAN Mapping 461Protocol-Based VLAN Mapping 462IP Subnet-Based VLAN Mapping 465A VLAN Phenomenon: The One-Armed Router 466Application-Based VLAN Mapping 469The Rules Follow the Application 471Frame Forwarding 472Chapter 12 Virtual LANs: The IEEE Standard 475Overview and Scope of the Standard 477Elements of the Standard 478Tag and Frame Formats 480VLAN Protocol Identifier 481Tag Control Information Field 482Embedded Routing Information Field 485Route Control Portion 486Route Descriptor Portion 487Tagged Ethernet Frames 488Flash! Ethernet MTU Increases by 4 Bytes! 492Tagged Token Ring Frames 495Tagged FDDI Frames 495VLAN Tags on Other LAN Technologies 496A Word on Bit and Byte Order 496IEEE 802.1Q Switch Operation 497Ingress Process 499Acceptable Frame Filter 499Ingress Rules 499Ingress Filter 500Progress Process 500Forwarding in a VLAN-Aware Switch 500Maintaining the Filtering Database 501Egress Process 502Egress Rules 502Egress Filter 504System-Level Switch Constraints 506GARP VLAN Registration Protocol 506GVRP Use of GARP 507Multicast Registration and VLAN Context 508VLANs and the Spanning Tree 508The Multiple Spanning Tree Protocol 511So Exactly What Are They Trying to Accomplish Here? 511What the Heck Does This All Mean? 512Tha-tha-tha-tha-tha .That’s Right Folks! 512Multiple Spanning Tree Instance 513MST Regions 514Chapter 13 Priority Operation 517Why Priority? 517LAN Priority Mechanisms 519Token Ring Priority Mechanisms 520FDDI Priority Mechanisms 521Ethernet Priority Mechanisms 522VLAN and Priority Tagging 525Getting into the Priority Business 526Priority Operation in Switches 529The Ordering Invariant — Redux 530IEEE 802.1p 530Switch Process Flow for Priority Operation 532Determining Frame Priority on Input 533Tag, You’re It! 533LAN-Specific User Priority Indication 533Implicit Priority Determination, or ‘‘Whose Clues Do You Use?’’ 534Priority Regeneration 535Mapping Input Priority to Class-of-Service 536Class of Service Versus Quality of Service 536How Many Queues Do You Chueues? 538Default Priority Mappings 540Output Scheduling 541Scheduling Algorithms 541Indicating the Priority in Transmitted Frames 544Mapping User Priority to Access Priority at the Output Port 545Chapter 14 LAN Security 547NetworkSecurityOverview 548Hackers, Crackers, Viruses, and Those Confounded Worms 549Hac and Crac, the Ker Brothers. 549Malware 550Physical Security 551Proactive Measures 552Virus Containment 553Firewalls 553End User Checks and Balances 555LAN Security 555Security Concerns at Layer 2 555Man in the Middle 557MAC Address Table Flooding 557DHCP Attacks 559Spanning Tree Attacks 560Private VLAN Attack 561VLAN Migration (Hopping) Attack 561ARP Spoofing Attack 563Wrap Up 563Chapter 15 Switch Management 565The Simple Network Management Protocol 566SNMP Concepts 568Manager/Agent Architecture 568Management Information Base 569The Simple Network Management Protocol 573The Simple Network Management Protocol Version 2 575The Simple Network Management Protocol Version 3 576Network Monitoring Tools 577Protocol Analysis in a Switched LAN 580Mirror, Mirror on the Switch, Which Is the Port That’s Got the Glitch? 581Switch Mirroring 583Look Within Yourself for the Truth 585RMON Capabilities and MIBs 586Ethernet Statistics Group 586Ethernet History Group 589Alarm Group 590Host Group 591HostTopN Group 594Matrix Group 594Filter Group 596Packet Capture Group 597Event Group 597RMON Support for Virtual LANs 598Levels of RMON Support 598Internal Switch Management Platforms 598Non-SNMP Management 601Internal Web Servers 602Out-of-Band Management 602Management by Telnet 604Management by Secure Shell 605Reach Out and Ping Someone 607Chapter 16 Network Troubleshooting Strategies 609The Trouble with Troubleshooting 610Housekeeping 611Running the Network Baseline 611Proactive Troubleshooting 613Troubleshooting Tools 614Troubleshooting Utilities 615ping 615trace route 617netstat 617route 618Arp 620More Advanced Tools of the Trade 620Network Analyzers (or whatever they are calling them today) 621Other Testing Equipment 622and if all else fails 623A Systematic Approach 624Defining the Problem 624Sharing the Known 625Determining the Issue 625Developing a Solution 626Resolving and Taking Action! 627Monitoring the Results 627The Final Step — Have a Beer! 627Some Strategies for Layer 2 Troubleshooting 628Performing a Health Check 628Software, Hardware, and Configuration 629Issues Relating to Software 629Issues Relating to Hardware 630Issues Relating to Configuration 632Common Layer 2 Issues 632Vlans 632Duplex Mismatches 633Spanning Tree 636Wrap Up 637Chapter 17 Make the Switch! 641Keeping House 644Housekeeping Functions 645Implementation and Performance (or, It’s Tough to Find a Good Housekeeper) 647Switch Data Receive Path Functions 647Port Interfaces (Receive) 647Receive Flow Control 649Link Aggregation Collector 650Classification Engine 650Local Sinking of Reserved Multicast Addresses 651VLAN Ingress Rules 651Priority Assessment 653Do It Once and Save the Results 653Implementation of the Classification Engine 655VLAN Filters 657Lookup Engine 658Generating the Output Vector 659Maintaining the Filtering Database 662Lookup Implementation 662Switch Fabrics 665Shared Memory 665Shared Memory Fabric Operation 665Multicasting in a Shared Memory Architecture 667Buffer Organization 668Memory Bandwidth Limitations 671Increasing the Memory Bandwidth 672Shared Bus 674Crosspoint Matrix 677Multicasting in a Crosspoint Matrix Fabric 677Crosspoint Matrix Implementation 679The Head-of-Line Blocking Problem 680Solving the Head-of-Line Blocking Problem 682Priority Levels in the Switch Fabric 690Input Versus Output Queues 690Input Queues and Shared Memory Switch Fabrics 691Input Queues, Output Queues, and Flow Control 691Switch Data Transmit Path Functions 692Output Filters 692Output Queues and Priority Handling 695Link Aggregation Distributor 696Transmit Flow Control 696Hey, Kids! What Time Is It? 697Port Interfaces (Transmit) 697Appendix: Protocol Parsing 699References 703Glossary 711Index 753