CCNP Switch - Switch Operation

Layer 2 Switch Operation
The carrier sense multiple access collision detect (CSMA/CD) scheme determines when a device can transmit data on the shared LAN.
When more than one host tries to talk at one time, a collision occurs, and everyone must back off and wait to talk again. This forces every host to operate in half-duplex mode, by either talking orlistening at any given time. In addition, when one host sends a frame, all connected hosts hear it. When one host generates a frame with errors, everyone hears that, too. This type of LAN is a collision domainbecause all device transmissions are susceptible to collisions.

An Ethernet switch operates at OSI Layer 2, making decisions about forwarding frames based on the destination MAC addresses found within the frames.

Ethernet switch provides isolation between connected hosts :
■ each switch port = 1 collision domain, consists of the switch port itself and the devices directly connected to that port—either a single host or, if a shared-media hub is connected, the set of hosts connected to the hub.
■ Host connections can operate in full-duplex mode because there is no contention on the media. Hosts can talk and listen at the same time.
Bandwidth is no longer shared. Instead, each switch port offers dedicated bandwidth across a switching fabric to another switch port. (These frame forwarding paths change dynamically.)
Errors in frames are not propagated. Each frame received on a switch port is checked for errors. Good frames are regenerated when they are forwarded or transmitted. This is known as store-and-forward switching technology: Packets are received, stored for inspection, and then forwarded.
■ You can limit broadcast traffic to a volume threshold.
■ Other types of intelligent filtering or forwarding become possible

Transparent Bridging
A Layer 2 switch is basically a multiport transparent bridge, where each switch port is its
own Ethernet LAN segment, isolated from the others.
 * Radia Perlman talks about Ethernet -
Learning MACs
To dynamically learn about station locations, a switch listens to incoming frames and keeps a table of address information. As a frame is received on a switch port, the switch inspects the source MAC address. If that address is not in the address table already, the MAC address, switch port, and virtual  LAN (VLAN) on which it arrived are recorded in the table.
If destination MAC is found in MAC-table, the frame can be forwarded out that switch port. If the address is not found in the table, the switch must take more drastic action— the frame is forwarded in a “best effort” fashion by floodingit out all switch ports  assigned to the source VLAN. This is known as unknown unicast flooding.
When a frame arrives at a switch port, it is placed into one of the port’s ingress queues. (frames must be forwarded OR change priority or service level).
Three fundamental decisions must be made: one concerned with finding the egress switch port, and two concerned with forwarding policies (ACL+QOS). All these decisions are made simultaneouslyby independent portions of switching hardware and can be described as follows:
L2 forwarding table—The frame’s destination MAC address is used as an index, or key, into the content-addressable memory (CAM), or address, table.
Security ACLs—ACL can be used to identify frames according to their MAC addresses, protocol types (for non-IP frames), IP addresses, protocols, and Layer 4 port numbers. The ternary content-addressable memory (TCAM) contains ACLs in a compiled form so that a decision can be made on whether to forward a frame in a single table lookup.
QoS ACLs—Other ACLs can classify incoming frames according to quality of service (QoS) parameters, to police or control the rate of traffic flows, and to mark QoS parameters in outbound frames. The TCAM also is used to make these decisions in a single table lookup.

Multilayer Switch Operation
Catalyst switches (3750, 4500, and 6500), can also forward frames based on Layers 3 and 4 information contained in packets. This is known as multilayer switching (MLS).

Types of Multilayer Switching:
 - Route caching—The first generation of MLS, requiring a route processor (RP) and a switch engine (SE). The RP must process a traffic flow’s first packet to determine the destination. The SE listens to the first packet and to the resulting destination, and sets up a “shortcut” entry in its MLS cache.
The SE forwards subsequent packets in the same traffic flow based on shortcut entries in its cache.
This type of MLS also is known by the names Netflow LAN switching, flow-based or demand-based switching, and “route once, switch many.” Even if this isn’t used to forward packets in Cisco IOS–based Catalyst switches, the technique generates traffic flow information and statistics.
 - Topology-based—The second generation of MLS, utilizing specialized hardware (ASIC).
Layer 3 routing information builds and prepopulates a single database of the entire network topology. This database, an efficient table lookup in hardware, is consulted so that packets can be forwarded at high rates.
This type of MLS is known as Cisco Express Forwarding (CEF). A routing process running on the switch downloads the current routing table database into the Forwarding Information Base (FIB)area of hardware.

CEF consists of two key components (FIB+adjacencies): 
 - The Forwarding Information Base (FIB) - similar to RIB (routing table and the next-hop  for a IP-route)
 - adjacencies (layer 2 or switching information linked to a particular FIB entry - avoiding the need for an ARP request for each table lookup)
CEF currently supports Ethernet, Frame Relay, ATM, PPP, FDDI, tunnels, and Cisco HDLC.

All these multilayer decisions are performed simultaneously in hardware:
■ L2 forwarding table (CAM)— CAM table. If frame contains L3, the CAM table results are used only to decide that the frame should be processed at Layer 3.
■ L3 forwarding table(FIB)—destination IP address as an index in FIB. The longest match in the table is found (both address and mask), and the resulting next-hop Layer 3 address is obtained. The FIB also contains each next-hop entry’s Layer 2 MAC address and the egress switch port (and VLAN ID) so that further table lookups are not necessary.
■ Security ACLs—Inbound and outbound access lists are compiled into TCAM entries so that decisions of whether to forward a packet can be determined as a single table lookup.
■ QoS ACLs—Packet classification, policing, and marking all can be performed as single table lookups in the QoS TCAM.

And because both Layers 2 and 3 contents have changed, the Layer 2 checksum must be recalculated. In other words, the entire Ethernet frame must be rewritten before it goes into the egress queue. This also is accomplished efficiently in hardware.

Multilayer Switching Exceptions
To forward packets using the simultaneous decision the packet must be “MLS-ready” (CEF can directly forward most IP packets between hosts).
Other packets cannot be directly forwarded by CEF and must be handled in more detail.
This is done by a quick inspection during the forwarding decision and are flagged for further processing and sent or “punted” to the switch CPU for process switching:
■ ARP requests and replies
■ IP packets requiring a response from a router (TTL has expired, MTU is exceeded, fragmentation is needed, and so on)
■ IP broadcasts that will be relayed as unicast (DHCP requests, IP helper-address functions)
■ Routing protocol updates
■ Cisco Discovery Protocol packets
■ IPX routing protocol and service advertisements
■ Packets needing encryption
■ Packets triggering Network Address Translation (NAT)
■ Other non-IP and non-IPX protocol packets (AppleTalk, DECnet, and so on)

Tables Used in Switching
Layer 2 switching or MLS and are kept in very fast memory so that many fields within a frame or packet can be compared in parallel.

Content-Addressable Memory
All Catalyst switch models use a CAM table for Layer 2 switching.

By default, MAC addresses are learned dynamically from incoming frames.
The port of arrival and the VLAN both are recorded in the table, along with a time stamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and time stamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its time stamp is updated.
By default, idle CAM table entries are kept for 300 seconds before they are deleted.
Switch(config)# mac address-table aging-time seconds
Switch(config)# mac address-table static mac-address vlan vlan-id interface type  mod/num

 - Until Catalyst IOS version 12.1(11)EA1, the syntax for CAM table commands used the keywords mac-address-table.
 - In more recent Cisco IOS versions, the syntax has changed to use the keywords mac address-table (first hyphen omitted).
 - The Catalyst 4500 and 6500 IOS Software are exceptions, however, and continue to use the mac-address-table keyword form.
Many switch platforms support either syntax to ease the transition.

If a switch notices that a MAC address is being learned on alternating switch ports, it generates an error message that flags the MAC address as “flapping” between interfaces.

Ternary Content-Addressable Memory
In multilayer switches, all the matching process that ACLs provide is implemented in hardware.
TCAM allows a packet to be evaluated against an entire access list in a single table lookup. Most switches have multiple TCAMs so that both inbound and outbound security and QoS ACLs can be evaluated simultaneously, or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.

The Catalyst IOS Software has two components that are part of the TCAM operation:
■ Feature Manager (FM)—After an access list has been created or configured, the Feature Manager software compiles, or merges, the ACEs into entries in the TCAM table. The TCAM then can be consulted at full frame-forwarding speed.
■ Switching Database Manager (SDM)—You can partition the TCAM on some Catalyst switches into areas for different functions. The SDM software configures or tunes the TCAM partitions, if needed. (The TCAM is fixed on Catalyst 4500 and 6500 platforms and cannot be repartitioned.)

TCAM also uses a table-lookup operation but is greatly enhanced to allow a more abstract operation using three input values: 0, 1, and X (don’t care) bit values—a three fold or ternary combination.
TCAM entries are composed of Value, Mask, and Result (VMR) combinations.
 - Values are always 134-bit quantities, consisting of source and destination addresses and other relevant protocol information—all patterns to be matched
Ethernet -  Source MAC (48), destination MAC (48), Ethertype (16)
ICMP  - Source IP (32), destination IP (32), protocol (16), ICMP code (8), ICMP type (4), IP type of service (ToS) (8)
 - Masks - are also 134-bit quantities, in exactly the same format, or bit order, as the values. Masks select only the value bits of interest; a mask bit is set to exactly match a
value bit or is not set for value bits that do not matter.
 - Results - are numeric values that represent what action to take after the TCAM lookup occurs.
TCAM lookups offer a number of possible results or actions.

Catalyst 6500 TCAM holds up to 4096 (unique) masks and 32,768 value patterns.

If an ACE has a port operator, such as gt, lt, neq, or range, the Feature Manager software compiles the TCAM entry to include the use of the operator and the operand in a logical operation unit (LOU) register. Only a limited number of LOUs are available in the TCAM.

Monitoring Switching Tables
To view the contents of the CAM table
Switch# show mac address-table dynamic [address <mac-address> | interface <type  mod/num> | vlan <vlan-id>]
To see the CAM table’s size
SW-4500# show mac address-table count
MAC Entries for all vlans:
Dynamic Unicast Address Count:                  142
Static Unicast Address (User-defined) Count:    2
Static Unicast Address (System-defined) Count:  6
Total Unicast MAC Addresses In Use:             150
Total Unicast MAC Addresses Available:          32768
Multicast MAC Address Count:                    62
Total Multicast MAC Addresses Available:        16384
CAM table entries can be cleared manually, if needed:
Switch# clear mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]

TCAM Operation
The TCAM in a switch is more or less self-sufficient.
Access lists are compiled or merged automatically into the TCAM, so there is nothing to configure. The only concept you need to be aware of is how the TCAM resources are being used.

TCAMs have a limited number of usable mask, value pattern, and LOU entries. 
If access lists grow to be large or many Layer 4 operations are needed, the TCAM tables and registers can overflow. If that happens while you are configuring an ACL, the switch will generate syslog messages that flag the TCAM overflow situation as it tries to compile the ACL into TCAM entries.