|~ By Charlie Schluting
What's more important than
Well, Layer 2 is much more important when it's broken. Many people
don't have the Spanning Tree Protocol (STP)
knowledge necessary to implement a layer 2 network that's resilient.
A switch going down shouldn't prevent anyone from having
connectivity, excluding the hosts that are directly attached to it.
Before we can dive into Spanning Tree, you must understand the inner
workings of layer 2.
Layer 2, the Data Link layer, is where
Ethernet bridges, as they're called now, began life as a
"bridge." Traditional bridges would read all Ethernet frames, and
then forward them out every port, except the ones they came in on.
They had the capability to allow redundancy via STP, and they also
began learning which
addresses were on which port. At this point, a bridge then
became a learning device, which means they would store a table of
all MAC addresses seen on a port. When a frame needed to be sent,
the bridge could look up the destination MAC address in the bridge
table, and know which port should be sent out. The capability to
send data to only the correct host was a huge advance in switching
because collisions became much less likely. If the destination MAC
address wasn't found in the bridge table, the switch would simply
flood it out all ports. That's the only way to find where a host
actually lives for the first time, so as you can see, flooding is an
important concept in switching. It turns out to be quite necessary
in routing, too.
Key Terms To
Understanding the Data Link Layer
Short for Open System Interconnection, an ISO standard for worldwide
communications that defines a networking framework for implementing
protocols in seven layers.
spanning tree protocol
Abbreviated STP, a link management protocol that is part of the IEEE
802.1 standard for media access control bridges.
A device that connects two local-area networks (LANs), or two
segments of the same LAN that use the same protocol, such as
Ethernet or Token-Ring.
Important terminology in this layer includes the following:
- Unicast segmentation: Bridges can limit which hosts
frames (frames sent to only one MAC address). Hubs would simply forward
everything to everyone, so this alone is a huge bandwidth-saver.
- Collision Domain : The segment over which
collisions can occur. Collisions don't happen any more, since switches
use cut-through forwarding and NICs are full-duplex. If you see
collisions on a port, that means someone negotiated half-duplex
accidentally, or something else is very wrong.
- Broadcast Domain : The segment over which broadcast
frames are sent and can be heard.
A few years later, the old store-and-forward method of bridge operation
was modified. New switches started only looking at the destination MAC
address of the frame, and then sending it instantly. Dubbed "cut-through
forwarding," presumably because frames cut through the switch much more
quickly and with less processing. This implies a few important things: A
switch can't check the
CRC to see if the packet was damaged, and that implies that collisions
needed to be made impossible.
Now, to address broadcast segmentation, VLANs were introduced. If you
can't send a broadcast frame to another machine, they're not on your local
network, and you will instead send the entire packet to a router for
forwarding. That's what a Virtual LAN (VLAN) does, in essence: It makes more
On a switch, you can configure VLANs, and then assign a port to a VLAN.
If host A is in VLAN 1, it can't talk to anyone in VLAN 2, just as if they
lived on totally disconnected devices. Well, almost; if the bridge table is
flooded and the switch is having trouble keeping up, all data will be
flooded out every port. This has to happen in order for communication to
continue in these situations. This needs to be pointed out because many
people believe VLANs are a security mechanism. They are not even close.
Anyone with half a clue about networks (or with the right cracking tool in
their arsenal) can quickly overcome the VLAN broadcast segmentation. In
fact, a switch will basically turn into a hub when it floods frames, spewing
everyone's data to everyone else.
If you can't ARP
for a machine, you have to use a router, as we already know. But does that
mean you have to physically connect wires from a router into each VLAN? Not
anymore, we have layer 3 switches now! Imagine for an instance, if you will,
a switch that contains 48 ports. It also has VLAN 1 and VLAN 2, and ports
1-24 are in VLAN 1, while ports 25-48 are part of VLAN 2. To route between
the two VLANs, you have basically three options. First, you can connect a
port in each VLAN to a router, and assign the hosts the correct default
route. In the new-fangled world of today, you can also simply bring up two
virtual interfaces in each VLAN. In Cisco-land, the router interfaces would
be called vlan1 and vlan2. They get IP addresses, and the hosts use the
router interface as their router.
The third way brings us to the final topic of our layer 2 overview. If
you have multiple switches that need to contain the same VLANs, you can
connect them together so that VLAN 1 on switch A is the same as VLAN 1 on
switch B. This is accomplished with 802.1q, which will tag the packets as
they leave the first switch with a VLAN identifier. Cisco calls these links
"trunk ports," and you can have as many VLANs on them as the switch allows
(currently 4096 on most hardware). So, the third and final way to route
between VLANs is to connect a trunk to a router, and bring up the
appropriate interfaces for each VLAN. The hosts on VLAN 1, on both switch A
and B will have access to the router interface (which happens to be on
another device) since they are all "trunked" together and share a broadcast
We've saved you from the standard "this is layer 2, memorize the Ethernet
header" teaching method. To become a true guru you must know it, but to be a
useful operator, (something the cert classes don't teach you) simply
understand how it all works.
Did You Know...
(Summing it up)
- Bridges, aka switches, store
MAC address tables to enable unicast segmentation; that is,
they only send unicast data to the host that needs it.
- VLANs provide absolutely
zero security benefits.
- A layer 3 switch can be
delivered multiple VLANs through a trunk, and route between
them. This can happen all on the same wire.
Networking Standards >
~ By Charlie Schluting
Adapted from Enterprise
Last updated: January 20, 2005
Webopedia's "Did You Know ... Understanding Layers"
It is time to take a trip up the OSI Reference Model, and learn what this
mysterious thing is all about.
Reference: The 7 Layers of the OSI Model
Use this handy guide to compare the different layers of the OSI model and
understand how they interact with each other.
Networking 101: Understanding IP Addresses
Networks don't work
without addresses: Whenever you are sending something, you need to specify where
it should go and where it came from. To be an effective network engineer or
administrator, you need to understand IP addresses backward and forward: you
need to be able to think on your feet.
Networking 101: Understanding Subnets and CIDR
Let's get one thing straight: there is no "Class" in subnetting. In the olden
days, there were Class A, B and C networks. These could only be divided up into
equal parts, so VLSM, or Variable Length Subnet Masks , were introduced. The old
Class C was a /24, B was a /16, and A was a /8. That's all you need to know
about Classes. They don't exist anymore.
Networking 101: Subnets Realized (Including IPv6)
An oft-asked question in networking classes is "why can't we just put everyone
on the same subnet and stop worrying about routing?" The reason is very simple.
Every time someone needs to talk, be it to a router or another host, they have
to send an ARP request. Also, there are broadcast packets that aren't
necessarily limited to ARP, which everyone hears.