Shulou(Shulou.com)06/01 Report--

What is the principle of L3 Switch layer 2 and layer 3 forwarding? I believe many inexperienced people are at a loss about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Layer 3 switch (L3 Switch) is widely used in the backbone of large networks because of its routing function, layer 3 forwarding function, and forwarding efficiency much higher than that of routers. (from a role point of view: the main role of routers is routing, not packet forwarding. From the implementation point of view: the router forwarding message is software forwarding, the forwarding performance is naturally inferior to the switch), today we will briefly introduce the layer 2 and layer 3 forwarding of the switch.

First of all, layer 2 forwarding is based on MAC address forwarding, layer 3 forwarding is based on IP address forwarding, but this does not mean that it can be forwarded only by IP address. Layer 3 forwarding is based on layer 2, and can be forwarded only by MAC address. In addition, layer 2 and layer 3 forwarding is based on MAC address, IP address, FDB table (MAC address learning, update, aging, deletion, etc.), ARP table, routing table, layer 3 forwarding table, VLAN port type (Access, Trunk, Hybrid), VLAN frame format, ARP message format and so on. The following figure is an example to summarize the layer 2 and layer 3 forwarding principles based on VLAN in the switch.

1. Basic conceptual terms:

① MAC address: the hardware address of 48bit. The unicast address format is the first byte lowest bit is 1, the multicast address format is the first byte lowest bit is 0, and the broadcast address is all 1 (i.e. FF:FF). There are also specific MAC address formats for other network protocols.

② FDB table (FordWarding DateBase): that is, the MAC address mapping table, which contains MAC address, port, VLAN ID, and other information (there may be other information on switches of different vendors).

③ ARP table: a table used to record the mapping of IP and MAC.

④ layer 3 forwarding table: a relational table including destination IP address, VLAN ID, port number and next-hop MAC address based on hardware layer 3 forwarding.

⑤ routing table: a record table that contains routing path information for default routes, RIP, OSPF, and other dynamic routes.

⑥ VLAN port: there are three modes, mainly Access port (interface), which is generally used to connect hosts, and the data frames sent out by them do not carry vlan tag tags; and Trunk (backbone ports) are used for backbone links that can connect different switches, and the data frames sent out on them may be tagged with tag to identify different VLAN. If not, the default VLAN (PVID) is used.

Assume that initially, all PC and switches do not have any table entries (ARP cache, FDB cache, layer 3 forwarding table cache, etc.), and the ports are in Access mode.

2. Layer 2 forwarding (host communication in the same VLAN):

In the figure above, PC_A ping PC_B is taken as an example to analyze the whole process in detail.

For ① PC_A (192.168.10.1) to ping PC_B (192.168.10.2), PC_A first checks whether the destination IP address and its own IP address are in the same network segment. After IP and subnet mask, it is known that PC_A and PC_B belong to the same network segment: 192.168.10.0. So proceed to the next step: ARP item query.

② uses the target IP:192.168.10.2 as the index and looks for the corresponding MAC address in the ARP table. Because the ARP table is initially empty, it does not find the corresponding MAC. Therefore, PC_A needs to send an ARP broadcast message to request the MAC address of PC_B (192.168.10.2) in VLAN 1. The main content of the ARP message encapsulated by PC is, the field of opcode operation code is 0X01, which represents an ARP request message, and the target MAC is populated to 0 because it does not know. The rest of the Ethernet frame header is shown below:

For the meaning of each field of ARP message, grab an ARP packet with wireshark to view it, as shown below:

This message is an ARP request message that I crawled from my computer and sent to the room wireless router. It is an ARP message requesting a reply (that is, an ARP message sent by PC before the ARP cache timeout of the gateway needs to be cleared. If the gateway does not reply to the ARP request within the specified time, PC clears the cache. For details, please see RFC 826).

③ when the switch receives the message sent by PC_A from port an and parses the Ethernet header and finds that the destination MAC is FF:FF, then it knows that it is a broadcast frame and parses the source MAC:MA. Because the FDB table is currently empty, information such as "port a:MA:VLAN 1" is first cached in the FDB table. Then, according to the Access mode of the port, add a VLAN tag (mainly including priority and VLAN ID=1) to make it an 802.1Q Ethernet frame with VLAN tag, and start switching inside the switch.

According to vlan tag and port detection, ④ found that ports b, c and d (in fact, there is a VLAN interface, not to mention) belong to VLAN 1, which is consistent with the tag tag of the message, so the tag is stripped and forwarded out of these three ports.

When PC_C and PC_D receive the broadcast frame, ⑤ parses the content and discards the data frame when it discovers that the target IP is not itself, while PC_B discovers that the target IP is itself, then first caches the mapping information update of "192.168.10.1:MA" of PC_A to the local ARP table. Then encapsulate an ARP response unicast message, the main content is: source IP:192.168.10.2, destination IP:192.168.10.1, source MAC:MB, destination MAC:MA. Send it out and reach the switch via port b.

When the ⑥ switch receives the message from port b and parses the header to get the source MAC, it first caches the information such as "port b:MB:VLAN 1" into the FDB table. Because there is already a MAC address cache of PC_A in the FDB table, according to the ARP reply message data, the target MAC of the frame header forwards the message out of port a (of course, there is also the operation of adding the ingress data frame tag and stripping the egress data frame tag).

After receiving the ARP message sent by the switch from port a, ⑦ PC_A parses the Ethernet header to determine the target MAC match, parses the message content after matching, and finds the corresponding relationship of "source IP: source MAC". Therefore, it first caches "192.168.10.2:MB" to the ARP table, and then has the MAC address of PC_B to encapsulate the icmp message for subsequent ping operations.

The ⑧ switch receives icmp request and icmp reply messages from PC_A and PC_B. Since there was a cache of FDB entries before, only the aging flag of the corresponding table entries will be updated, and the messages without these two source MAC messages to the switch for a long time will delete the corresponding table entries.

3. Layer 3 forwarding (host communication across different VLAN):

Taking the communication between different hosts in the same VLAN on a switch as an example, this paper describes the basic process of layer 2 forwarding, including ARP table query, ARP request, switch MAC address query, FDB table cache, port type check, VLAN tag add and split, target host ARP reply and other steps.

The basic steps of layer 3 switching are similar. Taking the mutual ping of PC_A of VLAN 1 (192.168.10.1 Magma) and PC_E of VLAN 2 (192.168.20.1 Magna ME) as an example (assuming that the gateway of VLAN 1 is the gateway of VLAN 1 interface and the gateway of IP:192.168.10.254,VLAN 2 is IP:192.168.20.254 of VLAN 2 interface), the following process also involves the process of adding VLAN tag and stripping VLAN tag, but it is basically the same as that of layer 2. Therefore, I will not repeat it (for inter-VLAN communication across switches, involving trunk ports, the vlan tag addition may be slightly different):

① when PC_A (192.168.10.1) wants to ping PC_E (192.168.20.1), it still checks whether the destination IP is on the same network segment as it is, and finds that it is not in the same network segment (one in 192.168.10.0) and the other in 192.168.20.0), then it needs to be forwarded through the gateway (here is the switch layer 3 interface). Therefore, PC_A looks for the MAC address of the gateway in its own ARP table, and if there is one, it directly encapsulates the message as follows: the destination MAC is the gateway MAC, the source MAC is MA, the sender IP is 192.168.10.1, and the receiver IP is 192.168.20.1.

② because the MAC address of the gateway does not exist in the ARP cache of the first PC_A. Then first send an ARP request to the broadcast in VLAN 1, requesting the MAC address of the gateway 192.168.10.254, encapsulated as follows: the source MAC is MA, the destination MAC is unknown, the source IP is 192.168.10.1, the destination IP is 192.168.10.254, the header of the link layer encapsulation is MA, the destination MAC is full F, that is, the broadcast packet, and the "frame type" field is filled with the protocol number 0x0806 of ARP.

③ switch SW1 receives the message sent by PC_A, and the layer 2 parsing header is checked as a broadcast packet, then it is forwarded from each port of VLAN 1 except the source port, and a copy is also forwarded to the layer 3 interface of VLAN 1. As PC_A has previously sent a message to PC_B, and SW1 has FDB cache of PC_A, the aging flag bit will be updated after the match is checked, and the timer will be re-counted. In addition, the IP, MAC, corresponding port, VLAN ID and other information of the PC_A are recorded in the layer 3 forwarding table of the switch.

④ VLAN 1 other hosts receive the request object is not their own ARP request, discard the broadcast message, while the SW 1 layer 3 interface parses to the destination IP is themselves, then encapsulates a source MAC is the MAC of switch VLAN 1 interface, the source IP is 192.168.10.254, the destination IP is 192.168.10.1, the destination MAC is the ARP reply message of MA, and then after the Ethernet header encapsulation, the ARP unicast message header is added, and the destination MAC is MA. The second layer of the switch receives a message from layer 3, parses the header of the data frame, and finds out that the outgoing port is port an and ACCESS port in the FDB table according to the destination MAC address MA, then peel off the tag (after the previous request message enters port a, it will be added with tag, so that it can distinguish between other ports of VLAN 1 and VLAN 1 interface) and forward to PC_A.

When ⑤ PC_A receives the MAC address of the gateway, it first caches the ARP entry of the gateway, and then modifies the destination MAC to VLAN 1 interface, that is, the MAC address of the gateway, while the destination IP is still the IP:192.168.20.1 of PC_E, and then encapsulates the Ethernet header and sends it out in unicast form.

After receiving this packet, ⑥ SW 1 submitted it to layer 3 directly because the "destination MAC address" is the MAC address of the switch's own VLAN interface, and the "destination IP address" and the "source IP address" are not in the same network segment. According to the "destination IP address" (PC_E 's IP address) in the packet, it is checked whether there is a corresponding table entry in the layer 3 hardware forwarding table. Because it is the first communication, the result is that the search failed. Then the packet is forwarded to CPU for software routing processing.

⑦ CPU also looks up its software routing table based on the "destination IP address" in the packet and finds that it matches a directly connected network segment (the network segment corresponding to PC_E), so it continues to look for the corresponding MAC address entry in the ARP table. It is also because it is the first time to find it, so it still fails. If the corresponding MAC address is found in the ARP table, the data can be forwarded directly by the software routing table.

If ⑧ does not find it, it takes the target IP of PC_E as the request object and sends the ARP request broadcast within the destination network segment of VLAN 2 (destination MAC is all 0, destination IP is 192.168.20.1, source MAC is VLAN 2 interface corresponding to MAC, source IP is VLAN 2 interface corresponding to IP:192.168.20.254). After PC_E receives the ARP request message, it first caches the ARP entry of the gateway. Then reply its own MAC address ME to the gateway 192.168.20.254 CPU SW 1 in the form of ARP unicast, and record the IP, MAC, outgoing port, VLAN ID and other information of the PC_E according to the reply message update, and then record the IP, MAC, outgoing port, VLAN ID and other information of the PC_E. At this time, there are PC_A and PC_E forwarding table entries in the three-layer forwarding table. In addition, ARP table items and FDB table items of PC_E are cached.

The CPU of the ⑨ layer 3 switch forwards the packets sent by the PC_A to the PC_E according to the target host MAC and the existing directly connected routing information, which is a single-direction layer 3 forwarding process, in which a large number of layer 2 forwarding is involved (PC_A broadcasts the request gateway MAC in VLAN 1, switch CPU controls the MAC in the VLAN2 to broadcast the request PC_E, etc.).

⑩ when PC_E replies to PC_A messages, the steps are the same as PC_A, except that gateway ARP entries already exist on PC_E, layer 3 forwarding entries and FDB entries to PC_A already exist on the switch, so it will be easier. In addition, due to the existence of layer 3 forwarding table items, the messages replied to PC_A by PC_E will be forwarded directly according to the layer 3 forwarding table by hardware, rather than by CPU routing software, which will be more efficient.

After reading the above, have you mastered the principle of L3 Switch layer 2 and layer 3 forwarding? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.