Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Detailed explanation of the principle and examples of three-layer switching

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

7.7.5 principle of layer 3 switching

The layer 2 data exchange of layer 2 switch is generally realized by using the CAM table in the hardware chip of ASIC (Application Specific Integrated Circuit, application specific integrated circuit). Because it is hardware forwarding, the forwarding performance is very high. The layer 3 forwarding of the layer 3 switch is also completed by the ASIC chip (the routing function of the router mainly depends on the CPU software), but in addition to the CAM table for layer 2 switching, there is also a layer 3 hardware forwarding table specially for layer 3 forwarding.

The layer 3 switching principle of layer 3 switches is complicated, and the layer 3 switching processes of layer 3 switches of different network environments and different manufacturers are not exactly the same. The basic process of layer 3 switching of only two different network segment hosts directly connected to a layer 3 switch is shown in figure 7-55. The main steps are explained as follows:

(1) before initiating communication, the source host compares its IP address with the IP address of the destination host. If the source host determines that the destination host is in a different network segment, it needs to submit the message through the gateway, so it first needs to obtain the MAC address of the gateway through an ARP request message (if the source host does not know the MAC address of the gateway). That is, the source host first sends an ARP request frame to obtain the MAC address corresponding to the gateway IP address.

(2) after receiving the ARP request message from the source host, the gateway responds with an ARP reply message, and the "source MAC address" in the reply message contains the MAC address of the gateway.

(3) after receiving the ARP reply of the gateway, the source host uses the gateway MAC address as the "destination MAC address" of the message, the IP address of the source host as the "source IP address", and the IP address of the destination host as the "destination IP address", and first sends the data sent to the destination host to the gateway.

Figure 7-55 basic flow of layer 3 switching

(4) after receiving the data sent by the source host to the destination host, the gateway knows that the IP addresses of the source host and the destination host are not in the same network segment, so it uploads the Datagram to the layer 3 switching engine (ASIC chip) to check the layer 3 forwarding table with or without the destination host.

(5) if the corresponding table entry of the destination host is not found in the layer 3 hardware forwarding table, ask CPU to view the software routing table. If there is a routing table entry of the network segment where the destination host is located, you also need to get the MAC address of the destination host, because the packet is encapsulated by frame at the link layer. So the layer 3 switch CPU sends an ARP broadcast request packet to the network segment where the destination host is located to obtain the MAC address of the destination host.

(6) after the switch obtains the MAC address of the destination host, it adds the corresponding entry to the ARP table and forwards the Reiki packet from the source host to the destination host. At the same time, the layer 3 engine of the layer 3 switch will combine the routing table to generate the layer 3 hardware forwarding table of the destination host.

In the future, packets arriving at the destination host can directly use the forwarding table entries in the three-tier hardware forwarding table for data exchange, without having to look at the routing table in CPU.

The above process is applicable to the exchange of visits between hosts in different VLAN (network segments), when the switch used for interconnection is used for layer 3 switching and forwarding. This is the principle of "routing once, switching many times".

7.7.6 layer 3 switching exampl

In layer 3 switching, the basic principles of communication between different network segments on the same switch and different network segments on different switches are the same, but the specific processes are different. This section only explains the layer 3 switching principle described in the previous section in a relatively simple case of "communication between hosts on different network segments on the same switch".

As shown in figure 7-56, the source and destination hosts of the communication are connected to the same layer 3 switch, but they are on different VLAN (also on different network segments). For layer 3 switches, both hosts are within their directly connected network segments, and their IP routes are directly connected routes. The figure shows the MAC address, IP address, gateway IP address (that is, the corresponding VLAN interface IP address) of the two hosts, and the MAC address of the layer 3 switch.

[note] although VLAN is divided in this example, the VLAN tag is not mentioned in the following data forwarding process, because in this example, the hosts on both sides of the communication are connected to the same layer 3 switch, the port type is Access, and the data frames sent and received are untagged. In the example described in the next section, the issue of VLAN tagging will be involved in the process of data forwarding.

Figure 7-56 example of layer 3 switching between hosts of different network segments on the same switch

When PC A sends a packet to PC B for the first time, the packet transmission process is as follows: (assuming that no hardware forwarding table entry has been established on the layer 3 switch)

(1) PC A first checks that the destination IP address 2.1.1.2 (PC B) is not in the same network segment, and thinks that it is impossible to send it directly, so it caches the packet to be sent first. It knows that the packet must be forwarded through the gateway, so first check to see if it already knows the MAC address of the gateway (that is, check the ARP table of the PC A host to see if there is an MAC address table entry corresponding to the gateway IP address). If so, when the packet to be sent to PC B is encapsulated into a data frame, the value of the destination MAC address field is set to the MAC address of the gateway (that is, the MAC address MAC S of the layer 3 switch, and each port and VLAN on the switch share one or more MAC addresses).

(2) if PC A does not find the gateway MAC address in its ARP table, it first sends an ARP broadcast request message to the gateway (in fact, it will be sent to all nodes in this VLAN) to obtain the MAC address corresponding to the gateway IP address 1.1.1.1. The "source MAC address" field of this ARP request message is the MAC address "MAC A" of PC A, and the "destination MAC address" is filled in the all-zero format because it is unknown. The "source IP address" and "destination IP address" fields fill in the IP address of PC A (1.1.1.2) and the IP address of the gateway (1.1.1.1), respectively.

After the ARP request message is transmitted downwards to the Ethernet data link layer, it is again encapsulated into an Ethernet frame. The value of the "source MAC address" field in the Ethernet frame header is still the MAC address "MAC A" of PC A, the value of the "destination MAC address" field is the broadcast MAC address FF-FF-FF-FF-FF-FF, and the "frame type" field is filled with the protocol number 0x0806 of ARP. For more information about ARP messages and ARP frame formats, see Section 7.3.10 of this chapter.

(3) after receiving the ARP request message from PCA, the layer 3 switch examines the request message and finds that the requested IP address (that is, the "destination IP address") is its own layer 3 interface IP address, so it sends back an ARP reply message to PCA A, and fills the corresponding layer 3 interface MAC (MAC S) in the "destination MAC address" field in the reply message. At the same time, through the analysis of the ARP request message sent by PC A, the corresponding relationship between the IP address and the MAC address of PC A (1.1.1.2MAC A) is recorded in its own ARP table, and then the IP address (as the "destination IP address"), the MAC address (as the "next hop MAC address") and the port number directly connected to the switch are sent to the three-layer hardware forwarding table in the ASIC chip of the three-layer switch. At this point, there is the first forwarding table entry in the three-tier hardware forwarding table, that is, the forwarding table entry of PC A.

[description] in the layer 3 switch, the most important thing is that it has a "layer 3 hardware forwarding table" dedicated to layer 3 forwarding, which is related to but different from the "ARP table". The ARP table only maps the IP address to the MAC address, excluding the forwarding exit and the corresponding VLAN ID, while all of these are included in the three-tier hardware forwarding table, forming a relational table entry for the destination IP address, VLAN ID, port, and next-hop MAC address. Because in layer 3 forwarding, the two fields of the encapsulated source and destination MAC addresses of the frame are changed. The original "destination MAC address" in the IP packet is entered as the forwarding "next hop MAC address". The original "source MAC address" is changed to the MAC address of the layer 3 switch itself, and the source and destination IP addresses remain unchanged (because this is encapsulated in the "data" part of the frame). In addition, the three-layer forwarding table is stored on the ASCI hardware chip and directly called by the ASIC chip, while the ARP table is stored in it and called by the CPU software. However, the three-tier hardware forwarding table items are still provided by CPU.

(4) after receiving the ARP reply message from the gateway, PC A modifies the "destination MAC address" of the packet to be sent to PC B to the gateway MAC address (MAC S1) after frame encapsulation, and sends the packet to the gateway (layer 3 switch) first.

(5) after receiving this packet, the layer 3 switch will directly submit it to the ASIC chip responsible for layer 3 switching because the "destination MAC address" is the switch's own MAC address, and the "destination IP address" and the "source IP address" are not in the same network segment. According to the "destination IP address" in the packet (PC B IP address 2.1.1.2), check whether there is a corresponding table entry in the layer 3 hardware forwarding table. Because it was the first communication, the result was that the lookup failed, so the packet was forwarded to CPU for software routing processing.

(6) CPU also looks up its software routing table according to the "destination IP address" in the packet and finds that it matches a directly connected network segment (the network segment corresponding to PC B), so it continues to look up the corresponding MAC address entry in the ARP table. It is also because it is the first time to find it, so it still fails. If the corresponding MAC address is found in the ARP table, the data can be forwarded directly by the software routing table.

(7) the MAC address corresponding to PC B is not found in the ARP table as an example. At this time, the layer 3 switch CPU will send an ARP broadcast request message on all ports in AN 3 of the network segment where PC B is located, looking for the MAC address corresponding to the "destination IP address" of 2.1.1.2. The "source MAC address" of the packet after frame encapsulation is the MAC address of the layer 3 switch (MAC S), the "destination MAC address" is all 0, the "source IP address" is the gateway IP address of the VLAN 3 network segment (2.1.1.1), and the "destination IP address" is the IP address of PC B (2.1.1.2).

(8) after receiving the ARP request message sent by the layer 3 switch CPU, PC B checks and finds that the requested IP address is its own IP address, so it sends an ARP reply message and includes its own MAC address (MAC B) in it. At the same time, the corresponding relationship (2.1.1.1MAC S) between the gateway IP address and the MAC address of the VLAN 3 network segment on the layer 3 switch is recorded in its own ARP table.

(9) after receiving the ARP reply message from PC B, the layer 3 switch CPU records the correspondence between its IP address and MAC address (2.1.1.2MAC B) in its own ARP table, and sends the IP address, MAC address and port number of PC B to the layer 3 forwarding of the layer 3 switch. At this point, there are two corresponding entries in the forwarding table that arrive at PC An and PC B.

(10) according to the MAC address and port information of PC B and the software routing table information, the layer 3 switch CPU forwards the IP packet sent by PC A to PC B, thus completing the first one-way communication from PC A to PC B.

Because the complete forwarding path information from PC A to PC B has been saved in the layer 3 engine inside the chip, when there is communication between PC An and PC B, or when the sites of other network segments want to communicate with PC An or PC B, the ASIC chip of the layer 3 switch will directly forward the packet from the port specified in the corresponding layer 3 hardware forwarding table entry, without having to give the packet to CPU for routing processing. This is the so-called "one-time routing (refers to the corresponding directly connected network segments found through the CPU routing table), multiple switching" principle, which greatly improves the forwarding speed.

The above content is extracted from the latest listing, has been incorporated into the national university teaching material system, and in the national best-selling, four major online stores (Dangdang, Jingdong, Zhuoyue, Interactive) 100% high praise of the new book "in-depth understanding of the computer Network".

In addition, 100 self-test questions have been written specifically for this book and published in the ChinaUnix self-test column. If you buy this book, you can test your effect on each chapter; if you have not bought this book, you can also test your current level. There is a double gift waiting for you: http://selftest.chinaunix.net/remen/wangluo/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 294

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report