This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.
- OSI Model
- Key Players
- Host to Host Communication
- Host to Host through a Switch
- Host to Host through a Router
- Packet Traveling – Series Finale
In the last article, we looked at everything that happens for two hosts to communicate directly with one another. In this article, we will add a common network device: a switch. We will take a look at what happens for communication from Host to Host through a Switch.
This article will be the practical application of everything that was discussed when we looked at a Switch as a key player in packet traveling. It might be worth reviewing that section before proceeding.
We will start by looking at the individual switch functions, and then take a look at an animation which shows their collaborative operation.
Switch Functions
A Switch primarily has four functions: Learning, Flooding, Forwarding, and Filtering:
Learning
Being a Layer 2 device, a Switch will make all its decisions based upon information found in the L2 Header. Specifically, a Switch will use the Source MAC address and Destination MAC address to make its forwarding decisions.
One of the goals of the Switch is to create a MAC Address Table, mapping each of its switchports to the MAC address of the connected devices.
The MAC address table starts out empty, and every time a Switch receives anything, it takes a look at the Source MAC address field of the incoming frame. It uses the Source MAC and the switchport the frame was received on to build an entry in the MAC Address Table.
Sooner or later, as each connected device inevitably sends something, the Switch will have a fully populated MAC Address Table. This table can then be used to smartly forward frames to their intended destination.
Flooding
However, despite the learning process above, it is unavoidable that a Switch will at some point receive a frame destined to a MAC address of which the Switch does not know the location.
In such cases, the Switch’s only option is to simply duplicate the frame and send it out all ports. This action is known as Flooding.
Flooding assures that if the intended device exists and if it is connected to the switch, it will definitely receive the frame.
Of course, so will every other device connected to that particular Switch. And though not ideal, this is perfectly normal. The NIC of each connected device will receive the frame and take a look at the Destination MAC address field. If they are not the intended recipient, they will simply silently drop the frame.
If they are the intended device, however, then the Switch can rest satisfied knowing it was able to deliver the frame successfully.
Moreover, when the intended device receives the frame, a response will be generated, which when sent to the Switch will allow the switch to learn and create a MAC Address Table mapping that unknown device to its switchport.
Forwarding
Ideally, of course, the Switch will have an entry in its MAC Address Table for every Destination MAC it comes across.
When this happens, the Switch happily forwards the frame out the appropriate switchport.
There are three methods by which a Switch can forward frames. They are briefly described below.
- Store and Forward – The Switch copies the entire frame (header + data) into a memory buffer and inspects the frame for errors before forwarding it along. This method is the slowest, but allows for the best error detection and additional features like prioritizing certain types of traffic for faster processing.
- Cut-Through – The Switch stores nothing, and inspects only the bare minimum required to read the Destination MAC address and forward the frame. This method is the quickest, but provides no error detection or potential for additional features.
- Fragment Free – This method is a blend of the prior two. The Switch inspects only the first portion of the frame (64 bytes) before forwarding the frame along. If a transmission error occurred, it is typically noticed within the first 64 bytes. As such, this method provides “good enough” error detection, while gaining the speed and efficiency of avoiding storing the entire frame in its memory before forwarding it.
It is worth pointing out that these three methods were at one point very significant when Switch technologies were newer and switching induced noticeable latency. In modern days, with line-speed switching, the difference in speed between these three is negligible, and most switches operate in Store and Forward mode.
Filtering
And finally, the last function of the switch is filtering. Mainly, this function states that a Switch will never forward a frame back out the same port which received the frame.
Most commonly, this happens when a Switch needs to flood a frame — the frame will get duplicated and sent out every switchport except the switchport which received the frame.
Rarely, a host will send a frame with a destination MAC address of itself. This is usually a host experiencing some sort of error condition or being malicious. Either way, when this happens, the Switch simply discards the frame.
Switch Operation
Now that we’ve looked at each of the individual functions of a Switch, we can look at them in action. The animation below includes a Switch going through all four functions as it processes traffic.
Ordinarily, the hosts in the animation below would need to perform an ARP resolution, but for the sake of focusing on the Switch’s operation, we will omit ARP and proceed as if all the hosts already knew each other’s IP and MAC addresses.
Host A has “something” to send to Host B. The contents of the “something” is entirely irrelevant, so long as its understood that the frame has a L2 header which includes a Source and Destination MAC address.
Initially, the MAC Address Table of the Switch is empty. Remember, it only gets populated when a frame is received.
When Host A sends the frame to the switch, it includes a Source MAC address of aaaa.aaaa.aaaa. This prompts the Switch to learn a MAC Address Table entry mapping Port 1 to MAC Address aaaa.aaaa.aaaa.
Then, when deciding how to forward the frame, the Switch realizes there is no entry for bbbb.bbbb.bbbb. This leaves the Switch only one option: duplicate and flood the frame out all ports. Notice the frame was duplicated out all ports, except Port 1 (the port it came in on) – this is an example of the Switch performing its filtering function.
This frame will then be received by Host C and Host B. Host C, when inspecting the L2 header will realize the frame is not intended for them and will simply discard it. Conversely, when Host B receives the frame and realizes they indeed are the intended recipient, they will accept the frame and generate a response.
When the response arrives on the Switch, another MAC Address Table mapping can be learned: Port 2 contains the MAC address bbbb.bbbb.bbbb.
Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.
Broadcasts
There is often some confusion about a switch in regards to a Broadcast and a Switch’s flooding behavior. The confusion is understandable, because the end result is the same, but it is also important to understand the distinction.
A Broadcast frame is a frame which is addressed to everyone on the local network. This is done using the same Ethernet header we’ve been discussing, except the Destination MAC address field is populated with a special address: ffff.ffff.ffff. The “all F’s” address is specially reserved for the purpose of broadcasting.
By definition, if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame (after learning the Source MAC, of course).
Another way of looking at it, is since the address ffff.ffff.ffff is reserved, the switch is unable to learn a MAC Address Table mapping for it. As such, any frame destined to this MAC address will always be flooded.
In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch).
To some extent i was interested to know more about what will happen when the switch receive a frame address to a new host that is not in the mac address table?
Hi Baraka, it would first attempt to Learn the source MAC address of the received frame, then if it doesn’t yet have an entry for the Destination MAC address, it would Flood the flame out all ports (except the one it came in on). Pretty much the same sequence of events as the animation above when the switch first receives the frame from Host A, and the MAC Address Table is empty.
Can I get deep explanation about this(To some extent i was interested to know more about what will happen when the switch receive a frame address to a new host that is not in the mac address table?)
The switch would perform the Flood action. That is what a switch does when it receives a frame destined to a MAC address that doesn’t exist in the MAC address table.
thankq sir
This comment is for the line…”Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.”
I am confused now. You brought up the example of Host A sending data to Host B. The switch does not know Host B MAC address. So the switch duplicate the Frame and Broadcast it out. Everyone other hosts drops except for Host B. Host B sends the FRAM back to the switch. Switch populate its MAC Address Table.
When does Host B receive the data? From your statement, Host B sends a response to the Switch with the Destination to Host A. Switch sends data to Host A.
How does the switch send data when Host A is sending to Host B after getting the response from Host B from an empty MAC Address Table?
Hi Hoang,
> When does Host B receive the data?
The frame is the data. When Host A sends the frame, it is not sending it to the switch, it is just sending it. Host A does not know whether it is connected to a switch, or directly connected to Host B.
> How does the switch send data when Host A is sending to Host B after getting the response from Host B from an empty MAC Address Table?
The switch is not sending data, it is merely forwarding data initially sent by Host A or Host B. It is simply using its MAC address table to forward the data smartly. This is in contrast to a hub, which would simply duplicate each incoming frame and flood it out all ports, every single time. The switch only needs to do the flooding action initially — once it learns which MAC addresses exist at which ports, it simply forwards.
Thanks Ed. After I posted my commented, I continued to watch the YouTube Video that you made. That video made me think clearly.
When Host A does not know the MAC address, it sends an ARP saying “what is the MAC address to this IP”. After the response from Host B…”Hi, I’m that IP and this is my MAC”…get back to Host A. Host A update its ARP table. Now Host A can build the frame of Source MAC and Destination MAC and send the data off.
Without the complete L2 header, data can never be sent within a network or another network. That’s my interpretation. Data can never travel when L2 is not completed.
Hi Hoang, absolutely. L2’s job is to deliver a packet from one NIC to the next NIC. Without the ability to create a full L2 header, data can never traverse between two nodes. Glad it all makes sense now!
Hi,
I have one question. Since A has already sent out an ARP request broadcast to the whole LAN to ask for host B’s MAC address. When host B send a unicast ARP back to host A, switch should learn the source MAC from B by then, correct? So technically switch’s MAC table should be filled by hosts sending and receiving the ARP request/reply, correct? How come switch still doesn’t know the MAC address of host B?
Thanks,
Helen
Hello. The illustration above intentionally omits the ARP process that would have happened for host A and host B to know each other’s MAC address. That was intentional to focus on just how the Switch works and provide a use-case for broadcasting..
But yes, if ARP had been completed, then the Switch would have known the MAC addresses for Host A and Host B, and therefore wouldn’t have needed to flood.
what i understand from all of this is that when Host1 send a message to Host2 once it hits the switch, the switch will flood an address resolution to everyone except the originator, that way when the host with the right Ip address receives this message it will send a message back (Ack) to the switch and this is when the switch takes the MAC Address and writes it down on the table “learning” a new MAC address for an IP address he already knew.
I also wanted to know the process when Host A does not have the Destination MAC because it rebooted. However, the switch does have the Destination of where Host A wants to send.
For example, Host A sends data to Host B. Host A looks at its ARP table, discovers that it doesn’t have Host B. Host A sends a Broadcast. How does the Switch handle the Broadcast when the switch does have Host B MAC?
Just for more confusion on my side, what does the switch do when it doesn’t have Host B MAC as well? Does the switch duplicate the FRAM from Host A and FLOOD?
If the switch in between has been switched off and on??? Then what will happen to the packets forwarded from HOST A ???
> For example, Host A sends data to Host B. Host A looks at its ARP table, discovers that it doesn’t have Host B. Host A sends a Broadcast. How does the Switch handle the Broadcast when the switch does have Host B MAC?
The ARP Request that Host A sent will be a Broadcast frame, which means the destination MAC address field of the L2 header is
FFFF.FFFF.FFFF
. Whether the switch has Host B’s MAC address or not, it will always process a broadcast frame the same way — by flooding the ARP Request to every host on the network.Remember, the switch does not know that the packet is an ARP Request or regular data. It only looks up to the L2 header to make it’s forwarding decision.
Thank you so much. I swear that you made the subject matter in this series so friendly to understand that even a cave man will learn.
Thank you again Ed. Please write more topics when you have time of anything IT.
Thanks for the series.I wish to know how the packet flow between two switches with one host (192.168.1.1/24) in one switch and another host(192.168.1.5/24)in another switch.
Can you please explain this for me.
Hi Chandra, I’ve had a few request for this. The post which covers it is in the works as we speak =). Stay tuned…
Hi Chandra, I finished the article that describes the process with multiple switches. Check it out here: Communication through Multiple Switches.
very nice & clear clarification. Nevertheless you need to have more drawing and videos probably…
Thank you for this, Ed. I teach networking here at the University and as much as I hate to admit it, you do a better job than I do. So…..one would think I would learn how to teach it better, but I am going to send them to your site instead! ;-D Then they get it two ways instead of one…..much better. Thank you again.
Hi Steve, thanks for the kind words! I’m glad you enjoyed the article! I hope they continue to help you and your students!
Hi Ed,
Thanks for the wonderful article along with video, Let us know do you have the examples like this for DHCP & PPPOE protocols.
Regards,
Mugil
i want to receive frame from port C of a switch.when port A sends the frame to port B on the same switch.HOW??????????????
Hi Phani, you’re looking for what is known as SPAN sessions.
Hi,
Could you kindly elaborate on this statement?
“But a switch will never broadcast a frame (since broadcasting is not a function of a switch).”
Thanks!
Hi Joelle. A Broadcast, by definition, is simply a frame with a destination address of
ffff.ffff.ffff
. A Switch’s reaction to a broadcast frame is flooding. One is a type of frame, the other is an action the switch will take.Great article. I was wondering how does the host or any device in the same network know the location of the switch? The destination ip address and MAC address is either of the router or an another host (given, its in the same network).
Thanks!
Hi Shantanu,
The host does not know the location of the switch, nor does it need to. The host does not know whether there is one switch or ten switches, or zero switches. The host simply creates the datagram, creates the L3 frame, creates the appropriate L2 frame, then puts it on the wire. Everything that happens after that is entirely out of the host’s hands.
Hope this helps.
Can you please elaborate the difference between ARP broadcast and switch flooding.I mean if host A knows destination host B Mac address but Mac table in switch does not know about host B mac address..Then what swich will do…
A switch can learn the MAC address mapping of the devices connected from any frame, not just ARP frames. When HostA sends anything, the switch will learn the MAC address and associated port for HostA. When HostB sends anything, the switch will learn the mapping for HostB.
An ARP Frame is only a broadcast because the destination MAC address is set to
ffff.ffff.ffff
. ARP can be sent unicast, as is the case in ARP Responses.Flooding is a switch action (not a type of frame). It is the action a switch takes when it does not know exactly which port to deliver a frame to.
Then switch will naver flood because before that when ever any host tries to send data to any other host,it will broadcast ARP and from that swich will learn source Mac and it’s port no.And from ARP response it will learn destination Mac with it’s port no.can you please give any example where switch will flood because according to your above notes i think switch will always learn Mac with port no from ARP broadcast and unicast response
Separate the functions of each device. They are independent from one another.
A host will issue an ARP Request if it needs to map an IP address to a MAC address. This frame typically has a destination MAC address of
ffff.ffff.ffff
and is therefore a broadcast frame.A switch will learn the source MAC address of any frame it receives on any port.
A switch will flood a frame if the the destination MAC address does not exist in the MAC table –OR– if the destination MAC address is
ffff.ffff.ffff
Each function is independent of the other. A switch does not flood because the frame is an ARP, a switch floods because the frame is destined to ffff.ffff.ffff.
Hey Eddie,
I read this this article and was impressed with the level of detail. I took a few of your classes at the Rack! Awesome 🙂 Thanks for this.
Swetha
Hi Swetha! Good to hear from you again! Glad you enjoyed the articles and hope everything is well!
Hi Ed,
Good article. I have some questions and I can’t find answers for them. We have one network, with 3 hosts and a switch and a router. All hosts knows MAC and IP of all hosts and the switch knows on which port are all hosts
1) What happens if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port ?
2) What happens if host 1 sends data to host2 and someone has changed the IP addr of host2 by IP addr host3 (and IP addr of host3 by IP addr of host2)
3) What happens if host 1 sends data to host2 and someone has changed the MAC addr of host2 by MAC addr host3 (and MAC addr of host3 by MAC addr of host2)
Thank you
Hi,
I wrote a bit about how ports react when being disconnect in this comment response. That is relevant to your questions, which I’ll try to answer here:
1. When a host is disconnected, the switch will purge all known MAC addresses with that port. When the host is reconnected elsewhere, the standard learning function will populate the MAC address table for the host’s new port.
2. Typically, when a host’s IP address changes, it will issue a Gratuitous ARP. This will update all the relative ARP caches on the network and all the relative MAC address tables on the switch.
3. Lastly, if the MAC addresses were changed, whatever next frame is sent by either host from their new MAC addresses would cause the MAC address table to update, and the switch to “re-learn” where those MAC addresses exist.
Hope this helps. If it doesn’t, it might be because your question is too specific… in which case I would recommend asking at the Network Engineering Stack Exchange or Sub Reddit.
Hi Ed,
Thanks for your answer and the time you spend writing it.
1) if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port
This is tricky because the switch populates the MAC address table only when the switch receives a frame. And here host2 is not sending frames. host1 continues to sends data to hosts2 and host2 is just receiving frames from host1 and someone has disconnected host2 by accident and connected it to another port without knowing. So for the switch, it sees something coming from host1 (from the good port), but switch will try do send it to the original port of host2 which have no host connected on it, so host2 will never receive it, until host2 sends a frame and switch will update his mac table
This is my understanding but I need a network teacher or network engineer to validate this
for 2) I will read your topic about gratuitous ARP
3) Here again we have the same issue, because the switch populates the MAC address table only when the switch receives a frame. So I think the switch will continue to send date to host2 until host2 send data to the switch then the switch will update his mac table. But at this point there will be an issue, because if host3 does not send data, the switch will never update its entry and will never know that it has mac addr of host2, so data will be dropped
Here again this is my understanding but I need a network teacher or network engineer to validate this
Hello,
This isn’t the right place for this type of back and forth. Feel free to contact me directly, or create a new post at the Network Engineering Stack Exchange or Sub Reddit. =)
Hi! Great article and animations!
One thing puzzles me: Since Host A needs to know MAC address of Host B before sending actual data, an ARP request and response will take place, during which the switch will learn and store the MAC addresses of Host A and Host B. So, how can it be that in your example when Host A sends the actual data, the switch doesn’t already know the MAC addresses of Host A and Host B?
Hi Billy,
For the sake of limiting this article to the functions of a switch, I omitted the process of Host A and Host B discovering each other’s MAC address.
Otherwise, you are correct. If they did not know each other’s MAC address, they would have to discover it using ARP, and the switch would have learned their MAC addresses from the packets in the ARP conversation.
OK, I understand now. I’ve read 2 books about networking and your tutorial was the only thing that made everything was so simple and clear. You are very gifted at what you’re doing and your animations are superb. I’m looking forward to a tutorial about VPN. Thank you very much!
In data link layer we have frame for comminication that have a two field for MACs.We have client A with source mac aaaa.aaaa.aaaa destined to client B with bbbb.bbbb.bbbb MAC add in a cleared mac table switch.when aaaa.aaaa.aaaa received to switch and not known bbbb.bbbb.bbbb is where ,then wants to flood a frame to all port (except the port that received) for learnnig bbbb.bbbb.bbbb.
my question is which destination mac address is in destination mac address field in the frame? switch floods the frame with bbbb.bbbb.bbbb dest mac add field or with ffff.ffff.ffff ?
I’m confused because the bbbb.bbbb.bbbb is not a broadcast address , and ffff.ffff.ffff where want to sit in frame?(because we have aaaa.aaaa.aaaa as source mac and bbbb.bbbb.bbbb as destination mac in frame)
Hi Farshid,
When the switch chooses to flood the frame, it does not change the destination MAC address. So in the case of the flood action above, the SRC MAC will be
aaaa.aaaa.aaaa
and the DST MAC will (still) bebbbb.bbbb.bbbb
.Remember, a switch does not broadcast — broadcasting is not an action of the switch. A switch only Forwards, Floods, Filters, or Learns.
A Broadcast is a frame created by the client which the client wishes to be delivered to everyone on the network. Just like a Unicast frame is a frame created by the client which the client wishes to be delivered to just one other recipient.
The Client creates Broadcasts or Unicast frames. The Switch chooses to flood or forward the Unicast frame, and (by rule) the Switch chooses to always flood the Broadcasts frames.
Hope that clears it up for you.
“if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame”
In case the Mac and IP address of host C is known, will it still flood the frame to the port where host C is connected?
Hi Ram,
The frame is only looking at the L2 header, and if the L2 header is
ffff.ffff.ffff
then the switch will Flood the frame.Even if the switch knows the location of the MAC address being ARP’ed for, the switch will never look into the ARP Payload. It will only look at the L2 header. See this section for more details on the L2 header vs the ARP payload.
Thanks for the clarification Ed.
Hi
Very good Informations here in this page highly appreciated.
But i have some Beginner question.
Something that is not clear to me yet is , How the Source computer A knows the Mac address of the Destination computer B ?
We know Computer A and B never communicated before ?
Could someone help with this ?
Thank you.
Hi Joe. Good question. In reality, Host A would not know the MAC address of Host B. But for the sake of focusing on the switch operations, I omitted including ARP in this illustration. If you want to understand the full process, check out the last article in this series which provides a video that explains every step, to include Host A’s ARP Request.
Hi Ed Harmoush
Yes i have gone through the Video and other Another part of this series which explains thew ARP request By Host A.
Thank you again for the article , it’s really helping me out. And i hope to see more Detailed and deep articles on Networking Just like this again.
Much appreciated ^^
Thank you
Hello Mr.Ed,
Thank you for this tutorial.
I have a question.Let’s suppose we only have host A and host B ,not host C .And there is a router in the example.Like this
Since in point to point connections we do not use arp request ,how does host A find out the routers interface mac address ,host Bs mac address etc ? thank you again.
Hi Netnoob, glad you enjoyed the tutorial. I think you may have a misunderstanding, let me explain…
Point to Point media, such as Serial links, can only have two parties on the “network” — one on each end of the cable.
Multiaccess media, such as Ethernet, can have unlimited parties on the network. But for that to be possible, there has to be a device facilitating communication among the different devices on the network — like a switch.
In your picture, Host A is connected to a switch, which means Host A is using multi-access media, which means it would indeed use ARP to resolve the Router’s MAC address.
Had there been no switch, and had Host A been connected directly to the Router with a Serial link, THEN there would be no ARP, because anything Host A put on the wire would appear on the other side (although typically you do not see hosts using Serial cables these days).
I see.I get it now.
Thank you very much again.
hi sir, I have a question suppose packet is sent from the host A which is in Lan 1 to host B which is in Lan 10, packet travels via intermediate node or switch or router … while travelling a packet from LAN 1 to LAN 10 packets can be lost/ discarded due to various reasons at that moment how re-transmission of packet is done ???
Hi Manoj,
Good question. Within L2 and L3, there is no consideration for lost packets or re-transmissions. That doesn’t come into play until L4, and even then only if the protocol in use is TCP. Then, TCP will handle keeping track of which packets have arrived, and which packets need to be re-transmitted.
TCP might one day be the topic of a future article, but is outside the scope if this particular series.
Hello Ed,
I have the most “beginnery” question for you. I understand all of the concepts in this article and through various studies but one fundamental aspect to networking irks me and I feel prevents me from moving forward!
The “scenario” or the”why” of a host needing to reach another host (for example in just a LAN topology) I fail to understand. Why would host 1 need to send “anything” to host 2? In other words, what is being sent? Other than a host needing to reach a printer, I don’t understand why PC1 would need to somehow send something directly to PC2. I guess just an example of the “what” is being sent would clear it up for me..Does my question make sense?
Thanks in advance!
Hi Marco,
The “why” is abstracted from this layer — as Network Engineers, we just care about enabling the “how”.
It could be an application where two hosts backup files to each other, it could be an instant messaging application, it could be a windows update and a windows update server, it could be a host speaking to a printer. In the illustration above, the “host” can represent anything on the Internet… PC’s, Laptops, but also phones, printers, smart devices, anything at all.
When you are browsing the web, your PC is speaking to another PC. Your PC is the “client” asking for a webpage, and the other PC is the “server” providing the webpage. In the illustration above, for simplicity’s sake, both PC’s are on the same network. But as you read on in the series, you’ll see how it works when the PC’s are on different networks — possibly on different ends of the Internet.
Hope this helps =)
Hi
we wanna send a fram from host A to host B ,which host A connected to Switch 1 and host B is connected to Switch 2,
can you explain this procedure please.
Hi Mohammad. Check out this article which illustrates how communication works through multiple switches:
In a LAN with a link-layer switch, Host 1 wants to send a message to Host 3. Since communication is through the link-layer switch, does the switch need to have an address? Explain
Hey Ed,
Thanks for the great article. Let me get to my question straight away.
What is the difference between the following and what are the typical use cases for the same?
1. L2 Broadcast – DMAC (All Fs)
2. L3 Broadcast – DIP (255.255.255.255)
3. Directed Broadcast – DIP (say, 10.1.1.255 /24)
Can you please clarify this for me and others?
L2 Broadcast – DMAC (All Fs) — this is the destination MAC address given to broadcast packets. Remember, the L3 header determines the final endpoints, but packet delivery is still the job of L2. Therefore, we need a correlating “L2 Broadcast address” to the L3 broadcast addresses you asked about below.
L3 Broadcast – DIP (255.255.255.255) — this can be used to speak to every host in my own subnet.
Directed Broadcast – DIP (say, 10.1.1.255 /24) — this can be used to speak to every host in my own subnet, or a foreign subnet. Although, many Routers in the present day drop packets destined to the directed broadcast IP for security reasons.
Great articles! Can you clarify when Flooding is used versus when a Broadcast is used? How does a host know when to send an ARP request versus rely on the Switch to Flood the ports for the info?
Remember, a switch does not broadcast — broadcasting is not an action of the switch. A switch only Forwards, Floods, Filters, or Learns.
A Broadcast is a frame created by the client which the client wishes to be delivered to everyone on the network. Just like a Unicast frame is a frame created by the client which the client wishes to be delivered to just one other recipient.
The Client creates Broadcasts or Unicast frames. The Switch chooses to flood or forward the Unicast frame, and (by rule) the Switch chooses to always flood the Broadcasts frames.
The client uses ARP if it needs to resolve a L2 address. If the client knows the L2 address, it uses a Unicast frame.
Hi ED,
I Just started to follow your wonderful series and I really like them..
I have a qq:..?
How is the MAC table built in case of a Port-channel..?
Do we use Switching going out of our network (edge router) , I’m sure we do not because if we do.. there wouldn’t be a MAC Table that can be used on the internet..!! for two reasons:
1. Security
2. unreasonably huge size of MAC table.. lol.. 🙂
Hi Sasi,
A port-channel (or ether-channel, or port-bundle, or any other names it goes by) simply creates a logical interface which represents multiple physical interfaces. Once the port-channel is created, all MAC addresses learned by any of the physical interfaces are simply associated to the logical port-channel interface itself.
As for your second question. Even if you did use a switch outside of your edge router, it would only have the MAC addresses for the devices between your Edge router and the ISP’s router it is connected to. Remember, a switch only knows the MAC addresses on the local network it is connected to, not the MAC addresses of any foreign networks.
Hope this helps!
Thanks for these series of articles, they’re easy-to-follow and very informative for a person just getting into this!
If Host A belongs to vlan 10 and Host B belongs to Vlan 20. Host A and Host B are connected via Switch and the Switch is connected to a Router. In this case if Host A try to send data to Host B. How Mac is learnt? and how packet flow will be ?
Kindly Clarify..
Remember a VLAN is pretty much like a separate (virtual) mini switch inside a real physical switch (learn about VLANs here). So the way packets would flow through a single switch with two VLANs connected to a router is the same as two physical switches connected to a router. And that process is outlined in the last article of this series:
https://www.practicalnetworking.net/series/packet-traveling/packet-traveling-series-finale/
In the above network diagram, IP and MAC addresses are given for network nodes. Suppose Host1 (Shahid) sends a datagram to Host2 (Khalid). What IP and MAC addresses (source and destination) will be written in IP and Data link layer headers respectively, for the following intermediate points from Host1 to Host2?
a) Host1 to Router1
b) Router1 to Router2
c) Router2 to Host2
Hi Mohammad… the illustration doesn’t have a Router. I’m wondering if you are referring to a diagram from a different article?
This last sentence really confused me:
“In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch).”
After some extra research on other sites i draw the conclusion that a Broadcast originates from a Host, not a Switch??
If i’m right about this, I think this article would be even better if this fact was super clear in the text.
Why/When does a host send a Broadcast?
>> a Broadcast originates from a Host
Yes! Exactly. The host chooses to send a broadcast whenever it needs to send something to the everyone on the local network.
The Switch is merely passing broadcasts along. And since the host meant for everyone on the network to receive the message, the Switch’s appropriate course of action is the Flood action.
Hi Sir,
Thank you very much for your wonderful explanations.
I want to know how frame/packet will be travel from one host to other host having network of switches and routers.
1. How frames are handled when connected to network having multiple switches?
2.How frames is handled between switches and routers?
3.How packets are forwarded in switches ( Do they require L2 header to be added containing next router MAC address or routers do not requires any L2 headers when communicating to each others?)
I would request if you can upload some videos on how routers handles traffic?
Regards
Himanshu
Hi Himanshu,
All your questions are answered in this new video series:
https://www.practicalnetworking.net/index/networking-fundamentals-how-data-moves-through-the-internet/
Check it out!
How does 2 hosts communicate with each other with only a single switch in between.MAC addresses of both the hosts are given but IP address is not mentioned
The hosts will still use IP addresses to speak to each other. The Switch, however, will never look into the L3 header to see the IP headers. See this for more info:
https://www.youtube.com/watch?v=gYN2qN11-wE
this is wonderful post.. Thank you dear Sir
You’re welcome =)
Assume that the ARP tables of both devices (laptop and Raspberry) and the MAC address table of the switch are initially empty. Your laptop will now send 3 ping requests to the IP address of the Raspberries. Describe step by step,
which messages are sent from which host and where and when the information in the various tables is updated
Thank you Ed for your brilliant in-depth illumination of ARP process.
Just one thing, I wish to clarify : The switch has the job to do flooding for the broadcast frame, rather than to initiate the broadcast frame. Whereas the Host has the job to initiate the broadcast frame.
Now, after the ARP request got initiated, the host then placed the ARP request onto the connected wire(s), allowing its ethernet LINK to take care of the actual delivery of the broadcast frames. This means the cable wire(s) will deliver the ARP request to all DIRECTLY CONNECTED neighbours. Hope my interpretation of your article was on the right track. Many thanks !
You’re welcome =).
Yes, you are correct on both points.
flooding will never be done when A wants to send to B. As we can see in the animation, the destination MAC was filled with that of the MAC address of B. How did A know the MAC address of B? A learnt it during the ARP protocol. So when B was sending its MAC address as a response to the ARP done by A, it had to go through the switch and then the switch would have learnt that the port on which b sits is 2. So there was no need for flooding to be done when A wants to send a message to B.
I was curious to ask, say there are two devices with different subnets both connected to a regular switch (not managed). if the switch only cares about the mac addresses, why couldn’t an application establish communication from one device to the other?. the switch knows the ports computer a and b are connected to, along with the mac address for each. does the application care about the ip addresses not being in the same subnet? or it depends on the the protocol use, maybe some protocols care, where others don’t. this is a question that has been haunting me for a while, I apologize if the intent of the question is not inherently clear, I don’t deal with networks much but I have run into this type of scenarios. thanks!