Practical Networking .net
post

Host to Host through a Switch

This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.

 

Packet Traveling

In the last article, we looked at everything that happens for two hosts to communicate directly with one another. In this article, we will add a common network device: a switch. We will take a look at what happens for communication from Host to Host through a Switch.

This article will be the practical application of everything that was discussed when we looked at a Switch as a key player in packet traveling. It might be worth reviewing that section before proceeding.

We will start by looking at the individual switch functions, and then take a look at an animation which shows their collaborative operation.

Switch Functions

A Switch primarily has four functions: Learning, Flooding, Forwarding, and Filtering:

Learning

Being a Layer 2 device, a Switch will make all its decisions based upon information found in the L2 Header. Specifically, a Switch will use the Source MAC address and Destination MAC address to make its forwarding decisions.

One of the goals of the Switch is to create a MAC Address Table, mapping each of its switchports to the MAC address of the connected devices.

The MAC address table starts out empty, and every time a Switch receives anything, it takes a look at the Source MAC address field of the incoming frame. It uses the Source MAC and the switchport the frame was received on to build an entry in the MAC Address Table.

Sooner or later, as each connected device inevitably sends something, the Switch will have a fully populated MAC Address Table. This table can then be used to smartly forward frames to their intended destination.

Flooding

However, despite the learning process above, it is unavoidable that a Switch will at some point receive a frame destined to a MAC address of which the Switch does not know the location.

In such cases, the Switch’s only option is to simply duplicate the frame and send it out all ports. This action is known as Flooding.

Flooding assures that if the intended device exists and if it is connected to the switch, it will definitely receive the frame.

Of course, so will every other device connected to that particular Switch. And though not ideal, this is perfectly normal. The NIC of each connected device will receive the frame and take a look at the Destination MAC address field. If they are not the intended recipient, they will simply silently drop the frame.

If they are the intended device, however, then the Switch can rest satisfied knowing it was able to deliver the frame successfully.

Moreover, when the intended device receives the frame, a response will be generated, which when sent to the Switch will allow the switch to learn and create a MAC Address Table mapping that unknown device to its switchport.

Forwarding

Ideally, of course, the Switch will have an entry in its MAC Address Table for every Destination MAC it comes across.

When this happens, the Switch happily forwards the frame out the appropriate switchport.

There are three methods by which a Switch can forward frames. They are briefly described below.

  • Store and Forward – The Switch copies the entire frame (header + data) into a memory buffer and inspects the frame for errors before forwarding it along. This method is the slowest, but allows for the best error detection and additional features like prioritizing certain types of traffic for faster processing.
  • Cut-Through – The Switch stores nothing, and inspects only the bare minimum required to read the Destination MAC address and forward the frame. This method is the quickest, but provides no error detection or potential for additional features.
  • Fragment Free – This method is a blend of the prior two. The Switch inspects only the first portion of the frame (64 bytes) before forwarding the frame along. If a transmission error occurred, it is typically noticed within the first 64 bytes. As such, this method provides “good enough” error detection, while gaining the speed and efficiency of avoiding storing the entire frame in its memory before forwarding it.

It is worth pointing out that these three methods were at one point very significant when Switch technologies were newer and switching induced noticeable latency. In modern days, with line-speed switching, the difference in speed between these three is negligible, and most switches operate in Store and Forward mode.

Filtering

And finally, the last function of the switch is filtering. Mainly, this function states that a Switch will never forward a frame back out the same port which received the frame.

Most commonly, this happens when a Switch needs to flood a frame — the frame will get duplicated and sent out every switchport except the switchport which received the frame.

Rarely, a host will send a frame with a destination MAC address of itself. This is usually a host experiencing some sort of error condition or being malicious. Either way, when this happens, the Switch simply discards the frame.

 

Switch Operation

Now that we’ve looked at each of the individual functions of a Switch, we can look at them in action. The animation below includes a Switch going through all four functions as it processes traffic.

Ordinarily, the hosts in the animation below would need to perform an ARP resolution, but for the sake of focusing on the Switch’s operation, we will omit ARP and proceed as if all the hosts already knew each other’s IP and MAC addresses.

Host to Host through a Switch - Switch Functions animation

Host A has “something” to send to Host B. The contents of the “something” is entirely irrelevant, so long as its understood that the frame has a L2 header which includes a Source and Destination MAC address.

Initially, the MAC Address Table of the Switch is empty. Remember, it only gets populated when a frame is received.

When Host A sends the frame to the switch, it includes a Source MAC address of aaaa.aaaa.aaaa. This prompts the Switch to learn a MAC Address Table entry mapping Port 1 to MAC Address aaaa.aaaa.aaaa.

Then, when deciding how to forward the frame, the Switch realizes there is no entry for bbbb.bbbb.bbbb. This leaves the Switch only one option: duplicate and flood the frame out all ports. Notice the frame was duplicated out all ports, except Port 1 (the port it came in on) – this is an example of the Switch performing its filtering function.

This frame will then be received by Host C and Host B. Host C, when inspecting the L2 header will realize the frame is not intended for them and will simply discard it. Conversely, when Host B receives the frame and realizes they indeed are the intended recipient, they will accept the frame and generate a response.

When the response arrives on the Switch, another MAC Address Table mapping can be learned: Port 2 contains the MAC address bbbb.bbbb.bbbb.

Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.

The animation above illustrate the four switch functions on a single switch. To see how the process scales to multiple switches, check out this article.

 

Broadcasts

There is often some confusion about a switch in regards to a Broadcast and a Switch’s flooding behavior. The confusion is understandable, because the end result is the same, but it is also important to understand the distinction.

A Broadcast frame is a frame which is addressed to everyone on the local network. This is done using the same Ethernet header we’ve been discussing, except the Destination MAC address field is populated with a special address: ffff.ffff.ffff. The “all F’s” address is specially reserved for the purpose of broadcasting.

By definition, if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame (after learning the Source MAC, of course).

Another way of looking at it, is since the address ffff.ffff.ffff is reserved, the switch is unable to learn a MAC Address Table mapping for it. As such, any frame destined to this MAC address will always be flooded.

In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch).

This article intentionally omits the Address Resolution Protocol (ARP) in order to focus purely on the actions of a Switch. ARP is a function of the client, and will never be performed by the switch itself. It is assumed that the clients in the animation above already know each other’s MAC address. To learn more about ARP, check out this video.

 

Series Navigation<< Host to Host CommunicationHost to Host through a Router >>
  • 4
    Shares

Comments

  1. Baraka Said says:

    To some extent i was interested to know more about what will happen when the switch receive a frame address to a new host that is not in the mac address table?

    • Hi Baraka, it would first attempt to Learn the source MAC address of the received frame, then if it doesn’t yet have an entry for the Destination MAC address, it would Flood the flame out all ports (except the one it came in on). Pretty much the same sequence of events as the animation above when the switch first receives the frame from Host A, and the MAC Address Table is empty.

  2. hoang nguyen says:

    This comment is for the line…”Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.”

    I am confused now. You brought up the example of Host A sending data to Host B. The switch does not know Host B MAC address. So the switch duplicate the Frame and Broadcast it out. Everyone other hosts drops except for Host B. Host B sends the FRAM back to the switch. Switch populate its MAC Address Table.

    When does Host B receive the data? From your statement, Host B sends a response to the Switch with the Destination to Host A. Switch sends data to Host A.

    How does the switch send data when Host A is sending to Host B after getting the response from Host B from an empty MAC Address Table?

    • Hi Hoang,

      > When does Host B receive the data?

      The frame is the data. When Host A sends the frame, it is not sending it to the switch, it is just sending it. Host A does not know whether it is connected to a switch, or directly connected to Host B.

      > How does the switch send data when Host A is sending to Host B after getting the response from Host B from an empty MAC Address Table?

      The switch is not sending data, it is merely forwarding data initially sent by Host A or Host B. It is simply using its MAC address table to forward the data smartly. This is in contrast to a hub, which would simply duplicate each incoming frame and flood it out all ports, every single time. The switch only needs to do the flooding action initially — once it learns which MAC addresses exist at which ports, it simply forwards.

      • hoang nguyen says:

        Thanks Ed. After I posted my commented, I continued to watch the YouTube Video that you made. That video made me think clearly.

        When Host A does not know the MAC address, it sends an ARP saying “what is the MAC address to this IP”. After the response from Host B…”Hi, I’m that IP and this is my MAC”…get back to Host A. Host A update its ARP table. Now Host A can build the frame of Source MAC and Destination MAC and send the data off.

        Without the complete L2 header, data can never be sent within a network or another network. That’s my interpretation. Data can never travel when L2 is not completed.

        • Hi Hoang, absolutely. L2’s job is to deliver a packet from one NIC to the next NIC. Without the ability to create a full L2 header, data can never traverse between two nodes. Glad it all makes sense now!

  3. hoang nguyen says:

    I also wanted to know the process when Host A does not have the Destination MAC because it rebooted. However, the switch does have the Destination of where Host A wants to send.

    For example, Host A sends data to Host B. Host A looks at its ARP table, discovers that it doesn’t have Host B. Host A sends a Broadcast. How does the Switch handle the Broadcast when the switch does have Host B MAC?

    Just for more confusion on my side, what does the switch do when it doesn’t have Host B MAC as well? Does the switch duplicate the FRAM from Host A and FLOOD?

    • harshini says:

      If the switch in between has been switched off and on??? Then what will happen to the packets forwarded from HOST A ???

  4. > For example, Host A sends data to Host B. Host A looks at its ARP table, discovers that it doesn’t have Host B. Host A sends a Broadcast. How does the Switch handle the Broadcast when the switch does have Host B MAC?

    The ARP Request that Host A sent will be a Broadcast frame, which means the destination MAC address field of the L2 header is FFFF.FFFF.FFFF. Whether the switch has Host B’s MAC address or not, it will always process a broadcast frame the same way — by flooding the ARP Request to every host on the network.

    Remember, the switch does not know that the packet is an ARP Request or regular data. It only looks up to the L2 header to make it’s forwarding decision.

    • hoang nguyen says:

      Thank you so much. I swear that you made the subject matter in this series so friendly to understand that even a cave man will learn.

      Thank you again Ed. Please write more topics when you have time of anything IT.

  5. Thanks for the series.I wish to know how the packet flow between two switches with one host (192.168.1.1/24) in one switch and another host(192.168.1.5/24)in another switch.

    Can you please explain this for me.

  6. very nice & clear clarification. Nevertheless you need to have more drawing and videos probably…

  7. Steve Gardner says:

    Thank you for this, Ed. I teach networking here at the University and as much as I hate to admit it, you do a better job than I do. So…..one would think I would learn how to teach it better, but I am going to send them to your site instead! ;-D Then they get it two ways instead of one…..much better. Thank you again.

  8. Hi Ed,

    Thanks for the wonderful article along with video, Let us know do you have the examples like this for DHCP & PPPOE protocols.

    Regards,
    Mugil

  9. i want to receive frame from port C of a switch.when port A sends the frame to port B on the same switch.HOW??????????????

  10. Hi,

    Could you kindly elaborate on this statement?

    “But a switch will never broadcast a frame (since broadcasting is not a function of a switch).”

    Thanks!

    • Hi Joelle. A Broadcast, by definition, is simply a frame with a destination address of ffff.ffff.ffff. A Switch’s reaction to a broadcast frame is flooding. One is a type of frame, the other is an action the switch will take.

  11. Shantanu Jha says:

    Great article. I was wondering how does the host or any device in the same network know the location of the switch? The destination ip address and MAC address is either of the router or an another host (given, its in the same network).
    Thanks!

    • Hi Shantanu,

      The host does not know the location of the switch, nor does it need to. The host does not know whether there is one switch or ten switches, or zero switches. The host simply creates the datagram, creates the L3 frame, creates the appropriate L2 frame, then puts it on the wire. Everything that happens after that is entirely out of the host’s hands.

      Hope this helps.

  12. Sujit Sahoo says:

    Can you please elaborate the difference between ARP broadcast and switch flooding.I mean if host A knows destination host B Mac address but Mac table in switch does not know about host B mac address..Then what swich will do…

    • A switch can learn the MAC address mapping of the devices connected from any frame, not just ARP frames. When HostA sends anything, the switch will learn the MAC address and associated port for HostA. When HostB sends anything, the switch will learn the mapping for HostB.

      An ARP Frame is only a broadcast because the destination MAC address is set to ffff.ffff.ffff. ARP can be sent unicast, as is the case in ARP Responses.

      Flooding is a switch action (not a type of frame). It is the action a switch takes when it does not know exactly which port to deliver a frame to.

      • Sujit Sahoo says:

        Then switch will naver flood because before that when ever any host tries to send data to any other host,it will broadcast ARP and from that swich will learn source Mac and it’s port no.And from ARP response it will learn destination Mac with it’s port no.can you please give any example where switch will flood because according to your above notes i think switch will always learn Mac with port no from ARP broadcast and unicast response

        • Separate the functions of each device. They are independent from one another.

          A host will issue an ARP Request if it needs to map an IP address to a MAC address. This frame typically has a destination MAC address of ffff.ffff.ffff and is therefore a broadcast frame.

          A switch will learn the source MAC address of any frame it receives on any port.

          A switch will flood a frame if the the destination MAC address does not exist in the MAC table –OR– if the destination MAC address is ffff.ffff.ffff

          Each function is independent of the other. A switch does not flood because the frame is an ARP, a switch floods because the frame is destined to ffff.ffff.ffff.

  13. Hey Eddie,
    I read this this article and was impressed with the level of detail. I took a few of your classes at the Rack! Awesome 🙂 Thanks for this.

    Swetha

  14. Hi Ed,
    Good article. I have some questions and I can’t find answers for them. We have one network, with 3 hosts and a switch and a router. All hosts knows MAC and IP of all hosts and the switch knows on which port are all hosts
    1) What happens if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port ?
    2) What happens if host 1 sends data to host2 and someone has changed the IP addr of host2 by IP addr host3 (and IP addr of host3 by IP addr of host2)
    3) What happens if host 1 sends data to host2 and someone has changed the MAC addr of host2 by MAC addr host3 (and MAC addr of host3 by MAC addr of host2)
    Thank you

    • Hi,

      I wrote a bit about how ports react when being disconnect in this comment response. That is relevant to your questions, which I’ll try to answer here:

      1. When a host is disconnected, the switch will purge all known MAC addresses with that port. When the host is reconnected elsewhere, the standard learning function will populate the MAC address table for the host’s new port.

      2. Typically, when a host’s IP address changes, it will issue a Gratuitous ARP. This will update all the relative ARP caches on the network and all the relative MAC address tables on the switch.

      3. Lastly, if the MAC addresses were changed, whatever next frame is sent by either host from their new MAC addresses would cause the MAC address table to update, and the switch to “re-learn” where those MAC addresses exist.

      Hope this helps. If it doesn’t, it might be because your question is too specific… in which case I would recommend asking at the Network Engineering Stack Exchange or Sub Reddit.

      • Hi Ed,

        Thanks for your answer and the time you spend writing it.

        1) if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port
        This is tricky because the switch populates the MAC address table only when the switch receives a frame. And here host2 is not sending frames. host1 continues to sends data to hosts2 and host2 is just receiving frames from host1 and someone has disconnected host2 by accident and connected it to another port without knowing. So for the switch, it sees something coming from host1 (from the good port), but switch will try do send it to the original port of host2 which have no host connected on it, so host2 will never receive it, until host2 sends a frame and switch will update his mac table
        This is my understanding but I need a network teacher or network engineer to validate this

        for 2) I will read your topic about gratuitous ARP

        3) Here again we have the same issue, because the switch populates the MAC address table only when the switch receives a frame. So I think the switch will continue to send date to host2 until host2 send data to the switch then the switch will update his mac table. But at this point there will be an issue, because if host3 does not send data, the switch will never update its entry and will never know that it has mac addr of host2, so data will be dropped
        Here again this is my understanding but I need a network teacher or network engineer to validate this

  15. Hi! Great article and animations!
    One thing puzzles me: Since Host A needs to know MAC address of Host B before sending actual data, an ARP request and response will take place, during which the switch will learn and store the MAC addresses of Host A and Host B. So, how can it be that in your example when Host A sends the actual data, the switch doesn’t already know the MAC addresses of Host A and Host B?

    • Hi Billy,

      For the sake of limiting this article to the functions of a switch, I omitted the process of Host A and Host B discovering each other’s MAC address.

      Otherwise, you are correct. If they did not know each other’s MAC address, they would have to discover it using ARP, and the switch would have learned their MAC addresses from the packets in the ARP conversation.

      • OK, I understand now. I’ve read 2 books about networking and your tutorial was the only thing that made everything was so simple and clear. You are very gifted at what you’re doing and your animations are superb. I’m looking forward to a tutorial about VPN. Thank you very much!

  16. In data link layer we have frame for comminication that have a two field for MACs.We have client A with source mac aaaa.aaaa.aaaa destined to client B with bbbb.bbbb.bbbb MAC add in a cleared mac table switch.when aaaa.aaaa.aaaa received to switch and not known bbbb.bbbb.bbbb is where ,then wants to flood a frame to all port (except the port that received) for learnnig bbbb.bbbb.bbbb.
    my question is which destination mac address is in destination mac address field in the frame? switch floods the frame with bbbb.bbbb.bbbb dest mac add field or with ffff.ffff.ffff ?

    I’m confused because the bbbb.bbbb.bbbb is not a broadcast address , and ffff.ffff.ffff where want to sit in frame?(because we have aaaa.aaaa.aaaa as source mac and bbbb.bbbb.bbbb as destination mac in frame)

    • Hi Farshid,

      When the switch chooses to flood the frame, it does not change the destination MAC address. So in the case of the flood action above, the SRC MAC will be aaaa.aaaa.aaaa and the DST MAC will (still) be bbbb.bbbb.bbbb.

      Remember, a switch does not broadcast — broadcasting is not an action of the switch. A switch only Forwards, Floods, Filters, or Learns.

      A Broadcast is a frame created by the client which the client wishes to be delivered to everyone on the network. Just like a Unicast frame is a frame created by the client which the client wishes to be delivered to just one other recipient.

      The Client creates Broadcasts or Unicast frames. The Switch chooses to flood or forward the Unicast frame, and (by rule) the Switch chooses to always flood the Broadcasts frames.

      Hope that clears it up for you.

  17. “if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame”

    In case the Mac and IP address of host C is known, will it still flood the frame to the port where host C is connected?

  18. Hi

    Very good Informations here in this page highly appreciated.

    But i have some Beginner question.

    Something that is not clear to me yet is , How the Source computer A knows the Mac address of the Destination computer B ?

    We know Computer A and B never communicated before ?

    Could someone help with this ?

    Thank you.

    • Hi Joe. Good question. In reality, Host A would not know the MAC address of Host B. But for the sake of focusing on the switch operations, I omitted including ARP in this illustration. If you want to understand the full process, check out the last article in this series which provides a video that explains every step, to include Host A’s ARP Request.

  19. Hi Ed Harmoush

    Yes i have gone through the Video and other Another part of this series which explains thew ARP request By Host A.

    Thank you again for the article , it’s really helping me out. And i hope to see more Detailed and deep articles on Networking Just like this again.

    Much appreciated ^^

    Thank you

  20. Hello Mr.Ed,

    Thank you for this tutorial.

    I have a question.Let’s suppose we only have host A and host B ,not host C .And there is a router in the example.Like this.https://i.imgur.com/7O1WscX.png

    Since in point to point connections we do not use arp request ,how does host A find out the routers interface mac address ,host Bs mac address etc ? thank you again.

    • Hi Netnoob, glad you enjoyed the tutorial. I think you may have a misunderstanding, let me explain…

      Point to Point media, such as Serial links, can only have two parties on the “network” — one on each end of the cable.

      Multiaccess media, such as Ethernet, can have unlimited parties on the network. But for that to be possible, there has to be a device facilitating communication among the different devices on the network — like a switch.

      In your picture, Host A is connected to a switch, which means Host A is using multi-access media, which means it would indeed use ARP to resolve the Router’s MAC address.

      Had there been no switch, and had Host A been connected directly to the Router with a Serial link, THEN there would be no ARP, because anything Host A put on the wire would appear on the other side (although typically you do not see hosts using Serial cables these days).

  21. hi sir, I have a question suppose packet is sent from the host A which is in Lan 1 to host B which is in Lan 10, packet travels via intermediate node or switch or router … while travelling a packet from LAN 1 to LAN 10 packets can be lost/ discarded due to various reasons at that moment how re-transmission of packet is done ???

    • Hi Manoj,

      Good question. Within L2 and L3, there is no consideration for lost packets or re-transmissions. That doesn’t come into play until L4, and even then only if the protocol in use is TCP. Then, TCP will handle keeping track of which packets have arrived, and which packets need to be re-transmitted.

      TCP might one day be the topic of a future article, but is outside the scope if this particular series.

Speak Your Mind

*