Computer Networks
Switches
An office has 200 computers. If each sends one ARP request per second - that's 200 broadcast packets per second visible to every computer. Now add DHCP, Windows announcements, printers... Without proper network organization, it's chaos. Switches and VLANs are tools for order.
- **Network segmentation**: Guests shouldn't see the accounting department. VLAN solves this without running separate cables
- **Diagnostics**: "The network is slow" - possibly a broadcast storm. Check the switch counters
- **Scaling**: Adding 100 devices without reworking the entire network requires proper VLAN architecture
Предварительные знания
Switch vs Hub
**A hub** is the simplest device: it receives a frame on one port and sends a copy to all others. It operates at L1 (physical layer), simply amplifying the signal. Everyone sees everyone else's traffic - inefficient and insecure.
**A switch** operates at L2, understands MAC addresses. It sends a frame only to the port where the recipient is located. This dramatically improves performance.
Hubs are virtually extinct - even cheap 8-port devices today are switches. But understanding the difference is important for interviews and understanding the history of networking.
Each switch port is a separate **collision domain**, so full duplex is possible. Devices can simultaneously send and receive without collisions.
Why is a switch more efficient than a hub?
MAC table: the switch's memory
The **MAC table** (CAM table, Content Addressable Memory) is the switch's database that maps MAC addresses to ports. The switch populates it automatically by observing traffic.
If the recipient's MAC is not in the table, the switch performs **flooding**: it sends the frame to all ports except the source. When the recipient replies, the switch learns its MAC.
**MAC flooding attack**: an attacker generates thousands of frames with different MAC addresses, overflowing the table. The switch starts acting like a hub - all traffic is visible to everyone. Defense: **Port Security**.
What does a switch do when the recipient's MAC address is not found in the table?
Broadcasts in a switched network
A switch **does not block broadcasts**. A frame with destination MAC = FF:FF:FF:FF:FF:FF will be sent to all ports. This is necessary for ARP, DHCP, and other discovery protocols.
**Broadcast storm** - an avalanche of broadcast packets that can paralyze a network. Causes: a loop in the network, a virus, misconfigured software. Defense: **STP** (Spanning Tree Protocol).
The more devices in a single broadcast domain, the more "junk" traffic. In a network of 500+ devices, broadcasts can take up a significant portion of the bandwidth. The solution is **VLANs** or **routers**.
Why is a large broadcast domain a problem?
VLAN: virtual segmentation
**VLAN** (Virtual LAN) is a technology that allows one physical switch to be divided into several virtual networks. Devices in different VLANs cannot see each other's broadcasts, even if they are connected to adjacent ports.
VLANs are implemented via the **802.1Q tag** - an additional 4 bytes in the Ethernet frame containing the VLAN number (1-4094). An **access port** belongs to one VLAN; a **trunk port** carries traffic for multiple VLANs between switches.
**Native VLAN** - the VLAN for untagged frames on a trunk port. Defaults to VLAN 1. Security recommendation: change the native VLAN to an unused number.
VLAN provides security like a firewall
VLAN isolates broadcast domains but doesn't filter traffic
VLAN segments networks at L2, but if there is routing between VLANs, traffic passes through. For filtering, ACLs on the router or a separate firewall are needed.
What is needed for communication between devices in different VLANs?
Key ideas
- **Switch vs Hub**: a switch is smart (L2, MAC table), a hub is dumb (L1, repeater)
- **MAC table**: maps MAC → port, populated automatically, has TTL
- **Flooding**: when the MAC is unknown, the frame goes to all ports
- **VLAN**: virtual segmentation of one switch into multiple networks, broadcast isolation
What's next
We covered L2 - the local network. Next: L3, the network layer:
- VLAN in depth — Tagging, trunk, inter-VLAN routing
- IP addressing — How internet addressing works
Вопросы для размышления
- Why are there no more hubs in modern networks, yet it's important to know how they worked?
- How is a network organized in an office with 3 departments that must not see each other's traffic?
- What happens when two switches are connected with two cables and STP is not configured?