Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5426
Views
5
Helpful
4
Replies

Switches and Mac address broadcasts

Go to solution
tolinrome tolinrome
Level 1
Level 1

‎11-30-2013 11:53 AM - edited ‎03-07-2019 04:51 PM

I understand that when pc's communicate they send arp requests. So when pc A wants to communicate with pc B it sends an arp broadcast and the switch will broadcast it to all on the connected ports to all the pc's connected to it until pc B responds saying that he has the mac address that pc A is looking for. But, why then does it use the IP address if that is layer 3 and switches (layer 2) communicate with mac addresses? Is it the actual mac address that is doing the communicating and the IP address is just along for the ride so to speak encapsulated in the frame?

Also, when the switch learns all the mac addresses of the computers attached to it and it has a copy in its memory table of all the mac addresses, the next time pc A wants to communicate to pc B, does the switch then NOT broadcast the arp request to all the other ports\pc's since it already knows the mac address destination of pc B since its in the memory table?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to daniel.dib

‎11-30-2013 02:52 PM

I like the explanation that Daniel gives (+5) and especially how he bases his explanation on the operation of the various layers. I would emphasize that to understand how networks work you really need to have an understanding of how the layers work and how they relate to each other.

The original post was based on the assumption that pc A and pc B are in the same subnet and in the same vlan (though I am not sure that the original poster was necessarily aware of this). In that case the forwarding is all based on layer 2 MAC addresses, and yes the IP address is pretty much along for the ride. But if these hosts had been in different vlans (and therefore in different subnets) then forwarding would have been based on both MAC address and IP address.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
daniel.dib
Level 7
Level 7

‎11-30-2013 02:05 PM

There are several steps involved in two hosts communicating. Think of the OSI model, you have seven layers consisting of:

Application

Presentation

Session

Transport

Network

Datalink

Physical

Without complicating it too much, let's say that PC A is using a browser to go to a webpage that PC B is hosting. PC A browser would send HTTP commands like HTTP GET, these commands would be encapsulated in a TCP segment destined to TCP port 80 on PC B.

There used to be different routed protocols like IPX, Appletalk etc but today it's all IP so we need a source and a destination IP address. The source IP is PC A and the destination is PC B.

We have several layer 2 protocols but Ethernet is the most common one. If PC A and PC B are on the same subnet and PC A does not know the MAC address of PC B then it needs to send an ARP request which is a broadcast at layer 2, meaning the destination MAC address is FF-FF-FF-FF-FF-FF. All devices in that broadcast domain will see that request but only PC B will reply to it. Switches must flood these frames on all ports part of that broadcast domain (VLAN).

The switch has a MAC address table where it stores learned MAC address. It examines incoming frames and looks at the source MAC of the frame and associates that with the incoming port. If PC A sends a frame to PC B and the switch knows where PC B is connected then the frame is only sent out that port. However if PC B has been quiet for a while and the learned MAC of PC B has timed out then that frame would have to be flooded to all ports in the broadcast domain. This is called unknown unicast.

Switches work at layer 2 while routers work at layer 3. So a router would not look at the frame, it would look at the IP header. It would have to rewrite the frame though to be able to forward it with the correct source and destination MAC.

However these days the line between a switch and router is very blurry and many devices do both layer 2 and 3 and above.

The key thing to take away is that when hosts communicate there are many steps involved and there are different headers involved depending on which protocols are in use. This is to be able to carry the actual payload that should be delivered.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to daniel.dib

‎11-30-2013 02:52 PM

I like the explanation that Daniel gives (+5) and especially how he bases his explanation on the operation of the various layers. I would emphasize that to understand how networks work you really need to have an understanding of how the layers work and how they relate to each other.

The original post was based on the assumption that pc A and pc B are in the same subnet and in the same vlan (though I am not sure that the original poster was necessarily aware of this). In that case the forwarding is all based on layer 2 MAC addresses, and yes the IP address is pretty much along for the ride. But if these hosts had been in different vlans (and therefore in different subnets) then forwarding would have been based on both MAC address and IP address.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Stuart Gall
Level 1
Level 1

‎11-30-2013 02:55 PM

I think I know what you are getting at, but I may have missed the point.

The IP address is used for the end to end routing. The MAC address is used to get to the next hop.
So a router takes off the Ethernet header, looks at the ip header and then adds a new Ethernet header to get the packet to the next hop.

As you suggest it would in theory be possible to communicate on the same link using MAC address alone. And some protocols do in fact do this.

However for general traffic if the pc did as you suggest there would be two kinds of packets for each higher protocols (tcp/ip and tcp/eth). By always using IP even on the same segment it makes a uniform interface for the upper layers to talk to.

Infact ip is even used on the same host via loop back just to make the interface uniform for applications.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Stuart Gall

‎11-30-2013 03:40 PM

I am not understanding your comment about "(tcp/ip and tcp/eth) " (and perhaps it is because it has been a long day for me). So let me try again at my explanation.  When we send data over the network it always has components that include the layer 2 mac addressing, the layer 3 IP addressing, and the layer 4 transport addressing. Which components are used depends on the forwarding environment.

So if some host A is sending something to host B then this is approximately what happens:

- host A evaluates the destination host B IP address.

- if the destination IP address is in the local subnet then host A will arp for host B and put host B MAC address as the destination MAC address. (no router or layer 3 forwarding is needed).

- if the destination IP address is not in the local subnet then IP forwarding is required and host A will put its default gateway MAC address as the destination MAC address.

- the data is sent onto the network.

- if the destination MAC address is in the switch mac address table then the data is forwarded toward the destination.

- if the destination MAC address is the default gateway then the data is forwarded to the gateway which does its layer 3 forwarding process and re-writes the layer 2 header as it forwards the data.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card