A network switch is a computer networking device that connects network segments. It uses the logic of a Network bridge but allows a physical and logical star topology. It is often used to replace network hubs. A switch is also often referred to as an intelligent hub.

Switch Operation

A switch can connect Ethernet, Token Ring, or other types of packet switched network segments together to form a heterogeneous network operating at OSI Layer 2.

As a frame comes into a switch, the switch saves the originating MAC address and the originating port in the switch's MAC address table. The switch then selectively transmits the frame from specific ports based on the frame's destination MAC address and previous entries in the MAC address table. If the MAC address is unknown, or a broadcast or multicast address, the switch simply floods the frame out of all of the connected interfaces except the incoming port. If the destination MAC address is known, the frame is forwarded only to the corresponding port in the MAC address table. If the destination port is the same as the originating port, the frame is filtered out and not forwarded.

Switches, unlike hubs, use microsegmentation to divide collision domains, one per connected segment. This way, only the NICs which are directly connected via a point-to-point link, or directly connected hubs are contending for the medium.

By eliminating the possibility of collisions, full-duplex point-to-point connections on the switch become possible.

Virtual LANs can be used in switches to reduce the size of the broadcast domains and at the same time increase security.

In redundant architectures, spanning tree protocol can be used in switches to prevent loops.

Forwarding Methods

There are four forwarding methods a switch can use:

• Cut through
• Store and forward - the switch, unlike cut through, buffers and typically, performs a checksum on each frame before forwarding it on.
• Fragment free
• Adaptive switching

Flaws

Switches provide difficulties in monitoring traffic because each port is isolated until it transmits data, and even then only the sending and receiving ports are connected.

Two popular methods that are specifically designed to allow a network manager to monitor traffic are:

• Port mirroring -- the switch sends a copy of network packets to a monitoring network connection.
• SMON -- "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Other "methods" (a.k.a. attacks) have been devised to allow snooping on another computer on the network without the cooperation of the switch:

• ARP spoofing -- fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
• MAC flooding -- overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".

See also

• Router
• Multilayer switch
• Telephone switch