In this post we shall be discussing about various network components and their corresponding Linux virtual counterparts.
Switches basically provide the following functionality
- Mac learning: As switch receive packets on their interface they map the interface id/port number to the source mac address of the all packets received on that interface. This is used later while forwarding.
- Forwarding: Switches do not see a packet past the l2 headers. The have to perform a simple logic before sending out a packet received on one interface, to other interfaces.
- If the destination is broadcast/multi-cast, forward on all ports except the ingress port.
- If the destination of a packet is mapped to any interface send the packet out that interface alone.
- If the destination is non of the above, forward on all ports belonging to the packet’s VLAN, except the ingress port.
- VLAN Isolation: Packets are assorted according to their VLAN. A switch’s port can be either configured as trunk port(Belongs to all VLANs) or as an access port for a particular VLAN. The rules therefore are simple.
- Packets appearing on trunk ports should be tagged unless they belong to vlan 1(native vlan). The tag identifies the packet’s vlan in this case.
- Packets appearing on access ports should not be tagged unless they want to be dropped. The port configuration(access ports always belong to a VLAN) identifies the packet in this case
The assorted packets then pass through the forwarding phase, which determine to which port they would be sent to. Packets going out trunk ports will be tagged and those going out access ports will not be tagged. The forwarding logic guarantees that a packet belonging to a VLAN shall never trespass another VLAN.