4. Collision Domains, Broadcast Domains, and VLANs
Now, let’s talk about an interesting topic – collision domains, broadcast domains, and VLANs.
First, let’s talk about collision domains. A collision domain is the part of the network where packets can collide. In simple words, a collision domain represents how many devices can send data at the same time.
Now, before we understand how to identify the number of collision domains on a device, let’s first understand why are we talking about this? Why is collision an important subject? The reason is when packets collide on a network, there is loss of data. So, we want to make sure that we have as little collision as possible. A collision domain helps us identify where possible collisions may occur.
Let’s start with the hub. So, here we have a hub and to this hub we have four devices connected. How many devices can send data at the same time? The answer is one. On a hub, there is only one device that can send data at any time. If more than one device sends data at the same time, a collision will occur. That is why a hub is a single-collision domain, because on a hub, only one device can send data at any time.
Now, let’s talk about a switch. We have a switch to which we have four connected devices. On a switch, every connected device can send data at the same time. So, here we have an eight-port switch and every device connected to each of these ports can send data at the same time. So, on a switch, the number of collision domains is equal to the number of ports. So, on a switch, all connected devices can transmit at the same time.
Now let’s talk about a router. It’s the same case with the router. On a router, every device connected to every port can send data at the same time without resulting in collisions. So, the number of collision domains on a router will be equal to the number of ports.
So, to summarize, a hub is a single-collision domain because only one device can send data at any time; on a switch, each port is its own collision domain, so all devices connected to all ports can send data without colliding; and similarly, on a router, each port is its own collision domain
This is important for you to remember from an examination perspective. On the exam, you may see a question that says, ‘Here we have a 48-port switch. Identify the number of collision domains.’ Or ‘Here we have a four-port hub. Identify the number of collision domains.’
Now, let’s talk about broadcast domains. But before that, we need to understand what do we mean by broadcasting? So, broadcasting refers to sending traffic to all nodes on a network. Broadcast traffic stays within a local area network, or LAN. This is important to keep in mind that broadcast traffic never crosses the LAN. And a broadcast domain is a logical division of the network in which all nodes can reach each other by air broadcast.
Let’s understand this with an example. So, here we have a hub and we have four connected devices. If the device on the left side were to send a broadcast, how far would the broadcast reach? So, if this device sends a broadcast, all connected devices will get that broadcast. So, it is one-broadcast domain. It’s one-broadcast domain. So, if any device sends a broadcast, every other device receives it. So on a hub, a broadcast will reach all devices.
Now, let’s talk about a switch. Here we have a switch and we have four connected devices. If the device on the left sends a broadcast, all other devices connected to the switch will receive the broadcast. So, a switch, by default, is one-broadcast domain.
But on a router, things are a bit different. And the reason for that is because on a router, every port is in its own Layer 3 network. So, for example, if this port here, the one on the left, had an IP address of 192.168.1.1/24, this port here may have a different Layer 3 address, for example, 192.168.10.1/24. So, every port on the router is a different Layer 3 address, or it’s in a different LAN, or a different network. And we just understood that broadcast traffic never crosses the line. So on the router, the number of broadcast domains is equal to the number of ports. So, for example, if this device on the left side were to send a broadcast, that broadcast will not cross the connected port. So, if this device was connected to this port, that’s how far the broadcast can reach. So, just bear in mind that on a router, a broadcast is confined to the connected port because every port is a different Layer 3 address.
So, to summarize, on a hub, we have a single broadcast domain, because if one device sends a broadcast, every other device receives that. On a switch again, we have a single broadcast domain because on a switch every port is in the same local area network, so every other connected device will receive that broadcast. But on a router, each port is its own broadcast domain.
Having understood this, let’s not talk about the problem with broadcast. So, imagine we have a switch and we have four devices connected to this switch. When the device on the left sends a broadcast, which devices will receive this? We just understood that on a switch, all connected devices will receive the broadcast. So in this case, all these three devices will receive the broadcast. In a small network, this is not a problem, but imagine a large network with lots of switches or imagine a switch with lots of ports. Let’s say 48 ports. So if one device sends a broadcast, the remaining 47 devices will get that broadcast. And remember, not every device wants to look at that traffic; and also keep in mind that devices regularly send broadcast. And many times the devices that received the broadcast really don’t need that traffic. So, the more the broadcast traffic in the network, the more your resources are going to get consumed and lesser the efficiency of the network.
So, how do we control this and how do we solve this problem? Well, the answer is VLANs, or virtual LANs. A VLAN, or virtual LAN, is a logical separation of devices on the same switch or on the same LAN. So, it allows you to divide a LAN segment, which is one switch, into multiple logical LANs or multiple virtual switches known as virtual LANs.
By doing this, you can address the problem of broadcast traffic because we just understood that broadcast traffic is limited to the LAN segment. So, if we take one switch, which is one logical area network or one LAN and divided into three VLANs, we have effectively cut down the broadcast domain or the size of the broadcast domain.
Important to bear in mind that each VLAN is a different network with a separate Layer 3 addressing. We’ll talk about this in just about a minute. And the most important point, the purpose of VLAN is to break the broadcast domain. So, each VLAN is a different broadcast domain.
So, let’s understand this with an example. Here we have a switch, and it belongs to the 192.168.1.0/24 network. So, all devices connected to this, which are going to be part of that network, they’re going to be part of that LAN. We just understood the problem with broadcast traffic. It eats up your valuable resources on the network. So, we decided to split the switch into multiple VLANs. So, we can configure VLANs on the switch. So, now the switch is broken up into two logical switches or two logical LANs. On the left side, we have VLAN 1. And on the right side, we have VLAN 2. We also understood that VLANs are separate Layer 3 networks. So the VLAN on the left hand side is now on the network. 192.168.1.0/24. And the VLAN on the right is 192.168.2.0/24, which is a separate Layer 3 network. We’ll call the VLAN on the left as VLAN 1 and the VLAN on the right as VLAN 2. And by the way, VLAN naming conventions are flexible. We can call them whatever we like. The interesting part about VLANs is that they are not limited to one device. VLANs can extend to multiple devices. So, here we now have two connected switches and the VLANs extend beyond their connected switches. So on the left switch here we have VLAN 1 and VLAN 2, and we have the exact same VLANs configured on the switch on the right side as well. VLAN 1 and VLAN 2. So, if we were to add a device to VLAN 1, we could connect it to this switch over here on the left side, or we could connect it to this switch over here on the right side. And here’s a representation of that, we can have a device connected on the left hand side to it and on the right hand side switch, and they could still belong to the same VLAN. VLAN information is exchanged using this connected port, which is called as the trunk port.
Moving on, by default, VLANs, do not talk to each other because every VLAN is a separate Layer 3 network. So when you want to route traffic between Layer 3 networks, you need a Layer 3 device like a router. Otherwise, VLANs will not talk to each other. So you need a Layer 3 device to route traffic between VLANs.
Let’s understand this with an example. So going back to the illustration, let’s say we have two connected devices. We have a device connected to VLAN 1 and a device connected to VLAN 2. By default, can these devices talk to each other? The answer is no, because this device here is on 192.168.1.0/24. This device here is connected to 192.168.2.0/24. They are different Layer 3 networks, and the switch is a Layer 2 device. It doesn’t know how to forward traffics to different Layer 3 networks. So, we need to introduce a Layer 3 device like a router, and we need to configure routing. So when this device on the left side wants to send a packet to this device on the right side, when it sends a packet, the switch will forward that packet to the router. The router will then make your routing decision and forward the packet back to the switch, and it will then be forwarded to the relevant VLAN. So bear in mind, inter VLAN Communication requires a Layer 3 device like a router or a firewall.
Also, different policies can be applied to a traffic coming from different VLANs. This is an advantage of using VLANs. You can treat traffic coming from different VLANs differently. For example, you can prioritize traffic coming from one VLAN or traffic coming from another VLAN. As an example, let’s say we have two types of devices connected to two different VLANs. On VLAN 1, we have workstations connected. And on VLAN 2, we have IP phones connected, which is responsible for voice traffic. And we would want to prioritize voice traffic over data traffic; because if voice traffic is lagging, communication is going to be difficult. Calls are going to experience issues. So we want to prioritize voice traffic coming from VLAN 2 over data traffic coming from VLAN 1. We can do this by applying different policies to treat traffic coming from these different VLANs differently.
Another example is if you’re a service provider and if you have different customers associated with different VLANs, you can prioritize traffic coming from one VLAN, which belongs to one customer who might be paying you more money for your services than another customer connected to another VLAN.
So apart from being able to break broadcast domains, VLANs also allow you to apply different policies to different types of traffic.
And finally, each VLAN is identified by a unique IEEE 802.1Q ID, also known as a VLAN tag. While we can give VLAN names for easier identification, like VLAN 1, VLAN 2 and so on, technically, at the device level, VLANs are identified by a tag. We can configure these tags at the switch level, so whenever traffic is passing through a VLAN, a tag is added on top of that traffic to identify the VLAN to which it belongs. At the JNCIA level, we do not need to get into the VLAN configuration, but it’s just important for us to know how VLAN traffic is distinguished. It’s done using a VLAN tag, also known as an 802.1Q ID.
5. Network Devices
Let’s talk about the different types of networked devices.
The first one is repeater. A repeater is Layer 1 device which is used to repeat signals. It’s a simple device that receives a signal and just retransmits it. A common use case for this is when you want to repeat the Wi-Fi signal. So a repeater is simply a device that will grab a signal and retransmit it.
Next, we have hub. A hub is also a Layer 1 device that operates in a half-duplex mode. This means you can only send or receive data at any time. It has multiple input and output ports allowing multiple devices to connect and data received on one port is forwarded out all other ports. The important thing to keep in mind is that the hub has no intelligence of its own. So it is not able to learn MAC addresses. Using a hub is not good from a security standpoint because everyone connected to the device receives a copy of the data.
The next type of device is a bridge. A bridge is a Layer 2 device that is capable of learning MAC addresses. It uses what is known as a CAM table to store port and MAC address information. The term CAM stands for content addressable memory. So a bridge is a Layer 2 device that can learn MAC addresses and store all of that information in a CAM table and use that information to forward the frames. Frame forwarding on a bridge is software-based.
The next device we’re going to talk about is a switch. A switch also has similar functionality. It is able to learn MAC addresses and store them in a CAM table. But before we talk about the switch, let’s understand how this whole thing works.
The same concept applies to a bridge and a switch as well. So on the screen now we have a device. We can assume that to be a bridge or a switch. We’re trying to understand how a CAM table is built.
So to this bridge or to this switch, we have three devices connected. Each of these devices have their own MAC addresses. And for the sake of simplicity, the MAC address is made up of the same number. So the MAC address of Device 1 is all ones. The second one is all twos. The third one is all threes. This is a brand new device. So the CAM table is empty. The CAM table simply stores the port and MAC address information.
Now, let’s say that the device on the left, the one that has all ones, sends a packet. So the packet comes into the port. At this point, the bridge or the switch has no idea where the destination is connected or to which port is the destination connected. But it does realize that on Port 1 the device connected has a MAC address of all ones. So that information is stored in the CAM table. Port 1. We have a device that has a MAC address of all ones. Since the bridge does not have any information of where the destination is connected, this traffic is forwarded out all the ports. But keep in mind, only one device is supposed to receive that traffic; or we should say only one device is meant to be the destination of that traffic. That device will respond back. And when that device responses back, the CAM table is again populated as Port 2, all twos. Now, don’t go literally on the port numbers here. We’re not talking about the number, but we’re talking about how the CAM table is populated.
So now the CAM table has two entries, and this traffic that is returned by this device will exactly go to one device only because the switch or the bridge knows exactly where that device is connected. That information is there in the CAM table. The same way the rest of the information is populated into the CAM table. So a CAM table is just a table consisting of port and MAC address information.
So talking about the bridge, when a frame is received for the first time, the source port and MAC address information is added to the CAM table. The frame is then forwarded out all ports, other than the one on which it was received, because it is not known on which port the destination is connected. When a response is received, the destination port and the MAC address information is added to the CAM table. Next time a frame is received for which the port is known, it is only forwarded out that port, it is not sent to all devices connected.
Let’s talk about the next device type, which is called as a switch. A switch is also a Layer 2 device similar to a bridge. It has the capability to learn MAC addresses. But forwarding on a switch is usually done with specialized hardware or specialized chips. This results in better performance. A switch also supports VLANs. So, a bridge and a switch, they are both similar types of devices. But a switch has better performance and it is also more intelligent compared to a bridge.
The last device we’re going to talk about is router. A router is a Layer 3 device that has the capability to route packets across different networks. It uses routing tables to make routing decisions. A routing table has the information of which network is connected to which interface. On the screen now, I have a very simple example of what a routing table could look like. So, for example, the network 192.168.1.0/24 is connected to Interface 0. So let’s say this is the routing table of a router and the router receives a packet for this destination. When that happens, the packet will be forwarded out this interface, because that’s the interface that leads to that network.
Similarly, we have one more route 10.1.1.0/24 connected to Interface 1.
This is a very simplified version of what a routing table looks like, but we get the idea, right. The routing table has the route or the network information and the interface that can be used to reach that network.
6. Layer 2 Addressing
Let’s talk about Layer 2 Addressing. Every device on an IP network has two addresses associated with it. The first address is the MAC address and the second address is the IP address. The MAC address is a function of the Layer 2 of the OSI model, so it’s known as a Layer 2 address. While the IP address is a function of Layer 3 of the OSI model, so it’s also known as the Layer 3 address.
Now the question is why do devices on the network need to have two addresses? And the answer to that is that devices need both the addresses to be able to reach a destination.
So, the MAC address identifies a device on the local network, while the IP address identifies a device outside the local network. So if you need to reach a device that’s outside of your local network, or in other words, in a different network, you would need its IP address. And if you need to reach a device that’s on your local network, meaning in the same network, you would need its MAC address. So it’s a combination of both these addresses that enables devices to talk to each other.
The word MAC stands for Media Access Control, and the MAC address is a 48-bit address that is burned on the network interface. It is the physical address of the device and sometimes it is also known as the real address of the device.
Now compare that to an IP address. The IP address is assigned by an administrator to the device, either directly configured or via DHCP, but IP addresses are configured by the administrator and they can be changed. And for that reason, IP addresses are sometimes known as logical addresses.
But MAC addresses are programmed onto the interface, so you can change them. And for that reason, they are sometimes known as the physical address of the device or the real address of the device.
Here is an example of a MAC address. You can see it has 12 characters grouped into groups of two characters and separated by colons. So it is represented as six groups of two hexadecimal digits separated by colons. As you may know, hexadecimal characters can range from 0 to 9 and A to F. Hexadecimal 0 to 9 is same as decimal 0 to 9. The character E represents ten in decimal and you increment that – B, C, D – all the way up to F. Hexadecimal F represents 15 in decimal. So, the MAC address is made up of hexadecimal characters ranging from 0 to 9 and A to F, and there are 12 such characters in groups of two, and we have six such groups separated by colons.
When converted to binary, each hexadecimal character is represented by four binary bits. So you have 12 hexadecimal characters in a MAC address. Each hexadecimal character can be represented by four binary bits. So, 12 times four is a 48-bit MAC address.
So, here is an example. The hexadecimal character 0 can be represented as all zeros in binary. Hexadecimal 1 is 0001 in binary, and we keep incrementing that until we reach eight, which is hexadecimal 10, which can be represented as 1010 in binary and F which is decimal 15 and can be represented as all ones in binary.
So each hexadecimal character is represented as four binary bits. We have 12 such hexadecimal characters, 12 times four, resulting in a 48-bit MAC address.
Moving on, the first three groups of the MAC address together are known as the Organization, Unit Identifier, or OUI. The OUI identifies the manufacturer of the network equipment.
So let’s take the example MAC address that we looked at and identify the manufacturer of the equipment that contains that MAC address. Okay. I’m here at a web site that offers an OUI lookup tool, or Organization Unit Identifier lookup tool, and to identify the manufacturer of a MAC address all we need to do is just type in the MAC address over here and click the find button. And we can see that this MAC address belongs to Juniper Networks.
So, back to the slides. The first three groups of the MAC address are together known as the Organization Unit Identifier, and it identifies the manufacturer of the network equipment.
The last thing we’re going to talk about here is broadcast MAC addresses. The word broadcast is indicative of what it is used for. So it consists of all F’s. So if you take all the characters of the MAC address and replace them with F’s, what you have is the broadcast MAC address. If you send a frame with the destination address set as the broadcast MAC address, that frame is going to reach all hosts on the same network. The MAC address is a Layer 2 function and it is used for communicating on the same network. So the frames will reach all hosts on the same network. It will not travel beyond the same network. If you were to convert the broadcast MAC address into binary, you would have all the bits set as ones and it would look like this.
So for the exam, remember the format of the MAC address. You may see a question that presents your different MAC addresses and requires you to identify the correct MAC address. And you may also be tested on OUI, the Organization Unit Identifier, and the purpose of OUI.
