Part 11 – How Switching Works

How Switching Works

Table Of Contents
  1. How Switching Works
  2. Resources

Introduction

Welcome to Part 11 of the Network Fundamentals study notes! If you haven’t already, we recommend watching the video first.

In this part we trace the evolution of networking from its earliest days to the modern switch. Understanding where switching came from makes the technology much easier to understand — and helps explain why switches behave the way they do.

Early Networks

The need to send information electronically goes back to the mid-19th century. The early telephone system used a manual switchboard — when someone needed to make a call, an operator physically connected the right cables to create an electronic path. Creating paths is still what switching is all about, even today.

When computers started appearing in offices, they needed to share data. Running a cable between every pair of computers wasn’t practical, so the first approach was to daisy-chain them together. This could be open-ended (a bus topology) or joined in a loop (a ring topology).

Bus and ring topologies had obvious problems. Adding a new computer meant breaking the chain. A single cable fault split the network. And with several computers sharing the same wire, there needed to be a protocol to manage who could send data when — and what to do when two computers accidentally transmitted at the same time, causing a collision.

MAC Addresses and Ethernet

Ethernet became the dominant protocol for LANs. It uses MAC addresses to identify each device on the network — one MAC address per network interface. A router with two interfaces has two MAC addresses.

A MAC address is always 48 bits long and written in hexadecimal (e.g. 00:1A:2B:3C:4D:5E). Different notations exist but represent the same address. MAC addresses are burned into the network card at manufacture and should never change — which is what keeps them unique.

Uniqueness is enforced by splitting the MAC into two halves:

  • The first 24 bits are the OUI (Organisationally Unique Identifier), assigned by the IEEE to each hardware manufacturer.
  • The second 24 bits are assigned by the manufacturer to each individual device.

There are also special MAC addresses:

  • Broadcast address (FF:FF:FF:FF:FF:FF) – delivers a frame to every device on the local network. Routers do not forward broadcast frames.
  • Multicast addresses – deliver frames to a group of devices for a specific purpose, rather than to everyone.

The Ethernet Frame

Data sent over Ethernet is wrapped in a frame. The frame has a fixed structure:

  • Preamble (7 bytes) – a fixed pattern of alternating 1s and 0s that signals the start of a frame.
  • SFD – Start Frame Delimiter (1 byte). A specific bit pattern that marks the end of the preamble and signals that the very next byte is the destination address.
  • Destination MAC – the address of the intended recipient.
  • Source MAC – the address of the sender.
  • Type – identifies which protocol is carried in the data payload. Today this is almost always IPv4 or IPv6.
  • Data – the payload.
  • FCS – Frame Check Sequence (trailer). A mathematical checksum over the frame contents. The sender calculates it and includes it; the receiver runs the same calculation and compares. If the result differs, the frame is corrupted and discarded. Ethernet does not attempt to recover corrupted frames — that’s left to higher-level protocols like TCP.

Hubs

Introduced in the mid-1980s, hubs made it much easier to add and remove devices — instead of breaking a chain, you just plug into a port. But inside, a hub is still a bus network: any data received on one port is immediately sent out every other port. Every device sees every other device’s traffic. Hubs are layer 1 devices — they have no intelligence about addresses.

Because the network is shared, only one device can send at a time. If two transmit simultaneously, a collision occurs. The entire network is one collision domain — the larger the network, the more frequent the collisions, and the worse the performance.

Ethernet’s answer to collisions is CSMA/CD (Carrier Sense Multiple Access / Collision Detection):

  • Collision avoidance – devices listen before transmitting and only send when the network is idle.
  • Collision detection – if two devices transmit at exactly the same moment, both detect the collision. They each wait a random short period before trying again. Because the wait times are random, they’re unlikely to collide again immediately.

Hubs also operate in half duplex — a device can either send or receive at any given moment, not both simultaneously.

Bridges

Bridges added intelligence to the network. Rather than sending every frame out every port, a bridge keeps a MAC address table — a record of which MAC addresses are on which network segment. When a frame arrives, the bridge checks the destination MAC:

  • If the destination is on the same segment as the source, the bridge doesn’t forward it — the devices can sort it out themselves.
  • If the destination is on a different segment, the bridge forwards the frame to that segment only.
  • If the destination is unknown, the bridge floods the frame out all interfaces (except the one it arrived on).

Bridges are layer 2 devices because they look at MAC addresses. This intelligence reduces unnecessary traffic and breaks one large collision domain into smaller ones — fewer collisions means better performance and the ability to scale to a larger network.

Learning

A bridge doesn’t start with any knowledge of the network — it learns. When a frame arrives, the bridge records the source MAC address and the interface it came from. Over time, as traffic flows, the table fills in. Each entry also has an ageing timer. If no traffic is seen from a device before the timer expires (typically 300 seconds), the entry is removed. This keeps the table small and accurate, and handles devices being moved or switched off.

The five key functions of a bridge (worth memorising for exams): flood, learn, forward, filter, age.

Switches

Developed in the mid-1990s and mainstream by around 2000, switches bring the best of hubs and bridges into a single device. They have many ports (like a hub) but every port behaves like an individual bridge port — so the physical topology is a star, not a bus.

This has major consequences:

  • Each port is its own collision domain — multiple devices can send simultaneously with essentially no risk of collision.
  • Full duplex – because there’s no shared bus, devices can send and receive at the same time.
  • All bridge functions apply — learn, forward, filter, flood, age.

Note: if you plug an old hub into a switch port, everything connected to that hub is still in the same collision domain and still half duplex. The lesson: don’t use hubs — use switches.

Switching Methods

Switches can forward frames in three ways — chosen by the manufacturer, not usually by the administrator:

  • Store-and-forward – the switch waits until the entire frame has arrived, checks the FCS for errors, then forwards it. Safest, but highest latency.
  • Cut-through – the switch reads just the destination MAC address (the first few bytes) and starts forwarding immediately. Fastest, but no error checking by the switch — errors are left to the destination device.
  • Fragment-free – a compromise: the switch reads the first 64 bytes (the portion most likely to contain errors) and checks those, then forwards immediately. Faster than store-and-forward but catches most errors.

The MAC Address Table (CAM Table)

The MAC address table is stored in a special hardware structure called the CAM table (Content Addressable Memory), optimised for fast lookups. It has a finite size — on real switches, the limit can be reached in large networks. If the table fills up, the oldest entries are aged out prematurely to make room. If you’re regularly hitting this limit, it’s time to redesign the network or buy bigger switches.

You can view and manage the MAC table with commands like show mac address-table, filter it with show mac address-table address <mac>, and clear dynamic entries with clear mac address-table dynamic. You can also add static entries manually — though this is rarely done in practice.

Resources

Try out your understanding with the Introduction to Switching quiz!