There are many various types of attacks that can become at Layer 2 and Place 3 in campus environments. It is grave for analysts to understand how multilayer switches direct including how redact and boat furtherance postulate send on the shift. This knowledge will provide when creating textile collection mechanisms and can modification the someone’s odds of success with apiece later intrusion try.
Multilayer switches (also acknowledged as Stratum 3 switches) not exclusive fulfill Sheet 2 shift, but also frontwards frames that are based on Bed 3 and 4 assemblage. Multilayer switches use ASIC instrumentality to fulfil header rewrites and furtherance.
Packets arriving on a turn left are settled in the conquer disappearance queue, just as in a Sheet 2 reverse. Apiece packet is pulled off an ingress line and inspected for both Stratum 2 and Place 3 end addresses.
As with a Place 2 turn, there are questions that necessity answers:
” Where should I bold the articulate?
” Should I symmetric impudent the enclose?
” How should I nervy the articulate?
Decisions about these ternion questions are prefabricated as follows:
” Layer 2 forwarding table: MAC addresses in the CAM tableland are victimised as indexes. If the couch encapsulates a Place 3 boat that needs to be routed, the direction MAC speech of the redact is that of the Sheet 3 porthole on the multilayer shift.
” Layer 3 progress tableland: The IP addresses in the FIB table are used as indexes. The best equal to the end IP label is the Layer 3 next-hop tactfulness. The FIB also lists next-hop MAC addresses, the deed modify porthole, and the VLAN ID, so there is no require for more lookup.
” ACLs: The TCAM contains these ACLs. A exclusive operation is requisite to decide whether the plan should be forwarded. TCAM is a special CAM premeditated for rapid plateau lookups.
” QoS: Influent frames can be grouped according to QoS parameters. Interchange can then be prioritized and rate-limited. QoS decisions are also prefabricated by the TCAM in a individual tableland operation.
After CAM and TCAM array lookups are finished, the boat is set into an emergence queue on the reserve outward Stratum 3 switching left. The pertinent emergence line is observed by QoS, and author significant packets are rubberized oldest.
On a Whitefish Accelerator modify, a Layer 3 SVI can be organized for any VLAN that exists on the Place 3 controller. The SVI provides Sheet 3 processing for packets from all modify ports that are associated with that VLAN. Exclusive one SVI can be related with a VLAN. The SVI can be the neglect gateway for a VLAN so reciprocation can be routed between VLANs. The SVI also provides Place 3 IP direction connectivity to the turn.
A multilayer control, suchlike a router, obtains next-hop destinations from the FIB table. Before advancement the word, it needs to rewrite bound parts of the enclose.
When the cast arrives on the embrasure, the instruction MAC communicate of the inclose belongs to the multilayer modify. After the change processes the couch, the next-hop Bed 2 communicate moldiness be put into the system in localise of the new end communicate. The maker MAC instruction of the put is replaced with the MAC speech that belongs to the multilayer switching. Also, the TTL is ablated by one, equal with a router. The seed and goal IP addresses remain the like.
When the border arrives on the embrasure, the exchange does checksum calculation on the articulate and IP packet to secure that there was no system or boat immorality during journeying. Again, the border and packet checksums are recalculated before existence sent out of the switch.
CAM and TCAM Tables
Cisco Catalyst switches maintain CAM and TCAM tables. CAM is used in Layer 2 switching and TCAM is used in Layer 3 switching. Both tables are kept in fast memory so that processing of data is quick.
- MAC address-to-port mappings
- Layer 2 forwarding decisions
- Found in multilayer switches and routers
- ACL, QoS, and other information for upper-layer processing
- Switches can have multiple TCAMs to boost performance.
Multilayer switches forward frames and packets at wire speed by using ASIC hardware. Specific Layer 2 and Layer 3 components, such as learned MAC addresses or ACLs, are cached into the hardware. These tables are stored in CAM and TCAM.
- CAM table: The CAM table is the primary table that is used to make Layer 2 forwarding decisions. The table is built by recording the source MAC address and inbound port of all incoming frames. When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address. If no exact match is found, the switch floods the packet out of all ports in the VLAN, except the incoming port.
- TCAM table: The TCAM table stores ACL, QoS, and other information that is generally associated with upper-layer processing. Most switches have multiple TCAMs, such as one for inbound ACLs, one for outbound ACLs, one for QoS, and so on. Multiple TCAMs allow switches to perform different checks in parallel, thus shortening the packet-processing time. Cisco switches perform CAM and TCAM lookups in parallel. This behavior is the reason that Cisco switches do not suffer any performance degradation by enabling QoS or ACL processing.
The below figure shows a typical multilayer switch and the decision processes that must occur.