Forwarding Basics
Today we’ll see how to how to implement packet forwarding in a local-area network. What’s a local-area network? It’s the kind of network that connects machines on the Cornell campus or in your home. But it does not need to provide connectivity with computers on the rest of the Internet.
Specification
To make things even simple, let us assume that all computers are connected to a single switch. Consider the following specification of correct behavior: whenever a host emits a packet onto the network, the switch delivers the packet to its intended destination.
Packet-Processing Primitives
To implement basic forwarding functionality, we need to know a little bit more about the kinds of programs that a switch can execute. Assume that the switch maintains a match-action table that can be populated with forwarding rules, each comprising a match pattern and an action. When the switch receives a packet, it matches the packet against the rules, and it executes the actions associated with the highest priority rule—i.e., the rule that is listed first in the table.
The set of matches contains patterns that match against some of the
bits in the packet. We use *
to indicate a wildcard pattern that
matches all packets.
The set of actions includes:
-
DROP
, which drops the packet; -
FLOOD
which forwards packets out all ports except the ingress port that the packet came in on; and -
FORWARD N
whereN
is the identifier of a physical port, which forwards the packet out on portN
.
Flooding
Arguably the simplest way to implement the specification of forwarding functionality given above is to simply flood all packets. Formally, we can configure the switch as follows:
Match | Action |
---|---|
* |
FLOOD |
Intuitively, this rule says to match packets going to any destination
and process them using the FLOOD
action.
Naming
The specification above is deliberately vague. In particular, networks
use different ways to identify nodes, and it doesn’t specify which
convention should be used. One possibility would be to use IP
Addresses, such as 192.168.1.101
. However, because hosts do not come
with IP Addresses pre-installed, we would need to set up a DHCP server
or other service to allocate addresses. In addition, we would need to
provide some way for hosts to communicate with the DHCP server, which
is the very problem we are trying to solve in the first place! So
instead, we’ll rely on Ethernet or MAC addresses, which are allocated
at manufacturing time and assumed to be unique. MAC addresses are 48
bits and are usually written as 6 hex digits, such as
12:34:56:78:90:AB
.
Learning
The implementation we developed based on flooding packets satisfies our specification, but it is not perfect. One issue is that it may raise concerns about security, since hosts can easily eavesdrop on traffic intended for other hosts. It also wastes bandwidth, since packets are delivered to hosts that do not need to receive it.
To address these concerns, most switches implement a more sophisticated algorithm known as Ethernet learning. The algorithm implemented by Ethernet learning switches can be broken down as follows:
-
The switch learns the association between source addresses and physical ports by remembering the last port that each source was “seen” on.
-
The switch forwards packets to known hosts along the direct path to the destination and floods packets to unknown known hosts.
For time being, we will assume that the switch itself can manipulate the set of forwarding rules installed in its match-action table as it processes each packet. In a few lectures we will develop a more complete API for manipulating forwarding rules.
Example
To illustrate the operation of Ethernet learning, consider a network
with three hosts: Steffen
, Dexter
, and Alexandra
located at
ports 1
, 2
, and 3
respectively. Initially the network is
configured with a single rules that floods all packets:
Match | Action |
---|---|
* |
FLOOD |
Now suppose Steffen
sends a packet to Dexter
. The switch will
update its match-action table to reflect the fact that Steffen
’s
location is now known, and also flood the packet to Dexter
and
Alex
.
Match | Action |
---|---|
Destination=Steffen |
FORWARD 1 |
* | FLOOD |
Next, if Dexter
sends a packet to Steffen
in response, that packet
can be forwarded directly to Steffen
on port 1
. In addition the
switch will update its match-action table to reflect the fact that it
has learned Dexter
’s location:
Match | Action |
---|---|
Destination=Steffen |
FORWARD 1 |
Destination=Dexter |
FORWARD 2 |
* | FLOOD |
Finally, suppose that Alexandra
sends a packet to either Dexter
or
Steffen
. The packet will be flooded, but the match-action table will
be updated to reflect her location:
Match | Action |
---|---|
Destination=Steffen |
FORWARD 1 |
Destination=Dexter |
FORWARD 2 |
Destination=Alexandra |
FORWARD 2 |
* | FLOOD |
At this point, the switch has learned the location of all hosts, so all subsequent packets will be forwarded directly to their destination without flooding. Hence, over time, the Ethernet learning algorithm gracefully learns the location of hosts and transitions from naive flooding to direct forwarding.
Discussion
-
How does the learning algorithm behave in a network whose topology contains more than one switch?
-
What happens if a hosts are moved from one port to another?
Reading
The classic paper “The design philosophy of the DARPA internet protocols” discusses the design choices behind the suite of basic Internet protocols.