Forwarding Basics

Today we’ll see how to how to implement packet forwarding in a local-area network. What’s a local-area network? It’s the kind of network that connects machines on the Cornell campus or in your home. But it does not need to provide connectivity with computers on the rest of the Internet.

Specification

To make things even simple, let us assume that all computers are connected to a single switch. Consider the following specification of correct behavior: whenever a host emits a packet onto the network, the switch delivers the packet to its intended destination.

Packet-Processing Primitives

To implement basic forwarding functionality, we need to know a little bit more about the kinds of programs that a switch can execute. Assume that the switch maintains a match-action table that can be populated with forwarding rules, each comprising a match pattern and an action. When the switch receives a packet, it matches the packet against the rules, and it executes the actions associated with the highest priority rule—i.e., the rule that is listed first in the table.

The set of matches contains patterns that match against some of the bits in the packet. We use * to indicate a wildcard pattern that matches all packets.

The set of actions includes:

  • DROP, which drops the packet;

  • FLOOD which forwards packets out all ports except the ingress port that the packet came in on; and

  • FORWARD N where N is the identifier of a physical port, which forwards the packet out on port N.

Flooding

Arguably the simplest way to implement the specification of forwarding functionality given above is to simply flood all packets. Formally, we can configure the switch as follows:

Match Action
* FLOOD

Intuitively, this rule says to match packets going to any destination and process them using the FLOOD action.

Naming

The specification above is deliberately vague. In particular, networks use different ways to identify nodes, and it doesn’t specify which convention should be used. One possibility would be to use IP Addresses, such as 192.168.1.101. However, because hosts do not come with IP Addresses pre-installed, we would need to set up a DHCP server or other service to allocate addresses. In addition, we would need to provide some way for hosts to communicate with the DHCP server, which is the very problem we are trying to solve in the first place! So instead, we’ll rely on Ethernet or MAC addresses, which are allocated at manufacturing time and assumed to be unique. MAC addresses are 48 bits and are usually written as 6 hex digits, such as 12:34:56:78:90:AB.

Learning

The implementation we developed based on flooding packets satisfies our specification, but it is not perfect. One issue is that it may raise concerns about security, since hosts can easily eavesdrop on traffic intended for other hosts. It also wastes bandwidth, since packets are delivered to hosts that do not need to receive it.

To address these concerns, most switches implement a more sophisticated algorithm known as Ethernet learning. The algorithm implemented by Ethernet learning switches can be broken down as follows:

  • The switch learns the association between source addresses and physical ports by remembering the last port that each source was “seen” on.

  • The switch forwards packets to known hosts along the direct path to the destination and floods packets to unknown known hosts.

For time being, we will assume that the switch itself can manipulate the set of forwarding rules installed in its match-action table as it processes each packet. In a few lectures we will develop a more complete API for manipulating forwarding rules.

Example

To illustrate the operation of Ethernet learning, consider a network with three hosts: Steffen, Dexter, and Alexandra located at ports 1, 2, and 3 respectively. Initially the network is configured with a single rules that floods all packets:

Match Action
* FLOOD

Now suppose Steffen sends a packet to Dexter. The switch will update its match-action table to reflect the fact that Steffen’s location is now known, and also flood the packet to Dexter and Alex.

Match Action
Destination=Steffen FORWARD 1
* FLOOD

Next, if Dexter sends a packet to Steffen in response, that packet can be forwarded directly to Steffen on port 1. In addition the switch will update its match-action table to reflect the fact that it has learned Dexter’s location:

Match Action
Destination=Steffen FORWARD 1
Destination=Dexter FORWARD 2
* FLOOD

Finally, suppose that Alexandra sends a packet to either Dexter or Steffen. The packet will be flooded, but the match-action table will be updated to reflect her location:

Match Action
Destination=Steffen FORWARD 1
Destination=Dexter FORWARD 2
Destination=Alexandra FORWARD 2
* FLOOD

At this point, the switch has learned the location of all hosts, so all subsequent packets will be forwarded directly to their destination without flooding. Hence, over time, the Ethernet learning algorithm gracefully learns the location of hosts and transitions from naive flooding to direct forwarding.

Discussion

  • How does the learning algorithm behave in a network whose topology contains more than one switch?

  • What happens if a hosts are moved from one port to another?

Reading

The classic paper “The design philosophy of the DARPA internet protocols” discusses the design choices behind the suite of basic Internet protocols.