[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: filtering by mac

On Wed, 31 Jul 2002 01:40:29 +1000 (Australia/ACT) Darren Reed <avalon_(_at_)_coombs_(_dot_)_anu_(_dot_)_edu_(_dot_)_au> wrote:

> In some mail from Derick Siddoway, sie said:
> > 
> > On Mon, Jul 29, 2002 at 02:37:19PM +1000, Darren Reed wrote:

> > > Why can you have a layer 2 switch but not a layer 3 switch ?
> > > Why can you only switch on a MAC address and not an IP address ?
> > Well, switching on a MAC address is done at the frame level.
> > Switching on an IP address is done at the packet level.  Packet
> > switching is another term for routing.  So, we do switch on the
> > IP address, in a way.  At the router.

> What's the difference between the frame and the packet ?

when they appeared, they were intentionally layer 2 devices designed to
help with congestion on LANs, you could take out a hub and put in an switch
with little or no configuration and things would magically get better.

how we got to layer three switches is something i've posted previously in
this thread.

> >>From a TCP perspective, is the IP header the frame on the packet ?
> If the ethernet header comprises the frame for IP, then why not ?

> > Remember that routers are also switches, unless your router has
> > only one physical interface.
> There's one other, big, difference: routers have routing tables.
> ...and interfaces have addresses (both link level & IP).

add to that "routers speak routing protocols". of course, everthing i've
ever seen labeled a layer three switch has spoken the usual routing
protocols. that's why i mostly find "layer three switch" confusing
terminology, as it's migrated a long way away from what started as a simple
ethernet switch operating at layer 2.
> Switches don't have either, although maybe a layer-3 switch could
> have layer-2 addresses for each interface.  I'm not sure about that.

everything i've seen sold as a layer three switch has had unique MACs and
unique IPs on each interface. more line blurring. it makes my head hurt.

while i think you may have a interesting concept for a layer three switch,
what's in the market as a layer three switch is distinctly different from
your concept.
> If you had an OpenBSD firewall/bridge that was sending packets out
> intrefaces based on filter rules, would that make it a router ?
> Or is it doing layer-3 switching ?  Remember, it has no routing
> table or any other conventional router configuration.

it must have some sort of table defining how packet forwarding is done. if
you use the filter rules in place of the normal routing table, i maintain
that you haven't done anything other than implement static routes in an
unusual place. to my mind, it'd still be a simple router, and we still
don't know what a layer three switch really is.

Richard Welty                                         rwelty_(_at_)_averillpark_(_dot_)_net
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security

Visit your host, monkey.org