How Do Network Switches Work? From Layer 2 to Layer 4 Explained

1 Switch

Working principle of a switch

The switch builds a MAC‑address table by mapping source MAC addresses in received frames to the corresponding ports.

It compares the destination MAC address of each frame with the MAC table to decide the forwarding port.

If the destination MAC is unknown, the frame is flooded to all ports.

Broadcast and multicast frames are forwarded to all ports.

Three main functions of a switch

Learning : the switch records each port’s connected device MAC address in its MAC table.

Forwarding / Filtering : when a destination MAC is found in the table, the frame is sent only to the associated port; broadcast/multicast frames are sent to all ports.

Loop elimination : redundant loops are avoided using the Spanning Tree Protocol while still allowing backup paths.

Working characteristics of a switch

Each port connects to an independent collision domain.

All ports share the same broadcast domain (unless VLANs are configured).

The switch operates at the data‑link layer, forwarding frames based on header information.

Classification of switches

Based on frame‑processing mode, switches are mainly divided into two types:

Store‑and‑forward : the entire frame is received and error‑checked before forwarding; latency varies with frame length.

Cut‑through : the switch forwards the frame as soon as it reads the destination address, without waiting for the whole frame; latency is constant.

2 Layer 2/3/4 Switches

Various interpretations exist:

Interpretation 1

Layer 2 switching (bridging) forwards packets based on unique MAC addresses.

Layer 3 switching performs hardware‑based routing.

Layer 4 switching also considers TCP/UDP application ports, enabling policy‑based QoS and traffic prioritization.

Interpretation 2

Layer 2 switch – MAC‑based.

Layer 3 switch – IP‑based with VLAN support.

Layer 4 switch – application‑port based.

Interpretation 3

Layer 2 technology evolved from bridges to VLANs, operating at the data‑link layer and forwarding based solely on MAC addresses.

Layer 3 technology works at the network layer, using IP headers to create routing paths and forward packets without full packet inspection.

Layer 2 switching technology

Layer 2 switches learn MAC addresses, store them in an internal table, and forward frames accordingly. The process includes:

Reading the source MAC address to associate the sending port.

Looking up the destination MAC in the table.

If found, copying the frame to the matched port; otherwise broadcasting to all ports.

Learning new MAC addresses from responses to reduce future broadcasts.

Key performance factors include bus bandwidth, MAC‑table size, and ASIC design.

Routing technology

Routers operate at the network layer, maintaining routing tables to determine next‑hop destinations. They exchange routing information via distance‑vector or link‑state protocols and forward packets based on the best path.

Layer 3 switching technology

Layer 3 switches combine high‑speed hardware forwarding with routing capabilities, allowing rapid intra‑LAN traffic while providing IP‑level routing.

Hardware‑accelerated data forwarding : frames are switched at line speed, often reaching tens of Gbit/s.

Simplified routing software : only the routing decision is handled by software; the bulk of traffic is forwarded by the hardware layer.

Typical deployment: small LANs use Layer 2 switches; large networks use Layer 3 switches to accelerate intra‑LAN traffic while routers handle inter‑network routing.

3 Fourth‑Layer Switching Technology

Fourth‑layer (Layer 4) switching decides forwarding not only by MAC or IP addresses but also by TCP/UDP application port numbers, enabling load‑balancing among server groups (VIPs) for protocols such as HTTP, FTP, NFS, Telnet, etc.

Each server group is assigned a virtual IP (VIP). When a client initiates a connection, the switch selects the optimal server, replaces the VIP with the real server IP, and forwards the session. Subsequent packets are mapped accordingly until the session ends.

Principles of Layer 4 switching

The transport layer (OSI Layer 4) carries TCP and UDP, whose headers contain port numbers that uniquely identify application services. Well‑known ports (1–255) are standardized; other ports are assigned by IANA.

Application Protocol   Port Number
FTP                    20 (data), 21 (control)
TELNET                 23
SMTP                   25
HTTP                   80
NNTP                   119
SNMP                   16, 162

Layer 4 switches use these port numbers to classify traffic and perform intelligent load‑balancing, often presenting a VIP to clients while internally routing to the selected backend server.