What Makes Switches Tick? Understanding Layer 2, 3, and 4 Switching

Exchange technology overview

Switch operation principles

Main functions of switches

Characteristics and classifications

Layer‑2/3/4 switch concepts

1. Switching Technology

Switch Operation Principle

The switch builds a MAC‑address table by mapping source MAC addresses to incoming ports.

It compares the destination MAC address of each frame with the table to decide the forwarding port.

If the destination MAC is unknown, the frame is flooded to all ports.

Broadcast and multicast frames are forwarded to all ports.

Three Main Functions of Switches

Learning : The switch records each port’s connected device MAC address in its MAC table.

Forwarding/Filtering : When a destination MAC is in the table, the frame is sent only to the corresponding port; broadcast/multicast frames go to all ports.

Loop Elimination : Using the Spanning Tree Protocol, the switch prevents network loops while allowing backup paths.

Operational Characteristics of Switches

Each port defines an independent collision domain.

All ports share the same broadcast domain (unless VLANs are configured).

Switches operate at the Data Link layer (Layer 2) by forwarding based on frame headers.

Switch Classification

Based on frame‑processing modes, switches are mainly divided into two types:

Store‑and‑Forward : The entire frame is received, error‑checked, and then forwarded; latency varies with frame length.

Cut‑Through : The switch forwards the frame as soon as the destination MAC is read, without waiting for the whole frame; latency is constant.

Layer 2, 3, 4 Switches?

First definition

Layer‑2 switching (bridging) forwards packets based on MAC addresses and is suitable for expanding LANs, but retains bridge limitations.

Layer‑3 switching performs hardware‑based routing; the main difference from routers is the physical implementation.

Layer‑4 switching makes forwarding decisions based on TCP/UDP ports in addition to MAC and IP, enabling application‑aware traffic management and fine‑grained QoS.

Second definition

Layer‑2 switch : MAC‑address based.

Layer‑3 switch : Provides VLANs and routing based on IP.

Layer‑4 switch : Port‑based (application) forwarding.

Third definition

Layer‑2 switching evolved from bridges to VLANs, operating at the Data Link layer and forwarding based solely on MAC addresses, offering high speed but cannot route between IP subnets.

Fourth definition

Layer‑2 switching technology

The switch learns source MAC addresses, stores them in a table, and forwards frames accordingly. The process repeats: read source MAC, read destination MAC, look up the table, forward or flood, and update the table when new MACs are seen.

When a packet arrives, the switch reads the source MAC and records the port.

It then reads the destination MAC and looks up the corresponding port.

If found, the packet is copied to that port.

If not found, the packet is broadcast; the response allows the switch to learn the destination MAC.

Key performance factors include bus bandwidth, MAC‑table size, and ASIC design.

2. Routing Technology

Routers operate at the Network layer (Layer 3). They maintain a routing table that maps destination networks to next‑hop interfaces. If a route is found, the packet is forwarded; otherwise, it is dropped and an error is returned.

Routing performs two core functions: determining the optimal path and forwarding packets. Routing tables are populated by distance‑vector protocols (which broadcast routing information) or link‑state protocols (which disseminate link status).

Router performance depends heavily on CPU capability, especially for low‑end devices; high‑end routers use distributed processing architectures.

3. Layer‑3 Switching Technology

Layer‑3 switches combine high‑speed hardware forwarding with routing capabilities, offering faster throughput than traditional routers.

使用IP的设备A------------------------三层交换机------------------------使用IP的设备B

When host A wants to send to host B, it checks whether the destination IP is in the same subnet. If so, it uses ARP to obtain B’s MAC address and sends the frame, which the switch forwards using its Layer‑2 module.

If the destination is in a different subnet, A sends the packet to its default gateway. The Layer‑3 module then looks up the routing table, rewrites the frame with the gateway’s MAC as source and B’s MAC as destination, and forwards it. Subsequent packets use the cached flow entry for fast forwarding.

Hardware‑based high‑speed forwarding.

Simplified routing software reduces processing overhead.

Conclusion

Layer‑2 switches are ideal for small LANs due to low cost, fast forwarding, and sufficient port density.

Routers excel in large networks, offering rich interfaces, robust routing, load balancing, and link redundancy.

Layer‑3 switches provide rapid intra‑LAN forwarding with integrated routing, making them the preferred choice for large segmented networks where pure Layer‑2 switching cannot handle inter‑subnet traffic efficiently.

In high‑traffic internal networks, a hybrid approach—using Layer‑3 switches for most traffic and routers for inter‑network routing—optimizes performance while managing cost.

Layer‑4 Switching Principle

The Transport layer (Layer 4) handles end‑to‑end communication using TCP and UDP, which include port numbers to identify applications.

Well‑known ports (1‑1023) are standardized; higher ports are used for custom services. Port numbers combined with IP addresses form a socket.

应用协议    端口号

FTP      20（数据）
        21（控制）

TELNET    23
SMTP     25
HTTP     80
NNTP     119
NNMP     16
        162（SNMP traps）

Layer‑4 switches use this information to implement virtual IP (VIP) load‑balancing, mapping client requests to specific servers based on application ports, and maintaining connection tables to ensure consistent session handling.