Routers, Switches & Firewalls

Router

A router is a hardware device and has the function of routing packets between networks. A router works at Layer 3 of the OSI Model – the Network Layer. This is the layer that the IP protocol works at. Most routers today are IP routers that examine the source and destination IP addresses of each packet, look up the destination of the packet in the router’s IP routing table, and route that packet on its way. In the event that the destination is not listed in the routing table, the router will either send the packet to a default router (if it has one) or drop the packet. Routers are usually used to connect a local area network to a wide-area network (a LAN to a WAN) but can also be used to segment large local area networks (LAN’s).

Routers prevent broadcasts. Another way of saying this is that routers form a broadcast domain. So, if your network is being deluged by IP broadcasts, you need to subnet your network into two or more smaller networks. Those networks would be connected by a router and that router wouldn’t allow broadcast traffic to flow between subnets.

Routers use routing dynamic protocols like OSPF, RIP, or BGP to learn routes from other routers. Router can also use static routes that are entered by the administrator.

Routers replace the Ethernet MAC address of the source device with their own MAC address when they send a packet out an interface. When the response to that packet comes back, the new source of the packet is sending the response to the destination of the router. The router receives this, replaces the source address, changes the destination address to the original address, and sends the packet back to the original sender. This is a complex topic that we could spend a whole article covering so this is only meant to provide the most basic understanding of how this works.

Switch

A switch is a hardware device that works at Layer 2 of the OSI model – data link. The data link layer is where the Ethernet protocol works.

A switch switches Ethernet frames by keeping a table of what MAC addresses have been seen on what switch port. The switch uses this table to determine where to send all future frames that it receives. In Cisco terminology, this table is called the CAM table (content addressable memory). In general, the proper term for this table is the bridge forwarding table. If a switch receives a frame with a destination MAC address that it does not have in its table, it floods that frame to all switch ports. When it receives a response, it puts that MAC address in the table so that it won’t have to flood next time.

A switch is a high-speed multiport bridge. This is why bridges are no longer needed or manufactured. Switches do what bridges did faster and cheaper. Most routers can also function as bridges.

You might be asking how a hub fits into this mix of devices. A hub is a multiport repeater. In other words, anything that comes in one port of a hub is duplicated and sent out all other ports of the hub that have devices attached. There is no intelligence to how a hub functions. A switch is a vast improvement over a hub in terms of intelligence, for many reasons. The most important of those reasons is how the bridge forwarding table works. Intelligent (smart) switches have made hubs obsolete because they can do more at the same cost of a dumb hub. For this reason, hubs are rarely used or sold any longer.

Firewall

A firewall is used to protect more secure network from a less secure network. Generally, firewalls are used to protect your internal/private LAN from the Internet.

A firewall generally works at layer 3 and 4 of the OSI model. Layer 3 is the Network Layer where IP works and Layer 4 is the Transport Layer, where TCP and UDP function. Many firewalls today have advanced up the OSI layers and can even understand Layer 7 – the Application Layer.

There are a variety of different types of firewalls and we won’t go into that in this article so let’s just talk about the most popular type of firewall – a stateful packet inspection (SPI) hardware firewall. An example of a SPI hardware firewall is a Cisco PIX firewall. This is a dedicated appliance and it looks a lot like a Cisco router.

A SPI firewall is stateful because it understands the different states of the TCP (transmission control protocol) protocol. It knows what is coming and what it going and keeps track of it all. Thus, if a packet tried to come in but it wasn’t requested, the firewall knows that and drops it.