About MAC tables in switches

Hi, Habr!
It happens that sometimes you want to move away from the stingy theory and go to practice. Now is the case. The desire arose against the background of the memories of how we made the switch . It is a rather simple thing, the business is to send packets from port to port, and statistics from vedi. Everything turned out to be a bit more complicated.




Have you ever thought about how switching occurs? The courses say that the packet from port (A) is analyzed and forwarded according to the correspondence table to port (B) of destination, or to all ports, except (A) of the source, if the record is not found. Let's stop on the table and we will sort as there is its filling.
The easiest way is to write addresses in one column, and the corresponding ports in another, i.e. A linear search algorithm is used, the asymptotic complexity of which is O (n). The worst case for the algorithm is the absence of the required key, since all the keys need to be scanned, and in switching it occurs very often: turning on a new client, turning on or rebooting the device. In fact, all sorts of optimizations and tricky algorithms used in network device chips are sharpened either to save chip memory or to meet processing speed requirements.
The method used by most manufacturers is a hash table. The point is that when calculating the hash function from the MAC address at the output, we immediately have an address in memory (index), by which we read the port number. If nothing is read, then we write the current port at this address. The complexity of the search algorithm is O (1). True, there is a collision problem, but with a properly selected hash function it is minimized. It remains only to check the collision resistance of the device. A good example of such a table and partial collisions:
Most of the records haveh indexes do not match, which results in an instant reading on the index, but it happened with Jack and Andrew that the hash coincided and a collision occurred. In this case, to resolve the collision, a linear search is performed on the nested list, which increases the delay, but this happens in isolated cases.
Verification can be done by adding new entries to the hash table. Records can be sequential or random, as well as belong to special types.
Special types of MAC addresses:

• broadcast (FF: FF: FF: FF: FF: FF)
• multicast (low bit of the first octet is 1)

Not all addresses must be recorded in the table. For example, broadcast and multicast addresses do not get there. As a result, I wrote a small generator of raw packages to which parameters are passed:

send_pkt -i <iface> -n <mac_num> -i <iface> interface for packet sending -n <mac_num> number of MAC's -s work in slow mode -r generate random Src MAC for each new packet -a set random for all octets 

In normal mode, packets with consecutive MAC addresses are generated, the last two octets change, which gives 65,536 combinations and is more than enough for most switches (you can always increase them). The first octet is set to 0x00, i.e. unicast addresses. Random addresses are generated in two modes:

• first octet 0x00, the rest are random
• all octets are random

There is a launch in a slow mode, for example, for testing the aging-time.
It is interesting how the equipment will respond to the flood: check in two modes (sequential and random) how many addresses fall into the table. I have 5 switches in the test rack:

• cisco 3750G-16TD-S (12288 MAC)
• zyxel gs-3012f (16384 MAC)
• d-link dgs-3426 (8192 MAC)
• metrotek x10-24 (16368 MAC)

Specifically, no one selected them - they are simply used for various purposes, such as checking for STP compatibility (you can write a separate article about it in general). Let's go in order.

cisco 3750G-16TD-S

Platform Information:

cisco-01-TEST # sh ver
Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2 (46) SE, RELEASE SOFTWARE (fc2)
Copyright 1986-2008 by Cisco Systems, Inc.
Compiled Thu 21-Aug-08 3:43 by nachen
Image text-base: 0x00003000, data-base: 0x01940000
')
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2 (18) SE1, RELEASE SOFTWARE (fc2)

cisco-01-TEST uptime is 4 weeks, 5 days, 1 hour, 11 minutes
System returned to ROM by power-on
System image file is "flash: c3750-advipservicesk9-mz.122-46.SE"

This product contains cryptographic features and is subject to United
States and local laws governing import, export, transfer and
use. Cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with US and local country laws. By using this product you
laws and regulations. If you are unable
local laws, return this product immediately.

A summary of US laws governing cryptographic products may be found at:
www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us.
export@cisco.com.

cisco WS-C3750G-16TD (PowerPC405) processor (revision F0) with 118784K / 12280K bytes of memory.
Processor board ID CSG0921P0EB
Last reset from power-on
1 Virtual Ethernet interface
16 Gigabit Ethernet interfaces
1 Ten Gigabit Ethernet interface
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00: 14: 1C: D7: 33: 80
Motherboard assembly number: 73-9143-08
Power supply part number: 341-0045-01
Motherboard serial number: CAT091916AM
Power supply serial number: LIT09130942
Model revision number: F0
Motherboard revision number: A0
Model number: WS-C3750G-16TD-S
System serial number: CSG0921P0EB
Top Assembly Part Number: 800-24591-04
Top Assembly Revision Number: A0
CLEI Code Number: COM1D10ARB
Hardware Board Revision Number: 0x01

Switch Ports Model SW Version SW Image
- - - - -
* 1 17 WS-C3750G-16TD 12.2 (46) SE C3750-ADVIPSERVICESK9-M

Configuration register is 0xF

Strange, but he writes that she has only 5507 addresses in her memory:

cisco-01-TEST # show mac address-table count

Total Mac Address Space Available: 5507

Test port settings:

interface GigabitEthernet1 / 0/1
switchport access vlan 20
switchport mode access
end

Empty address table for test vlan:

cisco-01-TEST # sh mac- vl 20
Mac Address Table
- Vlan Mac Address Type Ports
- - - -----

After the trial test ( ./send_pkt -i eth0 -n 10 ), we observe the following:

cisco-01-TEST # show mac address-table count

Mac Entries for Vlan 20:
- Dynamic Address Count: 11
Static Address Count: 0
Total Mac Addresses: 11

Total Mac Address Space Available: 5496

cisco-01-TEST # sh mac- vl 20
Mac Address Table
- Vlan Mac Address Type Ports
- - - - 20 0001.0203.0001 DYNAMIC Gi1 / 0/1
20 0001.0203.0002 DYNAMIC Gi1 / 0/1
20 0001.0203.0003 DYNAMIC Gi1 / 0/1
20 0001.0203.0004 DYNAMIC Gi1 / 0/1
20 0001.0203.0005 DYNAMIC Gi1 / 0/1
20 0001.0203.0006 DYNAMIC Gi1 / 0/1
20 0001.0203.0007 DYNAMIC Gi1 / 0/1
20 0001.0203.0008 DYNAMIC Gi1 / 0/1
20 0001.0203.0009 DYNAMIC Gi1 / 0/1
20 0001.0203.000a DYNAMIC Gi1 / 0/1
20 50af.7312.8435 DYNAMIC Gi1 / 0/1

The eleventh address is the address of the netbook from which the test was run. Available space for addresses has decreased.
We will generate obviously more than the stated number of addresses (12288), I indicated 13000:

cisco-01-TEST # show mac address-table count

Mac Entries for Vlan 20:
- Dynamic Address Count: 4281
Static Address Count: 0
Total Mac Addresses: 4281

Total Mac Address Space Available: 1219

As you can see, it wasn’t possible to fill in the entire table right away, and far from all the addresses were caught, so there you are. I try again:

cisco-01-TEST # show mac address-table count

Mac Entries for Vlan 20:
- Dynamic Address Count: 5724
Static Address Count: 0
Total Mac Addresses: 5724

Total Mac Address Space Available: 192

And the slow mode (the maximum that was able to accommodate):

Mac Entries for Vlan 20:
- Dynamic Address Count: 5945
Static Address Count: 0
Total Mac Addresses: 5945

Total Mac Address Space Available: 3

cisco-01-TEST # show mac address-table count

Random test:
cisco-01-TEST # sh mac address-table count

Mac Entries for Vlan 20:
- Dynamic Address Count: 4417
Static Address Count: 0
Total Mac Addresses: 4417

Total Mac Address Space Available: 1499

Random slow test:

cisco-01-TEST # sh mac address-table count

Mac Entries for Vlan 20:
- Dynamic Address Count: 5947
Static Address Count: 0
Total Mac Addresses: 5947

Total Mac Address Space Available: 1

Total
It turns out that the characteristic declared by the manufacturer is not true (if I am wrong, for example, IOS is affected and there are special notes for it, let me know with proof). The difference is almost doubled. Even if you rely on the information displayed by the system itself (5507), they should not be trusted either: in the fast mode the table was not filled to 1219 addresses, and in the slow mode it was constantly rebuilt and the total counter readings changed, it does not depend on the generation mode .

ZyXEL GS-3012F

Platform Information:

zyxel-01-T # show version
Current ZyNOS version: V3.80 (LR.2) | 03/04/2008

zyxel-01-T # show system-information
System Name: zyxel-01-TEST
System Contact:
System Location:
Ethernet Address: 00: 19: cb: 2d: d8: 49
ZyNOS F / W Version: V3.80 (LR.2) | 03/04/2008
RomRasSize: 3234952
System up Time: 837: 37: 39 (11f939d5 ticks)
Bootbase Version: V3.00 | 01/14/2005
ZyNOS CODE: RAS Mar 4 2008 11:51:18
Product Model: GS-3012F

We generate with exceeding 17000 (supported by 16384):

zyxel-01-T # show mac-count
No: 16312

Slow mode was not used, because even in fast the table is almost full.
Random test:

zyxel-01-T # show mac-count
No: 14331

Total
Overall, good results. The switch does not “lose” addresses generated at port speed. The size of the table and its filling corresponds to the declared.

D-Link DGS-3426

Platform Information:

DGS-3426: admin # show tech_support
Command: show tech_support

# ------------------------------------------------- ------------------------------
# DGS-3426 Gigabit Ethernet Switch
# Technical Support Information
#
# Firmware: Build 2.70.B56
# Copyright 2010 D-Link Corporation. All rights reserved.
# ------------------------------------------------- ------------------------------

******************** Basic System Information *******************

[SYS 2000-1-1 00:07:51]

Boot Time: Dec 31, 1999 23:59:59
RTC Time: 2000/01/01 00:07:51
Boot PROM Version: Build 1.00-B13
Firmware Version: Build 2.70.B56
Hardware Version: 2A1
MAC Address: 00-17-9A-10-CD-AA
[STACKING 2000-1-1 00:07:51]

We generate in excess of 9000 (8192 is supported):

DGS-3426: admin # show fdb vlan TEST
Command: show fdb vlan TEST

VID VLAN Name MAC Address Port Type
- - - - - 20 TEST 00-01-02-03-00-01 1 Dynamic
20 TEST 00-01-02-03-00-02 1 Dynamic
20 TEST 00-01-02-03-00-03 1 Dynamic
20 TEST 00-01-02-03-00-04 1 Dynamic
20 TEST 00-01-02-03-00-05 1 Dynamic
20 TEST 00-01-02-03-00-06 1 Dynamic
20 TEST 00-01-02-03-00-07 1 Dynamic
20 TEST 00-01-02-03-00-08 1 Dynamic
20 TEST 00-01-02-03-00-09 1 Dynamic
20 TEST 00-01-02-03-00-0A 1 Dynamic
20 TEST 00-01-02-03-00-0B 1 Dynamic
20 TEST 00-01-02-03-00-0C 1 Dynamic
20 TEST 00-01-02-03-00-0D 1 Dynamic

...

Total Entries: 8147

Slow mode, as in the previous test was not used, because the table is almost full.
Random test:

DGS-3426: admin # show fdb vlan TEST
Command: show fdb vlan TEST

VID VLAN Name MAC Address Port Type
- - - - - 20 TEST 00-00-01-33-82-27 1 Dynamic
20 TEST 00-00-03-43-5A-66 1 Dynamic
20 TEST 00-00-03-66-C4-5D 1 Dynamic
20 TEST 00-00-05-32-86-B1 1 Dynamic
20 TEST 00-00-07-6D-3A-40 1 Dynamic
20 TEST 00-00-0A-0F-E0-AE 1 Dynamic
20 TEST 00-00-22-3A-81-2B 1 Dynamic
20 TEST 00-00-24-68-E9-70 1 Dynamic
20 TEST 00-00-35-00-B0-93 1 Dynamic
20 TEST 00-00-3F-04-BE-95 1 Dynamic
20 TEST 00-00-43-01-A4-A4 1 Dynamic
20 TEST 00-00-71-27-41-8A 1 Dynamic
20 TEST 00-00-92-3C-2A-5A 1 Dynamic
20 TEST 00-00-92-5B-94-62 1 Dynamic
20 TEST 00-00-95-26-49-3D 1 Dynamic
20 TEST 00-00-9F-2E-45-DF 1 Dynamic
20 TEST 00-00-9F-6D-BE-1E 1 Dynamic
20 TEST 00-00-A7-75-72-4F 1 Dynamic
20 TEST 00-00-A9-17-38-DD 1 Dynamic
20 TEST 00-00-AF-5A-8C-54 1 Dynamic

...

Total Entries: 7327

Total
This switch is also fine. The table is filled as stated, with random data, the indicators are slightly worse. And as a “chip”, the table of poppies is sorted when viewed (perhaps because there is no string processor, for example, like cisco).

Metrotek X10-24

This switch, or rather its development - the reason for the article. It uses the ASIC matrix from the Japanese company Fujitsu. Studying the documentation, we can conclude that saving resources is very serious, therefore, independent tests were performed.
Platform Information:

x10-00002 # show version report
Origin: Metrotek
Label: Metrotek
Codename: oxygen
Version: 1.0.1
Date: Wed, 4 Mar 2015 11:04:37 UTC
Architectures: armel i386
Components: contrib non-free
Description: Metrotek X10-24 Gigabit Ethernet Switch

We generate with exceeding 17000 (supported by 16368):

root @ x10-00002: ~ # show-mac-table -v 20 | wc -l
16368

Slow mode not used
Random test:

root @ x10-00002: ~ # show-mac-table -v 20 | wc -l
14429

Total
For incremental addresses, the table fully complies with the declared one, while for random ones, indicators worsen, although they lie in a fairly close to the declared range.

Conclusion

If your network is built in such a way that the L2 domain includes many devices, then you can expect trouble. Strange was the fact that the most significant vendor showed the worst results. Hence the moral - trust only with your own eyes and test, not with small print marketing statements in a footnote.
I was so surprised by the state of things that I decided to write about it. If there is an opportunity to conduct the same test, then please post the results in the comments.

Thanks for attention.