The introductory information base ( FIB ), also known as the forwarding table or MAC table , is most commonly used in bridging networks, routing, and similar functions to find the right interface to which the input interface should forward packets. This is a dynamic table that maps the MAC address to the port. This is an important mechanism that separates network switches from Ethernet hubs. Content-addressable memory (CAM) is typically used to apply FIB efficiently, so it is sometimes called CAM table .
Video Forwarding information base
Operation
The role of an Ethernet switch is to forward Ethernet frames from one port to another. The presence of FIB is one of the attributes that separates the switch from the hub. Without functional FIB, all frames received by network switches will be echoed back to all other ports, such as an Ethernet hub. A switch should only emit frames on the port where the destination network device is (unicast), except for frames for all nodes on the switch (broadcast) or multiple nodes (multicast).
In general, FIB is a memory system used by Ethernet switch logic to map the station's MAC address to the switch port connected to the station. This allows the switch to facilitate communication between stations that are connected at high speed regardless of how many devices are connected to the switch. FIB was consulted to make forwarding frame decisions. The switch learns the MAC address from the Ethernet frame source address on the port, such as the Address Resolution protocol response packet.
Maps Forwarding information base
Apps in the data link layer
Data link layer technologies, such as media access control protocol (MAC) on local area networks, have addresses that have no meaning beyond one medium.
In addition to Ethernet bridging based on MAC layer addresses, other data-link-layer technologies use forwarding tables including frame relay and Asynchronous Transfer Mode (ATM) switches, and multiprotocol label switching (MPLS). ATM has address and link-local addresses that have end-to-end significance in ATM domains.
Bridging
The MAC layer bridge studies the interface where they first see the specified source address, and associates the interface with that address. When the bridge then receives the frame with the destination address in the forwarding table, it sends the frame out the interface stored on the forwarding table.
If the bridge has not seen its address, it treats the frame as if it were a broadcast and flooded all the active interfaces except the received interface.
Frame relay
While the exact mechanism of a forwarding table is implementation-specific, the general model is a frame relay switch having a statically defined forwarding table, one per interface. When a frame with a given data link connection identifier (DLCI) is received on one interface, the table associated with that interface provides an outbound interface, and a new DLCI to be inserted into the frame address field.
Asynchronous transfer mode
The ATM switch has a link level transfer table as used in frame relay. Instead of DLCI, however, the interface has a forwarding table that specifies outbound interfaces, virtual path identifiers, and virtual circuit identifiers. These tables can be configured statically, or they can be distributed by a private network-to-network interface (PNNI) protocol. When PNNI is used, ATM switches on the bank edge of the ATM will map one of the standard ATM end-to-end identifiers, such as NSAP, to VPI/VCI next-hop.
Multiprotocol label switching
MPLS, which has been called "ATM without cells", has many similarities, at the delivery level, to ATMs. Label edge routers (LER) on the edge of the MPLS cloud map between end-to-end identifiers, such as IP addresses, and local link labels. On each MPLS hop, there is a forwarding table that tells the switched router label (LSR) that exits the interface to receive MPLS packets, and what labels are used when sending packets out that interface.
Apps on the network layer
Network layer addresses, such as IP addresses, are conceptually similar to all media in the routing domain.
In continue
In contrast to routing tables, FIB is optimized for rapidly searching destination addresses. Previous implementations only cache some of the most frequently used routes in the actual forwarding, and this works pretty well for companies where there are most frequently used parts that are used most often. Routers used to access the entire Internet, however, suffered severe performance reductions in refreshing small cache, and various implementations moved to FIB in one-to-one correspondence with routing information base (RIB). RIB is optimized for efficient updates with routing protocols and other aircraft control methods, and contains the full set of routes learned by routers.
FIBs can also be implemented with a fast hardware search mechanism, such as the addressable memory of addressable content (TCAM). TCAM, however, is quite expensive, and tends to be used more in edge routers with relatively smaller number of routes than on routers that must carry full Internet routing tables, with additional internal routes.
In the filtering entry against denial of service
FIBs can also play a role in the Internet's current best practice (BCP) of its incoming filtering. Although the simplest form of application of incoming filtering is to use access lists to drop packets with incorrect source addresses, the use of access lists becomes difficult on routers with a large number of adjacent networks, and traditional access lists are not used in continuous routing of high-performance router paths.
While the IETF BCP 38 document on ingress filtering does not specify the method of applying source address filtering, some router vendors have implemented a mechanism that uses a search in the router table to perform this check. (See also reverse path forwarding. ) This is often implemented as a FIB search from the source address of the package. If the interface does not have a route to the source address, the packet is assumed as part of a denial of service attack, using a fake source address or spoofed , and the router discards the packet.
When the router is multihomed, the inclusion of filtering becomes more complex. There is a very sensible operational scenario where a packet can arrive at one interface, but that specific interface may not have a route to the source address. For routers near the edge of the Internet, packet filters can provide a simpler and more effective solution than methods that use routing information searching, although this approach can be challenging when managing routers that are often reconfigured. Ingress filtering for multihomed routers will receive packets if there is a route back to their source address from any arbitrary interface on the router. For this type of filtering, the router can also maintain the adjacency table , also set for quick search, which traces the router interface address that exists on all connected routers directly.
In the service quality
Distinguished IP services provide additional methods for selecting outbound interfaces, based on the fields that indicate the priority of the forwarding packets, as well as the preference of packets that will be dropped in the presence of a bottleneck.
Routers that support different services should not only look for the output interface for the destination address, but need to send the packet to the interface that best suits the different service requirements. In other words, as well as matching destination address, FIB must match different service code points (DSCP).
FIB information for additional processing
Specific routing routers can, when destination addresses or other FIB criteria are matched, specify other actions to take before forwarding (for example, accounting or encryption), or applying an access control list that could cause the packet to be dropped.
Attack
CAM tables are often the target of network layer 2 attacks on local area networks to manage man-in-the-middle attacks. The threat agent that controls the devices connected to the Ethernet switch can attack the CAM switch table. This attack typically involves exploiting vulnerabilities in the design of a switch that appears when the switch runs out of space to record all of the MAC addresses to the port mapping it is learning. If the table is loaded due to MAC flood, most switches can no longer reliably add new MAC addresses.
References
External links
RIBs dan FIBs (alias IP Routing Table dan CEF Table), Ivan Pepelnjak. http://blog.ipspace.net/2010/09/ribs-and-fibs.html
Source of the article : Wikipedia
0 Comments