Head-of-line blocking (HOL blocking) in networking is a performance issue that occurs when a bunch of packets is blocked by the first packet in line. It can happen specially in input buffered network switches where out-of-order delivery of packets can occur. A switch can be composed of input buffered ports, output buffered ports and switch fabric.
When first-in first-out input buffers are used, only the first received packet is prepared to be forwarded. All packets received afterwards are not forwarded if the first one cannot be forwarded. That is basically what HOL blocking really is.
As this is networking blog I will focus mostly on the usage of CAM and TCAM memory in routers and switches. I will explain TCAM role in router prefix lookup process and switch mac address table lookup.
However, when we talk about this specific topic, most of you will ask: how is this memory made from architectural aspect?
How is it made in order to have the capability of making lookups faster than any other hardware or software solution? That is the reason for the second part of the article where I will try to explain in short how are the most usual TCAM memory build to have the capabilities they have.
CAM and TCAM memory
When using TCAM – Ternary Content Addressable Memory inside routers it’s used for faster address lookup that enables fast routing.
In switches CAM – Content Addressable Memory is used for building and lookup of mac address table that enables L2 forwarding decisions. By implementing router prefix lookup in TCAM, we are moving process of Forwarding Information Base lookup from software to hardware.
When we implement TCAM we enable the address search process not to depend on the number of prefix entries because TCAM main characteristic is that it is able to search all its entries in parallel. It means that no matter how many address prefixes are stored in TCAM, router will find the longest prefix match in one iteration. It’s magic, right?
Image 1 shows how FIB lookup functions and points to an entry in the adjacency table. Search process goes through all entries in TCAM table in one iteration.
In routers, like High-End Cisco ones, TCAM is used to enable CEF – Cisco Express Forwarding in hardware. CEF is building FIB table from RIB table (Routing table) and Adjacency table from ARP table for building pre-prepared L2 headers for every next-hop neighbour.
As the time goes by and the network with more and more virtualised servers and other devices are making that network more complicated, overlay technologies are rising to save the day for network administrators.
Virtual Extensible LAN – VXLAN is a new encapsulation technology used to run an overlay network on current Layer 3 communication network. An overlay network is considered as a practical network that is set up on the top of current layer 2 network. It also considers additional layer 3 technologies to aid flexible computer architectures. VXLAN will make sure it is very easy for network engineers to level out the right cloud computing setting while reasonably separating cloud applications and tenants. A cloud computing environment is defined as a multitenant, every tenant needs its separately configured logical network, which in return needs it’s very own network ID or identification.
What the hell that means?
What it this VXLAN doing actually. To put it simple, VXLAN can create logical network to connect your virtual machines across different networks. It is enabling us to make a layer 2 network for our VMs on top of our layer 3 network. That’s why VXLAN is a overlay technology. In “normal” network if you are connecting virtual machine to get the connection to some other virtual machine on different subnet, you need to use a layer 3 router to make a connection between networks. With VXLAN we can utilize VXLAN gateway of some sort to connect them without even exiting into physical network.
Image: VXLAN frame – taken from blog.cisco.com website
If you know what delay is, jitter is simply the difference in packet delay. In other words, jitter is measuring time difference in packet inter-arrival time.
It is a specific phenomenon that normally exists in bigger packet switched networks. As a time shift phenomenon it usually does not cause any communication problems. Actually, TCP/IP is responsible for dealing with the jitter impact on communication.
On the other hand, when we speak about Voice traffic and VoIP network environment this can be an issue. When someone is sending VoIP communication at a normal interval, (let’s say one frame every 10 ms), those packets could have stuck somewhere in-between the network and not arrive at expected regular pace to the destined station. It is not usual, but the packets could take different routes or get load-balanced through two similar paths where one of those is congested in that moment.
That’s the whole jitter phenomenon. We can look at it as the anomaly in tempo, with which packet is expected to come and the time he was late to really get there.
In this image above, you can notice that the time it takes for packets to be send is not the same as the time in which he will arrive at the receiver side. One of the packets encounters some delay on his way and it is received little later than it was expected. Jitter buffers are entering the story. They will try to remedy packet delay if required and if possible. VoIP packets in networks have very changeable packet inter-arrival intervals because they are usually smaller than normal data packets, and are therefore more numerous, with bigger chance to get some delay.
Block Traffic among two VLAN’s but only in one way, how to do that?
VLAN and VLAN configurations are very useful in all kinds of different ways. This configuration will be useful sooner or later for all network administrators out there.
UPDATE on 01 Sep 2017:
This article is about reflexive access-list which enable some sort of false statefulness for TCP traffic going through your router. After some feedbacks from my readers, I wrote another, a bit better article about reflexive access-list configuration so I suggest reading the other one as well.
It was a big challenge to resolve this tricky communication security requirement. The problem actually does not seem like a big deal but when you try to make it work you see that it is.
The goal was to make unidirectional communication filter between two VLANs. The request was to allow VLAN 10 to access VLAN 20 but not the opposite. The computers from VLAN 10 needed to access resources in VLAN 20 normally but computers from VLAN 20 had to be prevented to access VLAN 10.