Hubs, Switches und Routers

Foundations: What Are Hubs, Switches and Routers?

By Corey Nachreiner, WatchGuard Network Security Analyst

For no apparent reason, my car's "Service Engine Soon" light lit up last week, prompting me to take the vehicle in for a check-up. Not expecting any major problems, I was caught off-guard when the mechanic estimated repair costs at $1400. The car ran fine. I asked why the car cost so much to repair.

The mechanic replied, "Your Differential Pressure Feedback EGR (DPFE) sensor malfunctioned and you also seem to have a leak in your exhaust manifold, probably from a faulty gasket. Not to mention, your timing-belt is cracked and I need to readjust your ignition timing."

Not wanting to seem like a moron, I nodded quietly during his explanation, pretending to understand. But I hadn't the faintest idea what his words meant.

That's when I realized, computer networking geeks like me probably sound just as bad when speaking to "normal people." We networking geeks use obscure technical jargon and references, leaving the average computer user in confusion. For instance, telling an elementary school teacher, "Replace your LAN's current hub with the SOHO's built-in switch and plug the SOHO's WAN port into your router" probably makes as much sense to her, as a car mechanic telling me to flush my intake valve.

If you're one of those "normal people" who don't speak fluent acronym, this article will help you understand the basics about some common networking devices, so you can feel familiar with what each does and when to use it. If you already know what network hubs, switches, routers and firewalls do, feel free to skip this article. Otherwise, tug on a pair of overalls, pop the latch, and get ready to peer under your network's hood.

What's your port's NIC name?

A Network Interface Card (NIC) is the piece of hardware inside your computer that you use to connect your computer to other network devices. (For more on NICs?, read "Foundations: What Are NIC, MAC, and ARP?") Each NIC has only one hole where you can plug something in. This outlet is called an Ethernet port. The fact that a NIC has only one port is no problem if you want to plug one computer directly into another. However, if you want to connect twenty computers to form a network, and connect that network to the Internet, suddenly one Ethernet port seems pretty insufficient.

Technicians created network devices specifically to solve connection dilemmas. We can separate these devices into two categories:

  1. Devices used to connect computers together to form a local area network (LAN). Example: hubs and switches.
  2. Devices used to connect networks together. Example: routers and firewalls.

Connecting computers using hubs and switches

Let's start with the devices used to form local area networks (LANs?). "Local area" means just that: a LAN is your private network, working in your office to connect your computer to your co-worker's, and both of you to the printer, and so on. A LAN might or might not connect to the Internet.

Since your computer's NIC has only one Ethernet port, you need a gadget that allows you to connect multiple computers so they can all "talk" to one another. That pretty much defines a hub, a device that connects multiple computers together to communicate. Hubs can have anywhere from four to twenty-four Ethernet ports to plug computers into. Once you connect your computers to the hub, it takes care of delivering network traffic among all the machines.

The basic definition for a hub also applies to a switch. Like a hub, a switch is a network device that helps you connect multiple computers together. Also like a hub, switches come in different flavors, with four to ninety-six Ethernet ports. But hubs and switches differ in how they pass network traffic.

Hubs are dumb. They don't understand anything about the network packets they convey. Think of hubs like CB radios. When you broadcast messages over a CB, all the truckers listening on the same channel can hear what you say. When your computer sends a network packet through a hub, the hub simply repeats that packet out of all its ports. This means that all the computers attached to the hub see that packet even though only one of them is intended to receive it. However, according to networking protocol, only the computer that is "supposed" to get the packet responds.

In contrast, switches are smarter. Switches actually pay attention to the network packets they convey. A switch can recognize which computer a packet comes from and goes to, and a switch also knows which port you plugged each computer into. The switch learns this from watching MAC addresses and ARP traffic. When your computer sends a network packet through a switch, only the intended recipient receives the packet. In other words, if a hub acts like a CB radio, a switch acts more like a phone. When you call someone on the phone, only one person can answer.

Although switches and hubs do essentially the same thing -- connect computers together -- switches do it better for two reasons: efficiency and security. Since they only send traffic to one recipient rather than wasting bandwidth sending it to every device on a network segment, switches are more efficient and can handle larger networks with heavy network loads. And switches provide more security since a computer on a switch can only see network traffic specifically destined for itself.

Traffic exits your network using routers and firewalls

The devices we've discussed so far provide ways of connecting computers to form a LAN. Once you create a LAN, you probably want a device that connects your LAN to another network. Usually, that's the Internet, so named because it is a network of networks.

A router connects two or more networks together. A router has at least two outlets. You plug your LAN's switch or hub into one of your router's outlets, and the other outlet plugs into another network.Since most people use routers to reach the Internet, the second outlet typically connects to your Internet Service Provider (ISP). For instance, if you have a DSL connection at home, your ISP probably gave you a DSL router. One end of the DSL router plugs directly into either your computer, or into a hub that connects your computers together, while the other end plugs into a phone line that goes to your ISP.

If one of your computers wants to reach another network, it sends its request to your router. Your router forwards that request to its second network. If your destination isn't in that network, another router forwards your request to the next network... and so on, until your request eventually reaches its intended recipient. Each time your request gets forwarded to another router, we call it a hop. Routers exist primarily to connect networks in this manner.

Firewall appliances, on the other hand, are meant to prevent unwanted requests from reaching their destination. Some people think of firewalls as specialized routers. Both devices connect two or more networks together and can route network requests to the proper destination. But routers and firewalls exist for different reasons. A router exists to pass traffic, while a firewall exists to block traffic. Think of a router as a restaurant greeter and a firewall as a bouncer. They each stand at the door and direct customers to the right place, but a greeter helps everyone, while a bouncer only helps the people approved by management's policies.

Talk like a network mechanic

Although you can learn a lot more about hubs, switches, routers and firewalls, you now know enough to understand what they do and when to use them in your network. The next time your growing network throws up the equivalent of a "Service Engine Soon" light, perhaps adding one of these devices will answer your problem. As far as finding the money for the repair bill, though, like me, you're on your own.

No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features or functionality will be provided on an if and when available basis.

© 2005 WatchGuard Technologies, Incorporated. All Rights Reserved.
WatchGuard, LiveSecurity and Firebox, and any other word listed as a trademark in the "Terms of Use" portion of the WatchGuard Web site that is used herein, are registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.
You may not modify, reproduce, republish, post, transmit, or distribute this content except as expressly permitted in writing by WatchGuard Technologies, Inc.