Skip to main content

concepts

Segmentation

Segmentation means dividing a large network into smaller logical or physical parts, like cutting one big noisy room into smaller, quieter rooms. Each “segment” can be:

  • a different subnet (Layer 3)

  • or a different VLAN (Layer 2) The Problem Without Segmentation

When every device is in one big flat network:

All broadcasts (like ARP requests) are heard by every device.

The more devices → the more broadcast traffic.

Each device must process every broadcast even if it doesn’t care.

Switches forward all broadcasts to all ports (same VLAN).

➡️ Result: Network congestion and slow performance.

  • add an exmpaple
What Happens With Segmentation

When you divide that big network into smaller parts (segments):

Each segment has its own broadcast domain.

Broadcasts stay within their segment.

Devices handle less unnecessary traffic.

Switches/routers only forward traffic where it’s needed.

Real-World Analogy

Imagine an office with 100 people all shouting questions aloud. Everyone hears everyone — chaos!

Now divide the office into departments (segments): Marketing, IT, HR, Accounting.

Each team talks among themselves — far less noise, faster work.

That’s network segmentation in action.

Network Segment

It is a portion of a computer network where all devices can communicate directly with each other at the data link layer (Layer 2) without needing a router. For instance: A “street” where all houses (devices) are connected to the same switch or hub — everyone can talk directly.

If all ports are on the same VLAN (say VLAN 1), then all devices connected to that switch — and even other switches connected to it — are in the same network segment.

  • add a picture of the setup

Now, suppose we configure:

  • Switch1, Port 1–5 → VLAN 10

  • Switch1, Port 6–10 → VLAN 20

  • add a pciture PC1 and PC2 cannot communicate directly Each VLAN = separate network segment Even though it’s the same physical switch, VLANs logically divide the switch into multiple Layer 2 segments.

  • Switch without VLANs = bridge (extends)

  • Switch with VLANs = divider (separates)

  • All PCs connected to the same Ethernet switch port group are in the same network segment.
  • Switches can separate segments at Layer 2.
Summary

Switches can separate segments at Layer 2, routers at Layer 3. routers at Layer 3.

Broadcast Domain

A broadcast domain is a logical area of the network in which any broadcast sent by a device is received by all other devices in the same domain.

Think of it like:

A “shouting zone” — when one person yells (broadcasts), everyone in that room (domain) hears it.

Example:

When a computer sends an ARP request (e.g., “Who has 192.168.1.1?”), every device in that broadcast domain hears it.

Routers stop broadcasts — they create separate broadcast domains.

Switches and bridges forward broadcasts (so they stay in the same domain).

VLANs can be used to create multiple broadcast domains on one switch.

Every broadcast domain is a network segment, but not every network segment is necessarily a separate broadcast domain. Because:

Without VLANs, multiple switches can be part of the same broadcast domain (one big segment).

With VLANs or routers, each segment becomes its own broadcast domain

What Is ARP?

ARP stands for Address Resolution Protocol. It operates at Layer 2 (Data Link) and Layer 3 (Network) — right between where IP addresses and MAC addresses meet.

Purpose of ARP

ARP’s job is to find the MAC address that belongs to a given IP address.

Computers need the MAC address (hardware address) to send frames on a local network, but they usually only know the IP address (logical address). So ARP helps them “translate” one to the other.

💬 What Is an ARP Request?

An ARP request is a broadcast message sent by a device asking:

“Who has this IP address? Tell me your MAC address!”

ARP Key Facts Feature Description Protocol type Layer 2/3 (maps IP → MAC) Message type Request (broadcast) & Reply (unicast) Broadcast domain Stays inside one broadcast domain — routers don’t forward ARP Cache Stored temporarily in the ARP table to avoid asking again Used for IPv4 networks (IPv6 uses Neighbor Discovery Protocol, NDP)

Security Note

Attackers can perform ARP spoofing or poisoning — sending fake ARP replies to redirect traffic. This is why network security tools (like DHCP snooping + Dynamic ARP Inspection) are used.

Session layer You mentioned "knowing who is involved," which relates to establishing the session. "When they are to send the data" touches on dialog control (managing whose turn it is to talk). And "if the data transmission is done" is precisely terminating the session.

When a switch receives a frame with a destination MAC address that’s not yet in its MAC address table, it doesn’t know which port leads to that device.

So, the switch will flood that frame out of all ports except the one it was received on.

👉 This is called unknown unicast flooding.

If the destination device replies, the switch learns which port that MAC address is on — it adds that info to its MAC address table

So to summarize:

The switch uses its MAC address table to forward frames.

If it doesn’t have the entry → it floods the frame.

Once it learns the response → it updates its table for next time.

🧠 Imagine this setup:

You have 4 computers (A, B, C, D) connected to a switch.

A → Port 1

B → Port 2

C → Port 3

D → Port 4

Now, Computer A sends a frame to Computer D.

🔹 Step 1: Switch receives the frame

The frame arrives on Port 1 (from A).

Inside the Ethernet frame, the destination MAC address = D’s MAC.

The switch checks its MAC address table to see if it already knows which port D’s MAC is on.

🔹 Step 2: It doesn’t find D in its table

The switch has never seen traffic from D before, so it doesn’t know which port leads to D.

🔹 Step 3: Flooding

Because it doesn’t know where D is, the switch sends a copy of that frame out every other port — except the one it came in on.

So in this case:

Came in on Port 1

Gets sent out to Port 2, Port 3, and Port 4

That’s what “flooding” means. It’s like the switch saying,

“I don’t know where D is — I’ll send this to everyone and see who answers.”

🔹 Step 4: Computer D receives the frame

Computer D recognizes its own MAC address and replies to A.

The reply travels back through the switch.

Now the switch learns: “Ah, D’s MAC address came in on Port 4.”

It updates its MAC table with that info.

🧩 Summary

Flooding = sending frames out all ports except the one it came in on when the destination MAC is unknown.

Once the switch learns where that MAC lives, it stops flooding and sends future frames directly to that port.

BGP is the standard protocol for inter-domain routing, meaning it’s used to exchange routing information between different autonomous systems (ASes) — such as between large enterprises, ISPs, or data centers.

It’s a path-vector protocol that uses attributes (like AS-PATH) to determine the best route.

BGP is what makes the Internet work by connecting thousands of autonomous systems globally.

Other Options (Incorrect):

RIP (Routing Information Protocol): Used for small networks; limited hop count (15 max).

EIGRP: Cisco-proprietary protocol used within an autonomous system (intra-domain).

OSPF: Also used within an autonomous system; it’s a link-state protocol, not designed for routing between ASes.