Very short answer: no.
You might think that layer-3 switches perform bridging and routing, while routers do only routing. That hasn’t been the case at least since Cisco introduced Integrated Routing and Bridging in IOS release 11.2 more than 15 years ago. However, Simon Gordon raised an interesting point in a tweet: “I thought IP L3 switching includes switching within subnet based on IP address, routing is between subnets only.”
Let’s start with the intra-subnet functions the layer-3 forwarding devices (whether you call them switches or routers) do:
- Dynamic neighbor discovery through ARP/ND for packets sent to hosts in directly attached subnets (glean adjacencies in CEF terminology);
- Generation of host routes based on ARP/ND results (cached adjacencies in CEF terminology);
- Forwarding of IP packet to directly attached IP hosts based on ARP/ND-generated host routes.
However, if a layer-3 forwarding device performs MAC-based forwarding in combination with IP-based forwarding, it usually uses the destination MAC address to figure out which forwarding method to use:
- Layer-2 frames sent to router’s own MAC address are passed up the protocol stack into the IP forwarding code (and if the IP packet is sent to router’s IP address, the packet is sent to the control plane for further processing);
- Layer-2 frames sent to other destination MAC addresses are passed to MAC forwarding code, which performs MAC address table (or TCAM) lookup and forwards, floods or drops the packet.
I haven’t seen a device (yet) that would use IP protocol type (0x0800) in Ethernet header to decide whether to use MAC-based or IP-based forwarding. If you’ve seen one, please write a comment (overzealous DSL concentrators that violate layering by peeking inside PPPoE sessions don’t count).
Summary: There’s no difference in intra-subnet (intra-VLAN) forwarding between a router (layer-3 switch) and a simple bridge (layer-2 switch). However, an IP-aware device (even a more sophisticated layer-2 switch) might support IP-based port access lists or DSCP- or ACL-based QoS.
Layer-2 and Layer-3 interfaces
Some switches have physical layer-2 and layer-3 interfaces. Layer-2 interfaces behave as I described above, with the internal router being connected with one of its interfaces (example: VLAN or SVI interface) to the internal bridge:
Physical layer-3 interfaces connect directly to the internal router. If a physical layer-3 interface receives an Ethernet frame sent to a third party MAC address, the frame is dropped.
Some switches (example: Catalyst 6500) use hidden VLANs to implement layer-3 interfaces. You might think that detail doesn’t matter ... until you run out of VLANs.
Finally, some devices have layer-3 subinterfaces. These interfaces modify the frame forwarding rules on per-VLAN basis: if the parent physical interface receives an Ethernet frame belonging to the subinterface VLAN, the router uses the IP forwarding path (and drops the Ethernet frame on destination MAC mismatch), whereas the destination MAC address selects the forwarding method (L2 or L3) used for frames belonging to other VLANs.
The diagrams used in this post are part of the Data Center 3.0 for Networking Engineers webinar. If you’re interested in modern data center switching solutions, that webinar would be a great place to start, with Data Center Fabric Architectures and Clos Fabrics Explained webinars providing further details. All three webinars are part of the yearly subscription.
If you’d like to discuss various technology options or have a short review of your data center network design, check out the ExpertExpress service.