CAM Table

Content addressable memory (CAM) table is a term referring to the dynamic content-addressable memory in an Ethernet switch.

Operation

A Ethernet switch's role is to copy Ethernet frames from one port to another. The presence of a CAM table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other ports, much like an Ethernet hub. A switch should only emit a frame on the port where the destination network device resides (unicast), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast).

Generally, the CAM table is a system memory construct used by Ethernet switch logic to dereference Media Access Control (MAC) addresses of stations to the ports on which they connect to the switch. This allows switches to facilitate communications between connected stations at high speed regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol response packets.

Attacks

CAM tables are often the target of layer 2 network attacks in a local area network to set up man-in-the-middle attacks. A threat agent which has control of a device connected to an Ethernet switch can attack the switch's CAM table. This attack usually involves exploiting a vulnerability in switch design that appears when the switch runs out of space to record all of the MAC-port mappings it learns. If the table fills up due to MAC flooding, most switches are no longer able to reliably map a MAC to a port. Rather than failing to deliver frames, the switch begins to flood any received frame simultaneously to all ports. In the case of unicast datagrams, data formerly only available to the communications endpoint nodes is now available to all nodes on the switch. This is an inherent confidentiality vulnerability in many Ethernet switches. When the switch is operating in this temporary state, any cleartext data is visible to a watching third party. This also can cause impaired performance levels on the switch and networks to which it is connected.

External links

• Thamaraiselvam Santhanam. "DOC-15833: CAM VS TCAM". Cisco Systems Inc.. https://supportforums.cisco.com/docs/DOC-15833.  Discusses CAM-type and TCAM-type memory on Cisco switches.