Under the listed circumstances it is thus advisable to interprete these terms in their context. Summary: we discussed the Ingress and Egress concepts in their historical development as well as in their implication within different network levels.
In such usage, the L2 and 元 aspect of ports on the firewall (usually called under Cisco PIX-devices "outside" and "inside") is generally being neglected. In other words on the level of the corporate gateway or firewall the egress term is applied to the information from Intranet to Internet and ingress term signifies the information from Internet to the Intranet (the latter also known as corporate LAN). See further details on “Understanding Ingress and Egress on 元 Switches (Part 2)".Īnd at the very latest many people started using the words for edge routers / gateways, using egress term for all outgoing connection (from the perspective of the "insider", usually a LAN with private IP address scope, but not obligatory) and ingress for the incoming packets (i.e., from MAN or WAN). Ingress is the action of going into or entering a property or roadway. Entrances and exits to controlled-access highways are provided at interchanges by ramps, which allow for speed changes between the highway and arterials and collector roads. There physical ports and VLAN-ports mingled the straight understanding but the logic behind stayed the same – a bridged frame that has to cross-over VLANs is ingressing the source VLAN port and egressing the destination VLAN port. For example, a driveway provides ingress and egress from roadways to houses and businesses. Later on the terms were applied on 元-enhanced switches which brought some troubles since there we have 元 packets (this means with additional IP header) that are being routed and not switched. So for example for a “client” switch port (called under Cisco "switchport mode access") belonging to a certain VLAN this header information had to be erased before egressing, whereas for a VLAN trunk port (i.e., switchport mode trunk) this header information had to be preserved by the egressing process. This concept was later needed to explain OSI L2 enhancements like VLAN and QoS where different tags were applied to the frame header and a decision had to be made from the switch, where exactly to add or strip them down. To summarize as a definition on L2 ports: ingress is incoming from an adjacent node, egress outgoing to an adjacent node.
Then a frame - mind NOT a packet - from a PC1 to the switch port 1 is ingress and the same frame from 24 to PC2 is egress. First we had "dumb" L2 switches with only physical ports. There is no big philosophy when one keeps in mind that Ingress/Egress-terms were originally explaining OSI L2 features. There are numerous misunderstandings of the Ingress and Egress concepts when related to different OSI layers, so here is a brief overview: