Understanding Ingress and Egress in General (Part 1)

Published on
55,639 Points
7 Endorsements
Last Modified:
There are numerous misunderstandings of the Ingress and Egress concepts when related to different OSI layers, so here is a brief overview:

There is no big philosophy when one keeps in mind that Ingress/Egress-terms were originally explaining OSI L2 features. So they are always switch port related. First we had "dumb" L2 switches with only physical ports. Then a frame - mind NOT a packet - from a PC1 to the switch port 1 is ingress and the same frame from 24 to PC2 is egress. To summarize as a definition on L2 ports: ingress is incoming from an adjacent node, egress outgoing to an adjacent node.

This concept was later needed to explain OSI L2 enhancements like VLAN and QoS where different tags were applied to the frame header and a decision had to be made from the switch, where exactly to add or strip them down.  So for example for a “client” switch port (called under Cisco "switchport mode access") belonging to a certain VLAN this header information had to be erased before egressing, whereas for a VLAN trunk port (i.e., switchport mode trunk) this header information had to be preserved by the egressing process.

Later on the terms were applied on L3-enhanced switches which brought some troubles since there we have L3 packets (this means with additional IP header) that are being routed and not switched. There physical ports and VLAN-ports mingled the straight understanding but the logic behind stayed the same – a bridged frame that has to cross-over VLANs is ingressing the source VLAN port and egressing the destination VLAN port. See further details on “Understanding Ingress and Egress on L3 Switches (Part 2)".

And at the very latest many people started using the words for edge routers / gateways, using egress term for all outgoing connection (from the perspective of the "insider", usually a LAN with private IP address scope, but not obligatory) and ingress for the incoming packets (i.e., from MAN or WAN). In other words on the level of the corporate gateway or firewall the egress term is applied to the information from Intranet to Internet and ingress term signifies the information from Internet to the Intranet (the latter also known as corporate LAN). In such usage, the L2 and L3 aspect of ports on the firewall (usually called under Cisco PIX-devices "outside" and "inside") is generally being neglected.

Summary: we discussed the Ingress and Egress concepts in their historical development as well as in their implication within different network levels. Under the listed circumstances it is thus advisable to interprete these terms in their context.

Expert Comment

Great information, thanks!

Expert Comment


Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Join & Write a Comment

In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month