Ethernet Basics based on Chapter 4 of CompTIA Network+ Exam Guide, 4 th ed., Mike Meyers
Ethernet Basics History Ethernet Frames CSMA/CD Obsolete versions 10Mbps versions Segments Spanning Tree Protocol
Ethernet Early History 1970: ALOHAnet, first wireless packet-switched network - Norman Abramson, Univ. of Hawaii - Basis for Ethernet s CSMA/CD protocol - 1972: first external network connected to ARPANET 1973: Ethernet prototype developed at Xerox PARC - (Palo Alto Research Center) - 2.94 Mbps initially 1976: "Ethernet: Distributed Packet Switching for Local Computer Networks" published in Communications of the ACM. - Bob Metcalfe and David Boggs - sometimes considered the beginning of Ethernet
Ethernet goes Mainstream 1979: DEC, Intel, Xerox collaborate on a commercial Ethernet specification - Ethernet II, a.k.a. DIX Ethernet - (Digital Equipment Corporation) 1983: IEEE 802.3 specification formally approved - Differs from Ethernet II in the interpretation of the third header field 1987: alternatives to coaxial cables - IEEE 802.3d: FOIRL, Fiber Optic Inter-Repeater Link - IEEE 802.3e: 1 Mbps over Twisted Pair wires (whoopee!) 1990: Twisted-Pair wiring takes over - IEEE 802.3i: 10 Mbps over Twisted-Pair 10Base-TX, 10Base-T4
the Future is Now (next chapter) (and Now is so Yesteryear ) 1995 Now: speed and cabling improvements 1995: 100Mbps varieties 1999: 1Gbps on twisted-pair 2003-2006: 10Gbps on optical fiber and UTP 2010: 40Gbps, 100Gbps (802.3ba) - optical fiber or twinaxial cable - point-to-point physical topology; for backbones 2016, September: 2.5GBase-T, 5GBase-T? - who knows?
What Is Ethernet? Protocols, standards for Local Area Networks» Ethernet II, IEEE 802.3 Specifies Physical-layer components - Cabling, signaling properties, etc. - Numerous variations Specifies Datalink-layer protocols - Media Access Control (MAC) lower Datalink sublayer, interfaces to the Physical layer» IEEE 802.3 - Logical Link Control (LLC) upper Datalink sublayer, common interface to the Network layer» IEEE 802.2
Ethernet's relation to OSI 802.2 802.3
802.3 - The Early Variations
Ethernet and Cabling the Coaxial Era Coaxial cable true shared medium - i.e. physical bus topology - Every node hears all transmissions Requires a logical bus topology - Nodes must take turns transmitting CSMA/CD protocol coordinates transmissions
10Base5 1983: IEEE 802.3 - The original form Thick coax cable - RG-8/U or RG-11 specified - half-inch diameter Vampire tap connection punctures insulation to make electrical connections 10Base5 : - 10: 10 Mbps - Base: Baseband signaling - 5: 500 meters length
10Base2 1985: IEEE 802.3a - Physical update for cheaper cabling Thin coax cable - RG-58a/u - 5mm diameter - electrically compatible with thick coax BNC connectors allow easy disconnection, reconnection 10Base2 : - 10: 10 Mbps - Base: Baseband signaling - 2: 200m (actually 185m)
After Coax Twisted Pair takes over 10Base-T (IEEE 802.3i, 1990) - Twisted-Pair cables» Cheaper, easier to use than coax - 100m maximum length 100Base-T (IEEE 802.3u, 1995) - Fast Ethernet - 100Base-T4: Cat3, 4 pairs used - 100Base-TX: Cat5, 2 pairs used Full Duplex (IEEE 802.3x, 1997) - Applies to 100BaseT and later Physical star, but Ethernet is still a bus-oriented protocol
Ethernet on Optical Fiber Alternate, longer-distance media extend Ethernet's reach 10Base-FL (IEEE 802.3j, 1993) - 10Mbps, multimode optical fiber - 2000m maximum length - Not common 100Base-FX (IEEE 802.3u, 1995) - Fast Ethernet - 100Base-FX: multimode optical fiber Point-to-point physical topology
Specialized Media Twinax - heavily shielded cable - used for short, highspeed applications Backplane - intra-chassis connections - high speed 40 Gbps, 100 Gbps
Common to All Variations Frame format, Behavior
the Ethernet frame format Preamble: 10101010.. 10101011 Dest. MAC 6 octets Src. MAC 6 octets Type / length 2 octets Payload 0..1500 octets Padding? 46..0 octets FCS 4 octets IFG: 96 bittimes Ethernet II header contains: - 6 octets: destination MAC address - 6 octets: source MAC address - 2 octets: payload-type field 802.3 differs in the third field: - payload length instead of type 0-1500 octets: Payload, supplied by a higher protocol layer - Could be 802.2 - could be layer 3-46-0 octets: Padding w/ 0-bytes to insure minimum frame length 4 octets: Ethernet footer contains FCS (Frame Check Sequence) - a CRC checksum Physical frame starts with an 8-octet preamble consisting of 1010 10101011-10Mbs versions only Maximum frame length is 1518 octets - including the FCS - excluding the preamble Minimum length is 64 octets - assures collision detection Physical frame is followed by an IFG, InterFrame Gap - no signal transitions - 96 bit-times in duration
Ethernet Addresses Also called MAC addresses, hardware or physical addresses, or Layer 2 addresses 6 octets long - an octet refers to a byte and is used in networking First three octets refer to the manufacturer or vendor Last three octets must be unique within a mfr/vendor Written as 6 pairs of hexadecimal digits - separated by colon or dash Examples: - 00:1a:6b:4e:3f:1b» Linux - 40-A8-F0-A2-DD-CE» Windows Broadcast address: ff:ff:ff:ff:ff:ff - As a destination, this means send to all available nodes
wireshark activity start wireshark Display filter eth.type - Any types other than 0x0800? - What layer-3 protocol(s)? Display filter: eth.len - Observe layer-2 protocol(s) - What payload(s)? Display filter: eth.addr==<your MAC address> - What traffic is coming from, going to your machine?
802.3 with 802.2, versus Ethernet II lower: an 802.3 frame 802.3 length 1500 - specifies payload length; always 1500 - includes 802.2 headers Ethernet II type > 1500 lower: an Ethernet II frame - specifies a type value >1500 (0x0600)» viz., IP is type 0x0800
Ethernet II frame
802.3 frame Wireshark identifies this as an 802.3 frame based on the value of the 3 rd field - 38 1500 802.3 payload includes 802.2 headers - DSAP, SSAP, etc. 802.2 payload is Spanning Tree Protocol All these are Datalinklayer protocols
So, how does the NIC determine where a frame ends? Variable frame length must be detected by hardware 10Base5, 10Base2 standards: - NIC detects end of signal - absence of current 10Base-T: - NIC listens for a special TP_IDL signal on the wire, followed by InterFrame Gap 100Base-T, GigE, 10GigE: - 4B/5B encoded start-of-frame signals and end-offrame signals replace preamble and TP_IDL
10BaseT: The FCS and TP_IDL signal
CSMA / CD Carrier-Sense Multiple Access with Collision Detection Multiple Access: more than one node can transmit on the shared medium Carrier-Sense: a NIC that wants to transmit must first listen for an active transmission - if it doesn t hear an idle carrier signal it backs off and waits before trying again Collision Detection: if a NIC hears interference while it is transmitting, it knows that a collision with another transmission has occurred Colliding nodes attempt to re-transmit using an Exponential Backoff approach
Collisions and Exponential Backoff When a NIC detects a collision, it: - transmits at least 64 bytes, then stops - waits a fixed amount of time - repeats the CSMA/CD attempt If a second collision occurs, it waits twice as long If a third collision, wait twice as long again This gives exponentially-increasing wait times - After 10 collisions the wait remains constant - After 16 collisions, the attempt is abandoned
What Exponential Backoff looks like X-axis: number of collisions Y-axis: relative waiting time
Segments and Collision Domains All the nodes sharing a cable form a segment The segment defines a collision domain - Frames on a segment can collide with each other These two segments form separate collision domains
Extended Collision Domains A repeater, such as this one, connects two segments into a single collision domain - Frames on either segment can collide with others. Hubs (a.k.a. multi-port repeaters) do the same thing, with multiple segments Switches don't they keep collision domains separate
(other definitions of segment ) "Segment" also has other meanings Related meanings in Ethernet: - "Segment" and "Collision Domain" are sometimes used interchangeably. - A "Segment" can refer to a "Broadcast Domain". Unrelated meanings in the TCP/IP world: - "Segment" refers to a "protocol data unit" at the Transport layer of the OSI or TCP/IP stack.» versus "frame" which refers to a protocol data unit at the Datalink and Physical layers viz., Ethernet frame - "Segment" can mean an IP subnetwork.
Hubs and Extended Collision Domains A repeater (or hub) joins two (or more) segments These segments share a common collision domain - The hub will broadcast all frames, as if the two segments were one
The (Obsolete) 5-4-3 Rule The 5-4-3 rule (or 5-4-3-2-1 rule) - 5 segments (cables) - connected by 4 repeaters - 3 active segments (i.e., with transmitting nodes) - 2 passive segments Single Collision Domain (Not important in switched networks )
how big can a collision domain be? 5-4-3 rule limits amount of cable in use How far apart could two computers be, using 10Base5 cable? How far apart could two computers be, using 10Base2 cable?
10Base-T uses Hubs A 10Base-T cable connects one host to a hub Hubs can have dozens of ports, each connected to a separate host Hubs are OSI layer-1 devices, no smarts built in - Ports are logically interconnected
10Base-T and Collision Domains Hubs are multiport repeaters - 5-4-3 rule still applies - Shorter cables mean smaller collision domains All nodes in the network on the right are in the same collision domain Optical fiber (10Base-FL) permits much collision domains to cover more distance
Ethernet Switches Switches are physically similar to hubs Each cable between a host and a switch is a separate Ethernet segment - Only two nodes (host and switch) on each segment, so collisions are not much of a problem Switch must be smart enough and fast enough to act like a separate node on each of its ports - More expensive than a hub - Switches were very uncommon in 10Base-T
Switches versus Hubs Switches don't echo all frames to all segments, so each segment is a separate collision domain - Switches are Layer-2 devices Broadcast frames are sent to all segments - Segments connected to the switch form a Broadcast Domain Collisions don't occur between broadcast frames, because the switch sends them one at a time
Hubs, Switches, and Collision Domains Switches form separate collision domains
Hubs, Switches, and Broadcast Domains Switches maintain a single broadcast domain - Hubs and switches both copy broadcast frames to all other ports
The Switch In a Wireless Router Wireless router includes a router, a switch, and a Wireless Access Point (WAP) Router functionality in the CPU Virtual LAN (VLAN) connects WAP and switch's internal ports Another VLAN connects WAN port to router