CSCD 330 Network Programming Winter 2014 Lecture 17b Link Layer Protocols Who is this? Reading: Chapter 5 Some slides provided courtesy of J.F Kurose and K.W. Ross, All Rights Reserved, copyright 1996-2007 1
Overview Link Layer Hardware Hubs vs Switches vs Routers Ethernet ARP and MAC Addressing 2
LAN and Network Hardware
Shuttling Data at Different Layers Different devices switch different things Physical Layer: Electrical signals (repeaters and hubs) Link layer: Frames (bridges and switches) Network layer: Packets (routers) Application Transport gateway Router Bridge, switch Frame header Packet header TCP header User data Repeater, hub 4
Key Distinction Routers Forward based on IP headers 192.168.0.1 Switches/Bridges 00:13:02:BA:43:56 Forward based on MAC addresses Repeaters/Hubs Broadcast all bits 010101010101 5
6 Repeaters Length of cable used influence quality of communication Repeaters repeat signals Clean and boost digital transmission Analog networks use amplifiers to boost signal Repeaters only work with the physical signal Cannot reformat, resize, or manipulate the data Physical layer (layer 1) device
Repeaters (continued) 7
Repeaters (continued) 8
Hubs Generic connection device Operates at the Physical Layer Connect several networking cables together Active hubs Known as... Multiport repeaters Passive hubs Something that does not boost signal, just connects the wires 9
Hubs (continued) 10
11 Switches Operate at the Data Link layer Increases network performance Virtual circuits between source and destination Micro segmentation at the port level More complicated and expensive than hubs
Collision Domain Differs between Hubs and Switches What is a Collision Domain? Group of nodes in a network that compete with each other for access If two or more devices try to access network at exact same time, a collision will occur In switched environment, each transmitting-receiving pair of nodes is essentially its own collision domain, except that no collisions can occur, because there is no sharing of bandwidth In a hub, all nodes share bandwidth
13 Switches Switch Filter based on MAC addresses Build tables in memory Collision Domain Switch Hub
Switch Link-layer device, Level 2 Switch Store, forward Ethernet frames Examine incoming frame s MAC address, selectively forward frame to one-or-more outgoing links Transparent Important!!!!! Note that Hosts are unaware of presence of switches Operate at lower levels of protocol stack Plug-and-play, self-learning Switches do not need to be manually managed 5-14
Switches Advantages of Switches Increase available network bandwidth Reduced workload, computers only receive packets intended for them specifically Increase network performance Smaller collision domains 15
Switches Disadvantages of Switches More expensive than hubs and bridges Difficult to trace network connectivity problems through a switch 16
Switches (continued) 17
Bridges vs. Switches Whats the difference between a Bridge and a Switch? Bridge has only two ports and divides a collision domain into two parts. All decisions made by a bridge are based on MAC or Layer 2 addressing Thus, a bridge will divide a collision domain but has no effect on a logical or broadcast domain 18
Network Segmentation 19
20 Bridges vs. Switches Whats the difference between a Bridge and a Switch? A Switch is a fast, multi-port bridge, Can contain dozens of ports Rather than creating two collision domains, Each port creates its own collision domain Say... network of twenty nodes, twenty collision domains exist if each node is plugged into its own switch port
21 Bridges vs. Switch Bridges were most used when you had people on hubs,.. all packets going to all hosts Lots of collisions!!!!! A bridge allowed you to cheaply break your subnet into two physical networks that only interact when necessary, effectively cutting your collision domain in half. Nowadays switches are so cheap and so much more effective you don't see bridges much Mostly replaced bridges!!
22 Routers What does a router do? Provides filtering and network traffic control Used on LANs and WANs Connect multiple segments and networks Multiple routers create an internetwork Operate at the Network layer Layer 3 device
Routers Creates a table to determine how to forward packets Filtering and traffic control base on logical addresses, IP addresses 23
24 Differences Logical vs. Physical Look at the Differences Between Logical and Physical Addresses...
25 Physical Versus Logical Addresses MAC addresses Data Link layer Used by switches, bridges, and routers Used for directly connected devices Logical addresses, IP Network and transport protocols dictate the format of the logical network layer address TCP/IP, IPX/SPX (Novel Netware) IP addresses are assigned manually or by software
Physical Versus Logical Addresses 26
Ethernet
Ethernet History 1973 Xerox Corporation s Palo Alto Research Center developed bus topology Local Area Network (LAN) 1976, carrier sensing added, Xerox built 2.94 Mbps network to connect over 100 personal workstations on 1 km cable Network called Ethernet, named after ether, single coaxial cable used to connect machines "Ethernet" refers to product which predates IEEE 802.3 Standard But, nowadays any 802.3 compliant network is referred to as an Ethernet
Ethernet Who is this? Ethernet sketch Original Paper published in 1976 http://citeseerx.ist.psu.edu/viewdoc/download? doi=10.1.1.87.1052&rep=rep1&type=pdf 29
Robert (Bob) Metcalf Inventor of Ethernet Bob Metcalfe Helped build early Internet while still an undergraduate Invented Ethernet while at Xerox Palo Alto Research Center Founded 3Com Corp. Served as publisher at IDG's Infoworld Publishing Co. Wrote three books Since January 2001 has been a venture capitalist with Polaris Ventures Nice article on him if you want to read it http://electronicdesign.com/articles/index.cfm?ad=1&articleid=2855 30
802.3 Standard Project In 1980, (IEEE) started project 802 to standardize local area networks (LAN) IEEE wanted to put forward one standard IBM Token Ring, Token Bus and Ethernet were all contenders Eventually, Ethernet won and it became a standard in 1985 28 years ago! First standard was for 10 Mbps Entire list of Ethernet Standards http://en.wikipedia.org/wiki/ieee_802.3
Ethernet Terminology Physical Layer First number (10, 100, or 1000) transmission speed in megabits per second, Mbps Second term indicates transmission type BASE = baseband or BROAD = broadband Last number indicates segment length 5 means 500-meter (500-m) segment length from original Thicknet Recent versions, letters replace numbers For example, in 10BASE-T, T means unshielded twisted-pair cables Further numbers show number of twisted pairs available For example in 100BASE-T4, T4 indicates four twisted pair
Classical Ethernet Broadcast Classical Ethernet, is Broadcast Network Hosts connected to network through single shared medium If two nodes try to send at same time, Called collision and prevents any information passed along network Multiple messages would collide and corrupt each other
Early Ethernet 10Base5 and 10Base2 The initial Ethernet implementations used coaxial cable to connect the stations to each other Two forms of coaxial cable were used 10Base5 cable known as thick Ethernet 10Base2 also known as thin Ethernet
Ethernet Technology: First Attempt 10Base 2: under 656 ft cable length Thin coaxial cable in a bus topology 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes over a maximum distance of 1640 ft Repeaters used to connect multiple segments Repeater repeats bits it hears on one interface to its other interfaces: physical layer device only! Layer 1 device 35
36 Ethernet with Hubs 2 nd Attempt Next form of Ethernet 10BaseT with Hubs 10BaseT, used twisted pair wiring instead of coaxial 10BaseT could use Category 3 twisted pair wire Commonly already present in modern office buildings for telephone system Contributed hugely to Ethernet's popularity
Ethernet Technologies: Next Attempt 10BaseT and 100BaseT Hub(s) connected by twisted pair in star topology Distance of any node to hub < 326 ft 37
38 The 10Mb/s Ethernet Standard IEEE 802.3 Ethernet MAC Protocol 10Base-5 10Base-2 10Base-T 10Base-F Different physical layer options 10Base-5: Original Ethernet: large thick coaxial cable. 10Base-2: Thin coaxial cable version. 10Base-T: Voice-grade unshielded twisted-pair Category-3 telephone cable. 10Base-F: Two optical fibers in a single cable.
39 802.3u Fast Ethernet In 1995, IEEE adopted 802.3u Fast Ethernet standard Fast Ethernet is a 100 Mbps Ethernet standard With Fast Ethernet came full-duplex Ethernet Previously, Ethernets worked in half-duplex mode Two stations could transmit at the same time!
40 The 100Mb/s Ethernet Standard Fast Ethernet Different physical layer options Ethernet MAC Protocol 100Base-T4 100Base-TX 100Base-FX Up to 100m of cable per segment. 100Base-T4: Uses four pairs of voice grade Category-3 cable. 100Base-TX: Uses two pairs of data grade Category-5 cable. 100Base-FX: Uses two optical fibers.
41 The 1Gb/s Ethernet Standard June 1998 - Gigabit Ethernet defined in 802.3z 802.3z defines a network running at 1000 Mbps in half-duplex or full-duplex mode, over a variety of different network media Half duplex one speaks at a time Full duplex both can transmit/speak same time http://en.wikipedia.org/wiki/ieee_802.3
42 The 1Gb/s Ethernet Standard Gigabit Ethernet Ethernet MAC Protocol 1000Base-TX 1000Base-FX 1000Base-TX: Uses four pairs of data grade Category-5 cable. 1000Base-FX: Uses two optical fibers.
Ethernet Frame Structure Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame Preamble: 7 bytes with pattern 10101010 followed by one byte with pattern 10101011 Used to synchronize receiver, sender clock rates 5: DataLink Layer 5-43
Ethernet Frame Structure (more) Addresses: If adapter receives frame with matching destination address, or with broadcast address, it passes data in frame to network layer protocol, accepts the frame Otherwise, adapter discards frame What kind of addresses at this layer? MAC - Media Access Control Example: 00:13:02:BA:43:56 Type: Indicates higher layer protocol (mostly IP but others possible, e.g., Novell IPX) CRC: checked at receiver, if error is detected, frame is dropped 44
Use of Ethernet Switches Versus Hubs in a LAN Collisions with HubsSwitch and Hub Switch
CSMA/CD
CSMA/CD Protocol All hosts transmit & receive on one channel Packets are of variable size. When a host has a packet to transmit: 1. Carrier Sense: Check that the line is quiet before transmitting. 2. Collision Detection: Detect collision as soon as possible. If a collision is detected, stop transmitting; wait a random time, then return to step 1. binary exponential backoff 47
Ethernet CSMA/CD algorithm Carrier Sense Multiple Access/ Collision Detection Algorithm 1. NIC receives datagram from network layer, creates frame 2. If NIC senses channel idle, starts frame transmission If NIC senses channel busy, waits until channel idle, then transmits 3. If NIC transmits entire frame without detecting another transmission, NIC is done 48
Ethernet CSMA/CD algorithm 4. If NIC detects another transmission while transmitting, aborts and sends jam signal 5. After aborting NIC enters exponential backoff after mth collision, NIC chooses a K, small integer, at random from {0,1,2,,2 m -1} NIC then waits K 512 bit time, Returns to Step 2 More details follow 49
Ethernet CSMA/CD algorithm Features Transmitting station intentionally transmits a "jam sequence" to ensure all stations are notified the frame transmission failed due to a collision Station then remains silent for a random period of time before attempting to transmit again Repeats: Until frame is eventually transmitted successfully 50
Ethernet s CSMA/CD (more) Exponential Backoff Goal Adapt retransmission attempts to estimated current load Heavy load -> random wait will be longer and more varied First collision: Choose K from {0,1}; Delay is K 512 bit transmission times After second collision: Choose K from {0,1,2,3} After ten collisions, Choose K from {0,1,2,3,4,,1023} Set size grows Exponentially 51
Ethernet and Switches
Switches Again Layer 2 switching media access control address (MAC address) Each network interface cards (NICs) has a MAC address This address used to decide where to forward frames Layer 2 switching is hardware based, switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works Switch dynamically builds address table by using the MAC source address of the frames received When switch receives a frame for a MAC destination address not listed in its address table Floods frame to all LAN ports of same VLAN except port that received the frame When destination station replies, switch adds its relevant MAC source address and port ID to address table Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
Switch: Allows multiple simultaneous transmissions Hosts have dedicated, direct connection to switch Switches buffer packets Ethernet protocol used on each incoming link, no collisions AND full duplex Each link is its own collision domain Switching: A-to-A and B- to-b simultaneously, without collisions Not possible with dumb hub C B 6 5 A 1 2 3 4 A B C switch with six interfaces (1,2,3,4,5,6) 5: DataLink Layer 5-55
Switch Table Q: how does switch know that A reachable via interface 4, B reachable via interface 5? A: Each switch has switch table, each entry: MAC address of host, interface to reach host, time stamp Looks like a routing table! Q: how are entries created, maintained in switch table? Self-Learning C B 6 5 A 1 2 3 4 A B C switch with six interfaces (1,2,3,4,5,6) 5: DataLink Layer 5-56
Switch: self-learning Switch learns which hosts can be reached through which interfaces When frame received, switch learns location of sender: incoming LAN segment Records sender/location pair C MAC addr interface B TTL A 1 60 6 5 A 1 2 3 4 A B C Switch table (initially empty) 5-57
Switch: self-learning Source: A Dest: A Frame with Destination A' arrives at switch from interface 1 Two possibilities: 1. No entry in table, for A', Switch forwards frame to all interfaces except 1 - Entry for A' added 2. Entry in table, for A' interface of 4, frame would get forwarded C B 6 5 MAC addr interface TTL A 1 60 A' 4 60 A 1 2 3 4 A A A B C Switch table (initially empty) 5: DataLink Layer 5-58
Switches and CSMA/CD Do we need to use CSMA/CD on today's switched network? Collision domain has pretty much been relegated to history Hubs still use CSMA/CD, but if network uses Fast Ethernet switches, in full-duplex mode, then CSMA/CD no longer comes into play Full-duplex switches use separate wire pairs so switch port can send data to attached computer, while receiving data from that computer on another wire pair
Link Layer 5.1 Introduction and services 5.2 Error detection and correction 5.3Multiple access protocols 5.4 Link-Layer Addressing 5.6 Link-layer switches 60
Topics LAN Addressing Arp Protocol
MAC Addresses Network Layer 32-bit IP address Network-layer address, dotted decimal Ex.: 146.187.130.76 To route datagram to destination machine MAC (or LAN or physical or Ethernet) Address MAC stands for Media Access Control 48 bit MAC address (for most LANs) Burned in NIC ROM, also sometimes software settable 24 bits set for manufacturer, Ex.: 00:E0:B8:9C:A6:60 24 bits for NIC adapter 62
MAC Address Why would you want to change your MAC address? Many reasons... 1. To get around MAC address filtering of wireless routers. You sniff for Mac address of someone already on network, then change your Mac address to one that's acceptable Why filtering by Mac address is not very secure!! 2. To keep a burned-in MAC address out of IDS and security logs, keeps deviant behavior from being connected to hardware 3.To pull off a denial of service attack, assume MAC of gateway to a subnet... lots of WiFi routers will lock up if a client tries to connect with the same MAC as router's BSSID
Change Your MAC Address How to change your MAC address Windows XP/2000/Vista Use regedit to edit registry or use a utility Mac Makeup, http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp MadMACs http://www.irongeek.com/i.php?page=security/ madmacs-mac-spoofer Smac - http://www.klcconsulting.net/smac/ Etherchange - http://ntsecurity.nu/toolbox/etherchange/ Linux $ ifconfig eth0 down hw ether 00:00:00:00:00:01 $ ifconfig eth0 up http://www.irongeek.com/i.php?page=security/changemac
LAN Addresses Each adapter on LAN has unique LAN address except for Broadcast address which is FF-FF-FF-FF-FF-FF 1A-2F-BB-76-09-AD 71-65-F7-2B-08-53 LAN (wired or wireless) 58-23-D7-FA-20-B0 = adapter 0C-C4-11-6F-E3-98 65
LAN Address MAC address allocation administered by IEEE Manufacturer buys portion of MAC address space (to assure uniqueness) Table: http://standards.ieee.org/regauth/oui/oui.txt Analogy: (a) MAC address like Social Security Number Take it with you (b) IP address like postal address, Changes when you move Flat MAC address increases Portability Can move LAN card from one LAN to another IP hierarchical address NOT portable Address depends on IP subnet to which node is attached Must change IP address if move to a different subnet 66
ARP: Address Resolution Protocol Question: How to determine MAC address of B knowing B s IP address? 137.196.7.23 1-65-F7-2B-08-53 A 137.196.7.88 LAN 137.196.7.78 1A-2F-BB-76-09-AD 137.196.7.14 58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98 B Each IP node on LAN has ARP table ARP table: IP/MAC address mappings for some LAN nodes < IP address; MAC address; TTL> TTL (Time To Live): time after which address mapping discarded Varies 1 to 20 minutes on average 67
ARP Cache For every outgoing packet sending ARP request and wait for response is inefficient Requires more bandwidth Consumes Time So, ARP cache maintained at each node Size limit = 512 entries
ARP Protocol: Same LAN A wants to send datagram to B, and B s MAC address not in A s ARP table A broadcasts ARP query packet, containing B's IP address Shouts to everyone on LAN!!! Destination MAC address = FF-FF-FF-FF-FF-FF All machines on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address Frame sent to A s MAC address (unicast) 69
Types of ARP Messages ARP request ARP reply Who is IP addr X.X.X.X tell IP addr Y.Y.Y.Y IP addr X.X.X.X is Ethernet Address hh:hh:hh:hh:hh:hh
ARP Protocol: Same LAN A caches (saves) IP-to-MAC address pair Called: ARP table until information becomes old Eventually Times out ARP table keeps Soft state information that times out unless refreshed ARP is plug-and-play Nodes create their ARP tables without intervention from, you, the network administrator
ARP Protocol: Routing to another LAN Walkthrough: Send datagram from A to B via router, R Assume A knows B s IP address 74-29-9C-E8-FF-55 A 111.111.111.111 E6-E9-00-17-BB-4B 1A-23-F9-CD-06-9B 88-B2-2F-54-1A-0F 222.222.222.221 111.111.111.112 CC-49-DE-D0-AB-7D 222.222.222.220 111.111.111.110 R 222.222.222.222 B 49-BD-D2-C7-56-2A Two ARP tables in router R, one for each IP network (LAN) Routers have several NIC's Network Interface Cards 72
ARP Protocol example continued A creates IP datagram with source A, destination B A uses ARP to get R s MAC address for 111.111.111.110 A creates link-layer frame with R's MAC address as destination, frame contains A-to-B IP datagram A s NIC sends frame R s NIC receives frame R removes IP datagram from Ethernet frame, sees its destined to B R uses ARP to get B s MAC address R creates frame containing A-to-B IP datagram sends to B 74-29-9C-E8-FF-55 A 111.111.111.111 E6-E9-00-17-BB-4B 1A-23-F9-CD-06-9B 88-B2-2F-54-1A-0F 222.222.222.221 111.111.111.112 111.111.111.110 222.222.222.220 R 222.222.222.222 B 49-BD-D2-C7-56-2A CC-49-DE-D0-AB-7D 73
Summary Ethernet highly successful LAN technology Simple, cheap and adaptable Can adapt to new faster underlying medium Hubs, Switches and Routers Good to know what each does Hubs and switches at Link Layer Router at higher layer 74
End Due: Final given out Friday, March 14 th 75
1
2
4
14
Differences Logical vs. Physical Look at the Differences Between Logical and Physical Addresses... 24
29
38
39
40
41
42
43
44
45
46
47
48
51
Switches Again Layer 2 switching media access control address (MAC address) Each network interface cards (NICs) has a MAC address This address used to decide where to forward frames Layer 2 switching is hardware based, switches use application-specific integrated circuit (ASICs) to build and maintain tables 53
How Switching Works Switch dynamically builds address table by using the MAC source address of the frames received When switch receives a frame for a MAC destination address not listed in its address table Floods frame to all LAN ports of same VLAN except port that received the frame When destination station replies, switch adds its relevant MAC source address and port ID to address table Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports 54
55
56
57
58
60
62
65
66
67
69
70
72
73