2016-09-24
Ethernet Basics
based on Chapter 4 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Ethernet Basics
• History
• Ethernet Frames
• CSMA/CD
• Obsolete versions
• 10Mbps versions
• Segments
1 2016-09-24
Ethernet – Early History
• 1970: ALOHAnet, first wireless packet-switched network - Norman Abramson, Univ. of Hawaii - Basis for Ethernet’s CSMA/CD protocol - 1972: first external network connected to ARPANET
• 1973: Ethernet prototype developed at Xerox PARC - (Palo Alto Research Center) - 2.94 Mbps initially
• 1976: "Ethernet: Distributed Packet Switching for Local Computer Networks" published in Communications of the ACM. - Bob Metcalfe and David Boggs - sometimes considered “the beginning of Ethernet”
Ethernet goes Mainstream
• 1979: DEC, Intel, Xerox collaborate on a commercial Ethernet specification
- Ethernet II, a.k.a. “DIX” Ethernet - (Digital Equipment Corporation)
• 1983: IEEE 802.3 specification formally approved
- Differs from Ethernet II in the interpretation of the third header field
• 1987: alternatives to coaxial cables
- IEEE 802.3d: FOIRL, Fiber Optic Inter-Repeater Link
- IEEE 802.3e: 1 Mbps over Twisted Pair wires (whoopee!)
• 1990: Twisted-Pair wiring takes over
- IEEE 802.3i: 10 Mbps over Twisted-Pair – 10Base-TX, 10Base-T4
2 2016-09-24
the Future is Now (next chapter)
(and Now is so Yesteryear…) 1995 – Now: speed and cabling improvements
• 1995: 100Mbps varieties
• 1999: 1Gbps on twisted-pair
• 2003-2006: 10Gbps on optical fiber and UTP
• 2010: 40Gbps, 100Gbps (802.3ba)
- optical fiber or twinaxial cable
- point-to-point physical topology; for backbones
• 2016, September: 2.5GBase-T, 5GBase-T ?
- who knows?
What Is Ethernet?
• Protocols, standards for Local Area Networks » Ethernet II, IEEE 802.3
• Specifies Physical-layer components
- Cabling, signaling properties, etc.
- Numerous variations
• Specifies Datalink-layer protocols
- Media Access Control (MAC) – lower Datalink sublayer, interfaces to the Physical layer » IEEE 802.3
- Logical Link Control (LLC) – upper Datalink sublayer, common interface to the Network layer » IEEE 802.2
3 2016-09-24
Ethernet (802.3) relation to OSI
802.2
802.3 - The Early Variations
4 2016-09-24
Ethernet and Cabling – the Coaxial Era
• 10Base5 (standard IEEE 802.3, 1983)
• 10Base2 (standard IEEE 802.3a, 1985)
• Physical bus topology required a logical bus topology
• CSMA/CD protocol used in the Collision Domain
10Base5
• 1983: IEEE 802.3
- The original form
• “Thick coax” cable
- RG-8/U or RG-11 specified
- half-inch diameter
• “Vampire tap” connection punctures insulation to make electrical connections
• “10Base5”:
- 10 Mbps
- Baseband signaling
- 500 meters maximum length
5 2016-09-24
10Base2
• 1985: IEEE 802.3a - Physical update for cheaper cabling
• “Thin coax” cable - RG-58a/u - 5mm diameter - electrically compatible with thick coax
• BNC connectors allow easy disconnection, reconnection
• “10Base2”: - 10 Mbps - Baseband signaling - 200 meters maximum length (actually 185m)
Out of the Coaxial Era - Twisted Pair takes over
• 10Base-T (IEEE 802.3i, 1990)
- Twisted-Pair cables » Cheaper, easier to use than coax
- 100m maximum length
• 100Base-T (IEEE 802.3u, 1995)
- “Fast Ethernet”
- 100Base-T4: Cat3, 4 pairs used
- 100Base-TX: Cat5, 2 pairs used
• Full Duplex (IEEE 802.3x, 1997)
- Applies to 100BaseT and later
• Physical star, but Ethernet is still a bus-oriented protocol
6 2016-09-24
Ethernet on Optical Fiber
• Alternate, longer-distance media extend Ethernet's reach
• 10Base-FL (IEEE 802.3j, 1993)
- 10Mbps, multimode optical fiber
- 2000m maximum length
- Not common
• 100Base-FX (IEEE 802.3u, 1995)
- “Fast Ethernet”
- 100Base-FX: multimode optical fiber
• Point-to-point physical topology
Specialized Media
• Twinax - heavily shielded cable - used for short, high- speed applications
• Backplane - intra-chassis connections - high speed – 40 Gbps
7 2016-09-24
Common to All Variations
Frame format, Behavior
the Ethernet frame format
Preamble: Dest. Src. MAC Type / Payload Padding? FCS IFG: 10101010 MAC length 96 bit- .. 46..0 0..1500 4 times 10101011 6 octets 6 octets 2 octets octets octets octets
• Ethernet II header contains: • Physical frame starts with an - 6 octets: destination MAC address 8-octet preamble consisting of - 6 octets: source MAC address 1010…10101011 - 2 octets: payload-type field - 10Mbs versions only
• 802.3 differs in the third field: • Maximum frame length is 1518 - payload length instead of type octets • 0-1500 octets: Payload, - including the FCS supplied by a higher protocol layer - excluding the preamble - Could be 802.2 - could be layer 3 • Minimum length is 64 octets - 46-0 octets: Padding w/ 0-bytes to insure - assures collision detection minimum frame length • Physical frame is followed by an IFG, • 4 octets: Ethernet footer contains InterFrame Gap FCS (Frame Check Sequence) - no signal transitions - a CRC checksum - 96 bit-times in duration
8 2016-09-24
Ethernet Addresses
• Also called MAC addresses, • Written as 6 pairs of hardware or physical hexadecimal digits addresses, or Layer 2 - separated by colon or dash addresses • Examples: • 6 octets long - 00:1a:6b:4e:3f:1b - an “octet” refers to a » Linux “byte” and is used in - 40-A8-F0-A2-DD-CE networking » Windows • First three octets refer to the manufacturer or • Broadcast address: vendor ff:ff:ff:ff:ff:ff - As a destination, this • Last three octets must be means “send to all unique within a mfr/vendor available nodes”
wireshark activity
• start wireshark
• Display filter eth.type
- Any types other than 0x0800?
- What layer-3 protocol(s)?
• Display filter: eth.len
- Observe layer-2 protocol(s)
- What payload(s)?
• Display filter: eth.addr==
- What traffic is coming from, going to your machine?
9 2016-09-24
Ethernet II versus
802.3 with 802.2 Ethernet II 802.3 type > 1500 length < 1500
• left: an Ethernet II frame specifies a type, and leaves the next layer to find the data’s end - all types are values greater than 1500 (0x0600) » viz., IP is type 0x0800
• right: an 802.3 frame specifies the payload length, and includes 802.2 headers - length is always 1500 or less
Ethernet II frame
2016- 09-24
10 2016-09-24
802.3 frame, with 802.2 headers
• This frame shows 802.3 and 802.2 headers.
• This also shows the FCS (checksum) field, which Wireshark thinks is incorrect.
2016- 09-24
So, how does the NIC determine where a frame ends?
• Ethernet II frame doesn’t specify its overall length
• 10Base5, 10Base2 standards:
- NIC detects end of signal - absence of current
• 10Base-T:
- NIC listens for a special TP_IDL signal on the wire, followed by InterFrame Gap
• 100Base-T, GigE, 10GigE:
- 4B/5B encoded “start-of-frame signals” and “end-of- frame signals” replace preamble and TP_IDL
11 2016-09-24
10BaseT: The FCS and TP_IDL signal
CSMA / CD
• Carrier-Sense Multiple Access with Collision Detection
• Multiple Access: more than one node can transmit on the shared medium
• Carrier-Sense: a NIC that wants to transmit must first listen for an active transmission - if it doesn’t hear an idle “carrier signal” it backs off and waits before trying again
• Collision Detection: if a NIC hears interference while it is transmitting, it knows that a collision with another transmission has occurred
• Colliding nodes attempt to re-transmit using an “Exponential Backoff” approach
12 2016-09-24
Collisions and Exponential Backoff
• When a NIC detects a collision, it:
- transmits at least 64 bytes, then stops
- waits a fixed amount of time
- repeats the CSMA/CD attempt
• If a second collision occurs, it waits twice as long
• If a third collision, wait twice as long again
• This gives exponentially-increasing wait times
- After 10 collisions the wait remains constant
- After 16 collisions, the attempt is abandoned
What Exponential Backoff looks like
• X-axis: number of collisions
• Y-axis: relative waiting time
13 2016-09-24
Segments and Collision Domains
• All the nodes sharing a cable form a segment
• The segment defines a collision domain
- Frames on a segment can collide with each other…
These two segments form separate collision domains
Extended Collision Domains
• A repeater, such as this one, connects two segments into a single collision domain - Frames on either segment can collide with others.
• Hubs (a.k.a. multi-port repeaters) do the same thing, with multiple segments
• Switches don't – they keep collision domains separate
14 2016-09-24
(other definitions of “segment”)
• "Segment" may have other meanings…
• Related meanings in Ethernet:
- "Segment" and "Collision Domain" are sometimes used interchangeably.
- A "Segment" can refer to a "Broadcast Domain".
• Unrelated meanings in the TCP/IP world:
- "Segment" refers to a "protocol data unit" at the Transport layer of the OSI or TCP/IP stack. » versus "frame" which refers to a protocol data unit at the Datalink and Physical layers – viz., Ethernet frame
- "Segment" can mean an IP subnetwork.
Hubs and Extended Collision Domains
• A repeater (or hub) joins two (or more) segments
• These segments share a common collision domain - The hub will broadcast all frames, as if the two segments were one
15 2016-09-24
The (Obsolete) 5-4-3 Rule
• The “5-4-3” rule (or “5-4-3-2-1” rule) - ≤ 5 segments (cables) - connected by ≤ 4 repeaters - ≤ 3 active segments (i.e., with transmitting nodes) - 2 passive segments
• Single Collision Domain
• (Not important in switched networks…)
2016- 09-24 how big can a collision domain be?
• 5-4-3 rule limits amount of cable in use
• How far apart could two computers be, using 10Base5 cable?
• How far apart could two computers be, using 10Base2 cable?
16 2016-09-24
10Base-T and Hubs
• 10Base-T cables connect one host to a hub
• Hubs can have dozens of ports, each connected to a separate host
• Hubs are OSI layer-1 devices, no smarts built in
- Ports are logically interconnected
2016- 09-24
10Base-T and Collision Domains
• Hubs are multiport repeaters - 5-4-3 rule still applies - Shorter cables mean smaller collision domains
• All nodes in the network on the right are in the same collision domain
• Optical fiber (10Base-FL) permits much larger collision domains
2016- 09-24
17 2016-09-24
Ethernet Switches
• Switches are physically similar to hubs
• Each cable between a host and a switch is a separate Ethernet segment
- Only two nodes (host and switch) on each segment, so collisions are not much of a problem
• Switch must be smart enough – and fast enough – to act like a separate node on each of its ports
- More expensive than a hub
- Switches were very uncommon in 10Base-T
Switches versus Hubs
• Switches don't echo all frames to all segments, so each segment is a separate collision domain
- Switches are Layer-2 devices
• Broadcast frames are sent to all segments
- Segments connected to the switch form a Broadcast Domain
• Collisions don't occur between broadcast frames, because the switch sends them one at a time
18 2016-09-24
Hubs, Switches, and Collision Domains
• Switches form separate collision domains
2016- 09-24
Hubs, Switches, and Broadcast Domains
• Switches maintain a single broadcast domain - Hubs and switches both copy broadcast frames to all other ports
2016- 09-24
19 2016-09-24
The Switch In a Wireless Router
• Wireless router includes a router, a switch, and a Wireless Access Point (WAP)
• Router functionality in the CPU
• Virtual LAN (VLAN) connects WAP and switch's internal ports
• Another VLAN connects WAN port to router
Simulations of NICs, Hubs, CSMA/CD, Switches
• Web Link:
- NIC behavior: https://montcs.bloomu.edu/Networking/Simulations/T omsho/nic.swf
- Hub behavior: https://montcs.bloomu.edu/Networking/Simulations/T omsho/hub.swf
- CSMA/CD: https://montcs.bloomu.edu/Networking/Simulations/T omsho/csmacd.swf
- switch behavior: https://montcs.bloomu.edu/Networking/Simulations/T omsho/switch.swf
20