DOCSLIB.ORG

Macsec Fundamentals TABLE of CONTENTS

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Macsec Fundamentals TABLE of CONTENTS SECURE NETWORKING MACsec Fundamentals TABLE OF CONTENTS Introduction - 3 Overview - 3 What are typical use cases for MACsec? - 4 The OSI model for communication - 5 Data Link Layer Functions - 7 Link Layer Vulnerabilities - 8 Physical security- 9 MACsec Security Properties - 9 Hop-by-hop security architecture - 9 Connectionless data integrity- 10 Data origin authenticity - 10 Confidentiality - 10 Replay protection - 10 Bounded receive delay - 10 MACsec protocol process - 11 Control plane: MACsec authentication - 12 Data plane: MACsec data encryption - 12 Inside Secure Solutions - 12 About Inside Secure - 14 For more information: - 15 Terminology - 15 3 INTRODUCTION This document is a high level introduction to the MACsec (Media Access Control Security) protocol. OVERVIEW Until recently, most network security has been focused on neutralizing external threats to an enterprise. Enterprises were mainly concerned with securing the network from outside attackers. In today’s constantly changing enterprise environment, the source of a large number of threats has reversed direction to data and privacy breaches internal to the enterprise. As network access expands to consultants, contractors, and even guests, network security behind external firewalls has become a top priority. MACsec is an IEEE 802 standard that specifies how encryption may be used at Link Layer level to secure links behind external firewalls on a Ethernet Local Area Network (LAN). MACsec can be used on a Metropolitan Area Network (MAN) and in some cases even a Wide Area Network (WAN). As encryption-based security is more and more often required by organizations and governments, MACsec and its capability to provide such a network-wide encryption- based security rather than providing it for each application, stands as the most relevant means to achieve such a level of security. HIPAA, PCI, Sarbanes-Oxley, Basel-II and the FDA among others have already adopted MACsec for securing their networks. 4 WHAT ARE TYPICAL USE CASES FOR MACSEC? The need to prevent costly data breaches within the physical network infrastructure of routers, bridges, and switches, as well as across a range of connected devices, such as IP phones, laptops, PC’s, printers, and network servers is becoming increasingly important. In a Local Area Network, any connected devices can listen to broadcast messages sent by any other connected device. That should give an indication of how easily a maliciously connected device can disturb communication over this network: • IP phones used in an office may interact with the network • Security cameras on the wall of a building may be access points to a network When MACsec is in use, only authenticated peers are able to connect to the network and all local attacks that “trick” switches and routers to redirect network traffic to attacker machines do not work if MACsec is enabled. 5 THE OSI MODEL FOR COMMUNICATION The “Link Layer level” refers to the second layer (“Layer 2”) of ISO-compliant OSI model for communication in a network – “OSI” standing for “Open Systems Interconnection”. Each of the 7 steps of the communication process from signalling (physical electronic signal emitting) up to application execution includes the definition of specific interfaces, specific services to be performed and specific protocols to be used to establish communication. During the process from the sender to the receiver, data is encoded/decoded into frames, formatted, segmented and encapsulated. If we consider communication from a bottom up point of view where the physical layer is the starting point : • Layer 1 is the physical layer where electric signals are encoded into bits following patterns described in protocols such as USB or Bluetooth and conveyed through interfaces such as USB ports. • Layer 2 is the data link layer (shortened into “Link layer”): it deals with finding the legitimate physical address (MAC addresses) where to send the data: IP addresses are converted into MAC addresses via a CAM table, according to the Address Resolution Protocol (ARP). Note CAM table vulnerability: when the table is full, by default all ports are open. • Layer 3 is the network layer: it deals with data routing through the many nodes 6 of the network and takes into account priorities. • Layer 4 is the transport layer: it deals with identifying the proper service on the receiver side to process the data, represented by a port number (TCP protocol). • Layer 5 is the session layer: it deals with the timing of a connection while data is being transfered, including coordination. • Layer 6 is the presentation layer: it deals with the format of data that is conveyed, so that it can be understood at both ends of the communication chain. • Layer 7 is the application layer: it deals with the tools (like software) required by the user to work, like graphic display. DATA LINK LAYER FUNCTIONS 7 The following are the key tasks performed at the data link layer: • Logical Link Control (LLC): Logical link control refers to the functions required for the establishment and control of logical links between local devices on a network. This is usually considered a data Link Layer sublayer; it provides services to the network layer above it and hides the rest of the details of the data Link Layer to allow different technologies to work seamlessly with the higher layers. Most local area networking technologies use the IEEE 802.2 LLC protocol. • Media Access Control (MAC): This refers to the procedures used by devices to control access to the network medium. Since many networks use a shared medium (such as a single network cable, or a series of cables that are electrically connected into a single virtual medium) it is necessary to have rules for managing the medium to avoid conflicts. For example, Ethernet uses the CSMA/CD method of media access control, while Token Ring uses token passing. • Data Framing: The data Link Layer is responsible for the final encapsulation of higher-level messages into frames that are sent over the network at the physical layer. MACsec “encapsulates” the data – so it is application agnostic. • Addressing: The data Link Layer is the lowest layer in the OSI model that is concerned with addressing: labeling information with a particular destination 8 location. Each device on a network has a unique number, usually called a hardware address or MAC address, that is used by the data link layer protocol to ensure that data intended for a specific machine gets to it properly. • Error Detection and Handling: The data Link Layer handles errors that occur at the lower levels of the network stack. For example, a cyclic redundancy check (CRC) field is often employed to allow the station receiving data to detect if it was received correctly. LINK LAYER VULNERABILITIES If Layer 2 security has not been adequately addressed, the layer can be a very weak link indeed while conveying packets from the physical layer to the network layer (see Figure 4 - Frame formatting), and upper layer security mechanisms may not be able to detect that communication is compromised. Examples of Layer 2 vulnerabilities : • ARP cache poisoning: false ARP replies cause false entries in ARP table (which converts an IP address into a MAC address) • MAC flooding: Fixed-size CAM tables at switches filled with false MAC addresses in forged ARP packets • Port stealing: forged ARP packets with host’s MAC address source cause race condition in a switch. • Broadcasting attack: Spoofed ARP replies set router MAC address as broadcast address -> all outbound traffic broadcasted. • Denial of Service: ARP caches filled with non-existent MAC addresses. • MAC cloning: Legitimate host rendered inoperable by Denial of Service attack, then its IP and MAC used by the attacker • Hijacking attack: Gaining control of e.g. Telnet session after login • Eaves dropping e.g. directly from the fiber 9 PHYSICAL SECURITY Layer 2 security is too often based on the physical security of the equipment location, on trust in users or on configuration: physical port on switch tied to MAC address, static ARP entries, etc... As soon as you need to use your hardware device in publicly accessible locations, you no longer havve the benefit of your usual environment, and your device is at risk for data breaches, for instance while connecting to a cell tower. A MACsec-equipped device is less likely to let its data be captured as it requires mutual authentication when connecting to a network, as described in next chapter. MACSEC SECURITY PROPERTIES The MACsec protocol provides the following functionalities : Hop-by-hop security architecture MACSec helps secure the network from the inside by securing data exchange on a hop-by-hop basis. A “hop-by-hop” security architecture means that data is secured from one node of a network to another consecutive node (a ‘node’ is a connection point inside a network), then decrypted and encrypted again to the next node of the network, and then to its final destination. MACsec also allows each hop to act as an IT insertion point for security purposes. This enables IT departments, through their security devices, to monitor and inspect internal “in the clear” LAN traffic at each node. 10 Connectionless data integrity Unauthorized changes to data cannot be made without being detected. Each MAC frame carries a separate integrity verification code, hence the term connectionless. Data origin authenticity A received MAC frame is guaranteed to have been sent by the peer LAN station. However, in a sharedmedia LAN a received MAC frame is guaranteed to have been sent by one of the authorized MACsec stations in the LAN, although the individual originating station cannot be verified. Confidentiality The user data of each MAC frame is encrypted to prevent it from being eavesdropped by unauthorized parties. Replay protection MAC frames copied from the LAN by an attacker cannot be resent into the LAN without being detected.
Load more

Recommended publications
  • Logical Link Control and Channel Scheduling for Multichannel Underwater Sensor Networks
    ICST Transactions on Mobile Communications and Applications Research Article Logical Link Control and Channel Scheduling for Multichannel Underwater Sensor Networks Jun Li ∗, Mylene` Toulgoat, Yifeng Zhou, and Louise Lamont Communications Research Centre Canada, 3701 Carling Avenue, Ottawa, ON. K2H 8S2 Canada Abstract With recent developments in terrestrial wireless networks and advances in acoustic communications, multichannel technologies have been proposed to be used in underwater networks to increase data transmission rate over bandwidth-limited underwater channels. Due to high bit error rates in underwater networks, an efficient error control technique is critical in the logical link control (LLC) sublayer to establish reliable data communications over intrinsically unreliable underwater channels. In this paper, we propose a novel protocol stack architecture featuring cross-layer design of LLC sublayer and more efficient packet- to-channel scheduling for multichannel underwater sensor networks. In the proposed stack architecture, a selective-repeat automatic repeat request (SR-ARQ) based error control protocol is combined with a dynamic channel scheduling policy at the LLC sublayer. The dynamic channel scheduling policy uses the channel state information provided via cross-layer design. It is demonstrated that the proposed protocol stack architecture leads to more efficient transmission of multiple packets over parallel channels. Simulation studies are conducted to evaluate the packet delay performance of the proposed cross-layer protocol stack architecture with two different scheduling policies: the proposed dynamic channel scheduling and a static channel scheduling. Simulation results show that the dynamic channel scheduling used in the cross-layer protocol stack outperforms the static channel scheduling. It is observed that, when the dynamic channel scheduling is used, the number of parallel channels has only an insignificant impact on the average packet delay.
    [Show full text]
  • Medium Access Control Layer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay (historical) ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus (historical) ● Network Infrastructure ● Token Ring (historical) ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● Protocols used to determine who gets next access to the channel Data Link Layer ● Medium Access Control (MAC) sublayer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Range ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access ..
    [Show full text]
  • GS970M Datasheet
    Switches | Product Information CentreCOM® GS970M Series Managed Gigabit Ethernet Switches The Allied Telesis CentreCOM GS970M Series of Layer 3 Gigabit switches offer an impressive set of features in a compact design, making them ideal for applications at the network edge. STP root guard ۼۼ Overview Management (UniDirectional Link Detection (UDLD ۼۼ Allied Telesis Autonomous Management ۼۼ Allied Telesis CentreCOM GS970M Series switches provide an excellent Framework™ (AMF) enables powerful centralized management and zerotouch device installation and Security Features access solution for today’s networks, recovery Access Control Lists (ACLs) based on Layer 2, 3 ۼۼ supporting Gigabit to the desktop for Console management port on the front panel for and 4 headers ۼۼ maximum performance. The Power ease of access Configurable auth-fail and guest VLANs ۼۼ Eco-friendly mode allows ports and LEDs to be ۼۼ over Ethernet Plus (PoE+) models Authentication, Authorization, and Accounting ۼۼ provide an ideal solution for connecting disabled to save power (AAA) Industry-standard CLI with context-sensitive help ۼ and remotely powering wireless access ۼ ۼ Bootloader can be password protected for device ۼ ,points, IP video surveillance cameras Powerful CLI scripting engine security ۼۼ ۼ and IP phones. The GS970M models BPDU protection ۼۼ -Comprehensive SNMP MIB support for standards ۼ feature 8, 16 or 24 Gigabit ports, based device management ۼ DHCP snooping, IP source guard and Dynamic ARP ۼ and 2 or 4 SFP uplinks, for secure (Built-in text editor Inspection
    [Show full text]
  • Communications Programming Concepts
    AIX Version 7.1 Communications Programming Concepts IBM Note Before using this information and the product it supports, read the information in “Notices” on page 323 . This edition applies to AIX Version 7.1 and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright International Business Machines Corporation 2010, 2014. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents About this document............................................................................................vii How to use this document..........................................................................................................................vii Highlighting.................................................................................................................................................vii Case-sensitivity in AIX................................................................................................................................vii ISO 9000.....................................................................................................................................................vii Communication Programming Concepts................................................................. 1 Data Link Control..........................................................................................................................................1 Generic Data Link Control Environment Overview...............................................................................
    [Show full text]
  • Tutorial on Network Communications and Security
    Lecture Notes Introduction to Digital Networks and Security Raj Bridgelall, PhD © Raj Bridgelall, PhD (North Dakota State University, College of Business) Page 1/23 Table of Contents PART I – NETWORKING CONCEPTS.....................................................................................4 1 INTRODUCTION..................................................................................................................4 2 DATA COMMUNICATIONS ..............................................................................................4 2.1 THE OSI MODEL ...............................................................................................................4 2.2 NETWORKING DEVICES .....................................................................................................5 2.3 TCP/IP ..............................................................................................................................6 3 MOBILE IP ............................................................................................................................7 3.1 FIREWALLS........................................................................................................................9 3.2 DHCP AND DNS ..............................................................................................................9 3.3 IPV6 ................................................................................................................................10 PART II – CRYPTOGRAPHY AND NETWORK SECURITY .............................................12
    [Show full text]
  • 1.2. OSI Model
    1.2. OSI Model The OSI model classifies and organizes the tasks that hosts perform to prepare data for transport across the network. You should be familiar with the OSI model because it is the most widely used method for understanding and talking about network communications. However, remember that it is only a theoretical model that defines standards for programmers and network administrators, not a model of actual physical layers. Using the OSI model to discuss networking concepts has the following advantages: Provides a common language or reference point between network professionals Divides networking tasks into logical layers for easier comprehension Allows specialization of features at different levels Aids in troubleshooting Promotes standards interoperability between networks and devices Provides modularity in networking features (developers can change features without changing the entire approach) However, you must remember the following limitations of the OSI model: OSI layers are theoretical and do not actually perform real functions. Industry implementations rarely have a layer‐to‐layer correspondence with the OSI layers. Different protocols within the stack perform different functions that help send or receive the overall message. A particular protocol implementation may not represent every OSI layer (or may spread across multiple layers). To help remember the layer names of the OSI model, try the following mnemonic devices: Mnemonic Mnemonic Layer Name (Bottom to top) (Top to bottom) Layer 7 Application Away All Layer 6 Presentation Pizza People Layer 5 Session Sausage Seem Layer 4 Transport Throw To Layer 3 Network Not Need Layer 2 Data Link Do Data Layer 1 Physical Please Processing Have some fun and come up with your own mnemonic for the OSI model, but stick to just one so you don't get confused.
    [Show full text]
  • High-Level Data Link Control
    ELEC3030 (EL336) Computer Networks S Chen High-Level Data Link Control • This class of data link layer protocols includes High-level Data Link Control (HDLC), Link Access Procedure Balanced (LAPB) for X.25, Link Access Procedure for D-channel (LAPD) for ISDN, and Logic Link Control (LLC) for FDDI • The frame format is: Flag Address Control Data FCS Flag Note that address and control bits 8 8 8 variable 16 8 can be extended to 16 bits, so bit position 12 3 4 5 6 7 8 N(S)=send sequence number N(R)=receive sequence number that sequence number is 7-bit Information: 0 N(S) P/F N(R) S=supervisory function bits P/F • Frame flag: 01111110, so bit Supervisory: 1 0 S N(R) M=unumbered function bits stuffing is used Unumbered: 1 1 M P/F M P/F=poll/final bit • Address: For multipoint operation, it is used to identify the terminal that transmits or receives the frame and, in point-to-point link, it is used to distinguish Commands from Responses (2nd bit for C/R: 0/1). The address is now extended to 16 bits (1st bit indicates long/short 16/8 bits) • Checksum: FCS contains the remainder of a 16-bit CRC calculation of the frame. It may be extended to 32 bits, using a 32-bit CRC • Control: Three types of frames, I, S and U frames. The old protocol uses a sliding window with 3-bit sequence number and the maximum window size is N = 7. The control field is now extended to 16 bits with 7-bit sequence number 60 ELEC3030 (EL336) Computer Networks S Chen HDLC (continue) • I-frames: carry user data.
    [Show full text]
  • Etsi En 301 192 V1.7.1 (2021-08)
    ETSI EN 301 192 V1.7.1 (2021-08) EUROPEAN STANDARD Digital Video Broadcasting (DVB); DVB specification for data broadcasting 2 ETSI EN 301 192 V1.7.1 (2021-08) Reference REN/JTC-DVB-367 Keywords broadcasting, data, digital, DVB, MPEG, video ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - APE 7112B Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° w061004871 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI deliverable is the one made publicly available in PDF format at www.etsi.org/deliver. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Notice of disclaimer & limitation of liability The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of experience to understand and interpret its content in accordance with generally accepted engineering or other professional standard and applicable regulations.
    [Show full text]
  • Chapter 3: Datalink Layer
    Chapter 3: Data Link Layer Raj Jain Professor of CIS The Ohio State University Columbus, OH 43210 [email protected] http://www.cis.ohio-state.edu/~jain/ The Ohio State University Raj Jain 1 Overview ❑ Datalink layer design issues ❑ Error detection and correction ❑ Simple datalink protocols ❑ Sliding window protocols ❑ Example datalink protocols The Ohio State University Raj Jain 2 1 Data Link Layer Design Issues ❑ Services provided to the Network Layer ❑ Framing ❑ Error Control ❑ Flow Control The Ohio State University Raj Jain 3 Datalink Layer Services ❑ Unacknowledged connectionless service ❑ No acks, no connection ❑ Error recovery up to higher layers ❑ For low error-rate links or voice traffic ❑ Acknowledged connectionless service ❑ Acks improve reliability ❑ For unreliable channels. E.g.: Wireless Systems The Ohio State University Raj Jain 4 2 Datalink Services (Cont) ❑ Acknowledged connection-oriented service ❑ Equivalent of reliable bit-stream ❑ Connection establishment ❑ Packets Delivered In-Order ❑ Connection Release ❑ Inter-Router Traffic The Ohio State University Raj Jain 5 Framing ❑ Framing = How to break a bit-stream into frames ❑ Need for framing: Error Detection/Control work on chunks and not on bit streams of data ❑ Framing methods: ❑ Timing : risky. No network guarantees. ❑ Character count: may be garbled by errors ❑ Character stuffing: Delimit frame with special characters ❑ Bit stuffing: delimit frame with bit pattern ❑ Physical layer coding violations The Ohio State University Raj Jain 6 3 Character Stuffing ❑
    [Show full text]
  • Chapter 6: Medium Access Control Layer
    Chapter 6: Medium Access Control Layer Chapter 6: Roadmap " Overview! " Wireless MAC protocols! " Carrier Sense Multiple Access! " Multiple Access with Collision Avoidance (MACA) and MACAW! " MACA By Invitation! " IEEE 802.11! " IEEE 802.15.4 and ZigBee! " Characteristics of MAC Protocols in Sensor Networks! " Energy Efficiency! " Scalability! " Adaptability! " Low Latency and Predictability! " Reliability! " Contention-Free MAC Protocols! " Contention-Based MAC Protocols! " Hybrid MAC Protocols! Fundamentals of Wireless Sensor Networks: Theory and Practice Waltenegus Dargie and Christian Poellabauer © 2010 John Wiley & Sons Ltd. 2! Medium Access Control " In most networks, multiple nodes share a communication medium for transmitting their data packets! " The medium access control (MAC) protocol is primarily responsible for regulating access to the shared medium! " The choice of MAC protocol has a direct bearing on the reliability and efficiency of network transmissions! " due to errors and interferences in wireless communications and to other challenges! " Energy efficiency also affects the design of the MAC protocol! " trade energy efficiency for increased latency or a reduction in throughput or fairness! Fundamentals of Wireless Sensor Networks: Theory and Practice Waltenegus Dargie and Christian Poellabauer © 2010 John Wiley & Sons Ltd. 3! 1! Overview " Responsibilities of MAC layer include:! " decide when a node accesses a shared medium! " resolve any potential conflicts between competing nodes! " correct communication errors occurring at the physical layer! " perform other activities such as framing, addressing, and flow control! " Second layer of the OSI reference model (data link layer) or the IEEE 802 reference model (which divides data link layer into logical link control and medium access control layer)! Fundamentals of Wireless Sensor Networks: Theory and Practice Waltenegus Dargie and Christian Poellabauer © 2010 John Wiley & Sons Ltd.
    [Show full text]
  • Etsi Ts 144 064 V15.0.0 (2018-07)
    ETSI TS 144 064 V15.0.0 (2018-07) TECHNICAL SPECIFICATION Digital cellular telecommunications system (Phase 2+) (GSM); Mobile Station - Serving GPRS Support Node (MS-SGSN); Logical Link Control (LLC) Layer Specification (3GPP TS 44.064 version 15.0.0 Release 15) R GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS 3GPP TS 44.064 version 15.0.0 Release 15 1 ETSI TS 144 064 V15.0.0 (2018-07) Reference RTS/TSGC-0144064vf00 Keywords GSM ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • Telematics Chapter 4: Data Link Layer
    User Server Telematics watching with video video clip clips Chapter 4: Data Link Layer Application Layer Application Layer BeispielbildPresentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Data Link Layer Data Link Layer Data Link Layer Physical Layer Physical Layer Physical Layer Prof. Dr. Mesut Güneş Computer Systems and Telematics (CST) Distributed, embedded Systems Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Error Detection and Correction ● Elementary Data Link Protocols ● Sliding Window Protocols ● High Level Data Link Control (HDLC) ● Point-to-Point Protocol (PPP) ● Protocol Verification Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 4: Data Link Layer 4.2 Design Issues Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 4: Data Link Layer 4.3 Design Issues ● The data link layer has a number of spp,ecific functions, for this it OSI Reference Model ● provides a well-defined service Application Layer interface to the network layer ● deals with transmission errors Presentation Layer ● regulates the flow of data Session Layer ● access to the medium ● prevent a slow receiver being not Transport Layer swamped by a fast sender Network Layer Data Link Layer Phy sical Laye r Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 4: Data Link Layer 4.4 Layer 2: Division into two Parts Logical Link Control (LLC) (Layer 2b) − Organization of the data to be sent into frames − Guarantee (if possible) an error free transmission between neighboring nodes through: • Detection (and recovery) of transfer errors • Flow Control (avoidance of overloading the receiver) • Buffer Management Medium Access Control (MAC) (Layer 2a) − Control of the access to the communication channel in broadcast networks - LLC IEEE 802.2 Logical Link Control ..
    [Show full text]