Post on 29-Jan-2016
1
CSCD 330Network ProgrammingWinter 2014
Lecture 17bLink Layer Protocols
Reading Chapter 5
Some slides provided courtesy of JF Kurose and KW Ross All Rights Reserved copyright 1996-2007
Who is this
2
Overview
bull Link Layer Hardwarebull Hubs vs Switches vs Routers
bull Ethernetbull ARP and MAC Addressing
LAN and Network Hardware
4
Shuttling Data at Different Layersbull Different devices switch different things
bull Physical Layer Electrical signals (repeaters and hubs)
bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)
Application gatewayTransport gateway
Router
Bridge switch
Repeater hub
Frameheader
Packetheader
TCPheader
Userdata
Key Distinction
bull Routersbull Forward based on IP headers
19216801
bull SwitchesBridges001302BA4356bull Forward based on MAC addresses
bull RepeatersHubsbull Broadcast all bits 010101010101
5
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
2
Overview
bull Link Layer Hardwarebull Hubs vs Switches vs Routers
bull Ethernetbull ARP and MAC Addressing
LAN and Network Hardware
4
Shuttling Data at Different Layersbull Different devices switch different things
bull Physical Layer Electrical signals (repeaters and hubs)
bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)
Application gatewayTransport gateway
Router
Bridge switch
Repeater hub
Frameheader
Packetheader
TCPheader
Userdata
Key Distinction
bull Routersbull Forward based on IP headers
19216801
bull SwitchesBridges001302BA4356bull Forward based on MAC addresses
bull RepeatersHubsbull Broadcast all bits 010101010101
5
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
LAN and Network Hardware
4
Shuttling Data at Different Layersbull Different devices switch different things
bull Physical Layer Electrical signals (repeaters and hubs)
bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)
Application gatewayTransport gateway
Router
Bridge switch
Repeater hub
Frameheader
Packetheader
TCPheader
Userdata
Key Distinction
bull Routersbull Forward based on IP headers
19216801
bull SwitchesBridges001302BA4356bull Forward based on MAC addresses
bull RepeatersHubsbull Broadcast all bits 010101010101
5
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
4
Shuttling Data at Different Layersbull Different devices switch different things
bull Physical Layer Electrical signals (repeaters and hubs)
bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)
Application gatewayTransport gateway
Router
Bridge switch
Repeater hub
Frameheader
Packetheader
TCPheader
Userdata
Key Distinction
bull Routersbull Forward based on IP headers
19216801
bull SwitchesBridges001302BA4356bull Forward based on MAC addresses
bull RepeatersHubsbull Broadcast all bits 010101010101
5
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Key Distinction
bull Routersbull Forward based on IP headers
19216801
bull SwitchesBridges001302BA4356bull Forward based on MAC addresses
bull RepeatersHubsbull Broadcast all bits 010101010101
5
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
6
Repeaters
bull Length of cable used influence quality of communication
bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal
bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data
bull Physical layer (layer 1) device
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
7
Repeaters (continued)
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
8
Repeaters (continued)
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
9
Hubs
bull Generic connection devicebull Operates at the Physical Layer
bull Connect several networking cables together
bull Active hubsbull Known as Multiport repeaters
bull Passive hubsbull Something that does not boost signal just
connects the wires
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
10
Hubs (continued)
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
11
Switches
bull Operate at the Data Link layerbull Increases network performance
bull Virtual circuits between source and destination
bull Micro segmentation at the port levelbull More complicated and expensive than
hubs
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Collision Domain
bull Differs between Hubs and Switchesbull What is a Collision Domain
bull Group of nodes in a network that compete with each other for access
bull If two or more devices try to access network at exact same time a collision will occur
bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth
bull In a hub all nodes share bandwidth
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
13
Switches
bull Switchbull Filter based on MAC addressesbull Build tables in memory
Collision Domain
SwitchHub
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5-14
Switch
bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address
selectively forward frame to one-or-more outgoing links
bull Transparentbull Important Note thatbull Hosts are unaware of presence of
switchesbull Operate at lower levels of protocol stack
bull Plug-and-play self-learningbull Switches do not need to be manually
managed
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
15
Switches
bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive
packets intended for them specificallybull Increase network performancebull Smaller collision domains
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
16
Switches
bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity
problems through a switch
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
17
Switches (continued)
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
18
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a
collision domain into two partsbull All decisions made by a bridge are based on
MAC or Layer 2 addressing
bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
19
Network Segmentation
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
20
Bridges vs Switches
bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge
bull Can contain dozens of portsbull Rather than creating two collision domains
bull Each port creates its own collision domainbull Say network of twenty nodes twenty
collision domains exist if each node is plugged into its own switch port
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
21
Bridges vs Switch
bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your
subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half
bull Nowadays switches are so cheap and so much more effective you dont see bridges much
bull Mostly replaced bridges
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
22
Routers
bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
23
Routers
bull Creates a table to determine how to forward packets
bull Filtering and traffic control base on logical addresses IP addresses
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
24
Differences Logical vs Physical
bull Look at the Differences Between Logical and Physical Addresses
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
25
Physical Versus Logical Addresses
bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices
bull Logical addresses IPbull Network and transport protocols dictate the
format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by
software
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
26
Physical Versus Logical Addresses
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet History
bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)
bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect
over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether
single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE
8023 Standardbull But nowadays any 8023 compliant network is
referred to as an Ethernet
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
29
Ethernet
Ethernetsketch
Who is this
Original Paper published in 1976
httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Robert (Bob) Metcalf ndash Inventor of Ethernet
Bob Metcalfe bull Helped build early Internet while still an
undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto
Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld
Publishing Cobull Wrote three booksbull Since January 2001 has been a venture
capitalist with Polaris Ventures
Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm
AD=1ampArticleID=2855
30
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
8023 Standard Project
bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)
bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders
bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago
bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards
httpenwikipediaorgwikiIEEE_8023
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission
speed in megabits per second Mbpsbull Second term indicates transmission type
bull BASE = baseband or BROAD = broadband
bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from
original Thicknetbull Recent versions letters replace numbers
bull For example in 10BASE-T T means unshielded twisted-pair cables
bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Classical Ethernet Broadcast
bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through
single shared mediumbull If two nodes try to send at same time
bull Called collision and prevents any information passed along network
bull Multiple messages would collide and corrupt each other
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Early Ethernet
bull 10Base5 and 10Base2
bull The initial Ethernet implementations used coaxial cable to connect the stations to each other
bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
35
Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes
over a maximum distance of 1640 ft
bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other
interfaces physical layer device onlybull Layer 1 device
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
36
Ethernet with Hubs2nd Attempt
bull Next form of Ethernetbull 10BaseT with Hubs
bull 10BaseT used twisted pair wiring instead of coaxial
bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern
office buildings for telephone systembull Contributed hugely to Ethernets popularity
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
37
Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo
bull Distance of any node to hub lt 326 ft
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
38
The 10Mbs Ethernet StandardIEEE 8023
Ethernet MAC Protocol
10Base-5 10Base-2 10Base-T 10Base-F
Different physical layer
options
10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair
Category-3 telephone cable10Base-F Two optical fibers in a single cable
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
39
8023u Fast Ethernet
bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet
standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex
modebull Two stations could transmit at the same time
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
40
The 100Mbs Ethernet StandardldquoFast Ethernetrdquo
Ethernet MAC Protocol
100Base-T4 100Base-TX 100Base-FX
Different physical layer options
Up to 100m of cable per segment
100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
41
The 1Gbs Ethernet Standard
bull June 1998 - Gigabit Ethernet defined in 8023z
bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex
mode over a variety of different network media
ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak
same time
httpenwikipediaorgwikiIEEE_8023
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
42
The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo
Ethernet MAC Protocol
1000Base-TX 1000Base-FX
1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5 DataLink Layer 5-43
Ethernet Frame Structure
Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame
Preamble bull 7 bytes with pattern 10101010 followed
by one byte with pattern 10101011bull Used to synchronize receiver sender
clock rates
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
44
Ethernet Frame Structure (more)bull Addresses
bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame
bull Otherwise adapter discards frame
bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356
bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)
bull CRC checked at receiver if error is detected frame is dropped
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Use of Ethernet Switches Versus Hubs in a LAN
Collisions with Switch and HubHubs
Switch
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
CSMACD
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
47
CSMACD Protocol
All hosts transmit amp receive on one channelPackets are of variable size
When a host has a packet to transmit1 Carrier Sense Check that the line is quiet
before transmitting2 Collision Detection Detect collision as soon
as possible If a collision is detected stop transmitting wait a random time then return to step 1
binary exponential backoff
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
48
Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection
Algorithm1 NIC receives datagram from
network layer creates frame2 If NIC senses channel idle starts
frame transmission If NIC senses channel busy waits
until channel idle then transmits3 If NIC transmits entire frame
without detecting another transmission
NIC is done with frame
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet CSMACD algorithm
4 If NIC detects another transmission while
transmitting aborts and sends jam signal
5 After aborting NIC enters exponential backoff after mth collision NIC chooses a
K small integer at random from 012
hellip2m-1
NIC then waits K512 bit time Returns to Step 2 More details follow hellip
49
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet CSMACD algorithm
bull Featuresbull Transmitting station intentionally
transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision
bull Station then remains silent for a random period of time before attempting to transmit again
bull Repeats Until frame is eventually transmitted successfully 50
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
51
Ethernetrsquos CSMACD (more)
Exponential Backoffbull Goal Adapt retransmission attempts to
estimated current loadbull Heavy load -gt random wait will be
longer and more varied
bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from
0123hellipbull After ten collisions Choose K from
01234hellip1023
bull Set size grows Exponentially
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Ethernet and Switches
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Switches Again
Layer 2 switching media access control address (MAC address)
Each network interface cards (NICs) has a MAC address
This address used to decide where to forward frames
Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
How Switching Works
Switch dynamically builds address table by using the MAC source address of the frames received
When switch receives a frame for a MAC destination address not listed in its address table
Floods frame to all LAN ports of same VLAN except port that received the frame
When destination station replies switch adds its relevant MAC source address and port ID to address table
Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5 DataLink Layer 5-55
Switch Allows multiple simultaneous transmissions
bull Hosts have dedicated direct connection to switch
bull Switches buffer packets
bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own
collision domainbull Switching A-to-Arsquo and
B-to-Brsquo simultaneously without collisions bull Not possible with
ldquodumbrdquo hub
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5 DataLink Layer 5-56
Switch Table
bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5
bull A Each switch has switch table each entrybull MAC address of host
interface to reach host time stamp
bull Looks like a routing tablebull Q how are entries
created maintained in switch table bull Self-Learning
A
Arsquo
B
Brsquo
C
Crsquo
switch with six interfaces(123456)
1 2 345
6
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5-57
Switch self-learningbull Switch learns which
hosts can be reached through which interfacesbull When frame
received switch ldquolearnsrdquo location of sender incoming LAN segment
bull Records senderlocation pair
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
MAC addr interface TTL Switch table (initially empty)A 1 60
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
5 DataLink Layer 5-58
Switch self-learning
bull Frame with Destination A arrives at switch from interface 1
Two possibilities1 No entry in table for A
Switch forwards frame to all interfaces except 1
- Entry for A added
2 Entry in table for A
interface of 4 frame
would get forwarded
A
Arsquo
B
Brsquo
C
Crsquo
1 2 345
6
A Arsquo
Source ADest Arsquo
MAC addr interface TTLSwitch table
(initially empty)A 1 60
60A 4
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Switches and CSMACD
bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been
relegated to historybull Hubs still use CSMACD but if network
uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play
bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
60
Link Layer
bull 51 Introduction and services
bull 52 Error detection and correction
bull 53Multiple access protocols
bull 54 Link-Layer Addressing
bull 56 Link-layer switches
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Topics
bull LAN Addressingbull Arp Protocol
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
62
MAC Addressesbull Network Layer bull 32-bit IP address
bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine
bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)
bull Burned in NIC ROM also sometimes software settable
bull 24 bits set for manufacturer 24 bits for NIC adapter
Ex 00E0B89CA660
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
MAC Addressbull Why would you want to change your MAC
addressbull Many reasons 1 To get around MAC address filtering of wireless
routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable
Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and
security logs keeps deviant behavior from being connected to hardware
3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Change Your MAC Addressbull How to change your MAC address
bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup
httpwwwgorlanicompublicprjmacmakeupmacmakeupasp
bull MadMACs
httpwwwirongeekcomiphppage=security madmacs-mac-spoofer
bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange
bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
65
LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN(wired orwireless)
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
66
LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address
space (to assure uniqueness) Table
httpstandardsieeeorgregauthouiouitxt
bull Analogy (a) MAC address hellip like Social Security
NumberTake it with you
(b) IP address hellip like postal addressChanges when you move
bull Flat MAC address increases Portability bull Can move LAN card from one LAN to
anotherbull IP hierarchical address NOT portable
bull Address depends on IP subnet to which node is attached
bull Must change IP address if move to a different subnet
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
67
ARP Address Resolution Protocol
bull Each IP node on LAN has ARP table
bull ARP table IPMAC address mappings for some LAN nodes
lt IP address MAC address TTLgt
bull TTL (Time To Live) time after which address mapping discarded
bull Varies 1 to 20 minutes on average
Question How to determineMAC address of Bknowing Brsquos IP address
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
137196723
137196778
137196714
137196788
A
B
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
ARP Cache
For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time
So ARP cache maintained at each node
Size limit = 512 entries
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
69
ARP Protocol Same LAN
bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table
bull A broadcasts ARP query packet containing Bs IP address
bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-
FF-FFbull All machines on LAN receive ARP query
bull B receives ARP packet replies to A with its (Bs) MAC address
bull Frame sent to Arsquos MAC address (unicast)
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Types of ARP Messages
ARP request Who is IP addr XXXX tell IP addr YYYY
ARP reply IP addr XXXX is Ethernet Address
hhhhhhhhhhhh
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
ARP Protocol Same LAN
bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes
old bull Eventually
bull Times outbull ARP table keeps Soft state information
that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without
intervention from you the network administrator
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
72
ARP Protocol Routing to another LAN
R
1A-23-F9-CD-06-9B
222222222220111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Walkthrough Send datagram from A to B via router R
Assume A knows Brsquos IP address
bull Two ARP tables in router R one for each IP network (LAN)
bull Routers have several NICs ndash Network Interface Cards
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
73
ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for
111111111110
bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram
bull Arsquos NIC sends frame bull Rrsquos NIC receives frame
bull R removes IP datagram from Ethernet frame sees its destined to B
bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends
to B
R
1A-23-F9-CD-06-9B
222222222220
111111111110
E6-E9-00-17-BB-4B
CC-49-DE-D0-AB-7D
111111111112
111111111111
A74-29-9C-E8-FF-55
222222222221
88-B2-2F-54-1A-0F
B222222222222
49-BD-D2-C7-56-2A
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
Summary
bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium
bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer
74
End
bull Due Final given out Friday
March 14th
75
End
bull Due Final given out Friday
March 14th
75