1

CSCD 330Network ProgrammingWinter 2014

Lecture 17bLink Layer Protocols

Reading Chapter 5

Some slides provided courtesy of JF Kurose and KW Ross All Rights Reserved copyright 1996-2007

Who is this

2

Overview

bull Link Layer Hardwarebull Hubs vs Switches vs Routers

bull Ethernetbull ARP and MAC Addressing

LAN and Network Hardware

4

Shuttling Data at Different Layersbull Different devices switch different things

bull Physical Layer Electrical signals (repeaters and hubs)

bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)

Application gatewayTransport gateway

Router

Bridge switch

Repeater hub

Frameheader

Packetheader

TCPheader

Userdata

Key Distinction

bull Routersbull Forward based on IP headers

19216801

bull SwitchesBridges001302BA4356bull Forward based on MAC addresses

bull RepeatersHubsbull Broadcast all bits 010101010101

5

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

2

Overview

bull Link Layer Hardwarebull Hubs vs Switches vs Routers

bull Ethernetbull ARP and MAC Addressing

LAN and Network Hardware

4

Shuttling Data at Different Layersbull Different devices switch different things

bull Physical Layer Electrical signals (repeaters and hubs)

bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)

Application gatewayTransport gateway

Router

Bridge switch

Repeater hub

Frameheader

Packetheader

TCPheader

Userdata

Key Distinction

bull Routersbull Forward based on IP headers

19216801

bull SwitchesBridges001302BA4356bull Forward based on MAC addresses

bull RepeatersHubsbull Broadcast all bits 010101010101

5

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

LAN and Network Hardware

4

Shuttling Data at Different Layersbull Different devices switch different things

bull Physical Layer Electrical signals (repeaters and hubs)

bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)

Application gatewayTransport gateway

Router

Bridge switch

Repeater hub

Frameheader

Packetheader

TCPheader

Userdata

Key Distinction

bull Routersbull Forward based on IP headers

19216801

bull SwitchesBridges001302BA4356bull Forward based on MAC addresses

bull RepeatersHubsbull Broadcast all bits 010101010101

5

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

4

Shuttling Data at Different Layersbull Different devices switch different things

bull Physical Layer Electrical signals (repeaters and hubs)

bull Link layer Frames (bridges and switches)bull Network layer Packets (routers)

Application gatewayTransport gateway

Router

Bridge switch

Repeater hub

Frameheader

Packetheader

TCPheader

Userdata

Key Distinction

bull Routersbull Forward based on IP headers

19216801

bull SwitchesBridges001302BA4356bull Forward based on MAC addresses

bull RepeatersHubsbull Broadcast all bits 010101010101

5

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Key Distinction

bull Routersbull Forward based on IP headers

19216801

bull SwitchesBridges001302BA4356bull Forward based on MAC addresses

bull RepeatersHubsbull Broadcast all bits 010101010101

5

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

6

Repeaters

bull Length of cable used influence quality of communication

bull Repeaters repeat signalsbull Clean and boost digital transmissionbull Analog networks use amplifiers to boost signal

bull Repeaters only work with the physical signalbull Cannot reformat resize or manipulate the data

bull Physical layer (layer 1) device

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

7

Repeaters (continued)

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

8

Repeaters (continued)

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

9

Hubs

bull Generic connection devicebull Operates at the Physical Layer

bull Connect several networking cables together

bull Active hubsbull Known as Multiport repeaters

bull Passive hubsbull Something that does not boost signal just

connects the wires

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

10

Hubs (continued)

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

11

Switches

bull Operate at the Data Link layerbull Increases network performance

bull Virtual circuits between source and destination

bull Micro segmentation at the port levelbull More complicated and expensive than

hubs

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Collision Domain

bull Differs between Hubs and Switchesbull What is a Collision Domain

bull Group of nodes in a network that compete with each other for access

bull If two or more devices try to access network at exact same time a collision will occur

bull In switched environment each transmitting-receiving pair of nodes is essentially its own collision domain except that no collisions can occur because there is no sharing of bandwidth

bull In a hub all nodes share bandwidth

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

13

Switches

bull Switchbull Filter based on MAC addressesbull Build tables in memory

Collision Domain

SwitchHub

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5-14

Switch

bull Link-layer device Level 2 Switchbull Store forward Ethernet framesbull Examine incoming framersquos MAC address

selectively forward frame to one-or-more outgoing links

bull Transparentbull Important Note thatbull Hosts are unaware of presence of

switchesbull Operate at lower levels of protocol stack

bull Plug-and-play self-learningbull Switches do not need to be manually

managed

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

15

Switches

bull Advantages of Switchesbull Increase available network bandwidthbull Reduced workload computers only receive

packets intended for them specificallybull Increase network performancebull Smaller collision domains

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

16

Switches

bull Disadvantages of Switchesbull More expensive than hubs and bridgesbull Difficult to trace network connectivity

problems through a switch

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

17

Switches (continued)

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

18

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull Bridge has only two ports and divides a

collision domain into two partsbull All decisions made by a bridge are based on

MAC or Layer 2 addressing

bull Thus a bridge will divide a collision domain but has no effect on a logical or broadcast domain

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

19

Network Segmentation

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

20

Bridges vs Switches

bull Whats the difference between a Bridge and a Switchbull A Switch is a fast multi-port bridge

bull Can contain dozens of portsbull Rather than creating two collision domains

bull Each port creates its own collision domainbull Say network of twenty nodes twenty

collision domains exist if each node is plugged into its own switch port

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

21

Bridges vs Switch

bull Bridges were most used when you had people on hubs all packets going to all hostsbull Lots of collisions bull A bridge allowed you to cheaply break your

subnet into two physical networks that only interact when necessary effectively cutting your collision domain in half

bull Nowadays switches are so cheap and so much more effective you dont see bridges much

bull Mostly replaced bridges

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

22

Routers

bull What does a router dobull Provides filtering and network traffic controlbull Used on LANs and WANsbull Connect multiple segments and networksbull Multiple routers create an ldquointernetworkrdquobull Operate at the Network layerbull Layer 3 device

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

23

Routers

bull Creates a table to determine how to forward packets

bull Filtering and traffic control base on logical addresses IP addresses

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

24

Differences Logical vs Physical

bull Look at the Differences Between Logical and Physical Addresses

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

25

Physical Versus Logical Addresses

bull MAC addressesbull Data Link layerbull Used by switches bridges and routersbull Used for directly connected devices

bull Logical addresses IPbull Network and transport protocols dictate the

format of the logical network layer addressbull TCPIP IPXSPX (Novel Netware)bull IP addresses are assigned manually or by

software

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

26

Physical Versus Logical Addresses

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet History

bull 1973 Xerox Corporationrsquos Palo Alto Research Center developed bus topology Local Area Network (LAN)

bull 1976 carrier sensing addedbull Xerox built 294 Mbps network to connect

over 100 personal workstations on 1 km cablebull Network called Ethernet named after ether

single coaxial cable used to connect machines bull Ethernet refers to product which predates IEEE

8023 Standardbull But nowadays any 8023 compliant network is

referred to as an Ethernet

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

29

Ethernet

Ethernetsketch

Who is this

Original Paper published in 1976

httpciteseerxistpsueduviewdocdownloaddoi=1011871052amprep=rep1amptype=pdf

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Robert (Bob) Metcalf ndash Inventor of Ethernet

Bob Metcalfe bull Helped build early Internet while still an

undergraduatebull Invented Ethernetmdashwhile at Xerox Palo Alto

Research Centerbull Founded 3Com Corpbull Served as publisher at IDGs Infoworld

Publishing Cobull Wrote three booksbull Since January 2001 has been a venture

capitalist with Polaris Ventures

Nice article on him hellip if you want to read ithttpelectronicdesigncomArticlesIndexcfm

AD=1ampArticleID=2855

30

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

8023 Standard Project

bull In 1980 (IEEE) started project 802 to standardize local area networks (LAN)

bull IEEE wanted to put forward one standardbull IBM Token Ringbull Token Bus andbull Ethernet were all contenders

bull Eventually Ethernet won and it became a standard in 1985 hellip 28 years ago

bull First standard was for 10 Mbpsbull Entire list of Ethernet Standards

httpenwikipediaorgwikiIEEE_8023

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet Terminology Physical Layerbull First number (10 100 or 1000) transmission

speed in megabits per second Mbpsbull Second term indicates transmission type

bull BASE = baseband or BROAD = broadband

bull Last number indicates segment lengthbull 5 means 500-meter (500-m) segment length from

original Thicknetbull Recent versions letters replace numbers

bull For example in 10BASE-T T means unshielded twisted-pair cables

bull Further numbers show number of twisted pairs available For example in 100BASE-T4 T4 indicates four twisted pair

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Classical Ethernet Broadcast

bull Classical Ethernet is Broadcast Networkbull Hosts connected to network through

single shared mediumbull If two nodes try to send at same time

bull Called collision and prevents any information passed along network

bull Multiple messages would collide and corrupt each other

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Early Ethernet

bull 10Base5 and 10Base2

bull The initial Ethernet implementations used coaxial cable to connect the stations to each other

bull Two forms of coaxial cable were usedbull 10Base5 cable known as thick Ethernetbull 10Base2 also known as thin Ethernet

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

35

Ethernet Technology First Attempt bull 10Base 2 under 656 ft cable length bull Thin coaxial cable in a bus topologybull 10Base5 uses 10mm wide coaxial cable which allows up to 100 nodes

over a maximum distance of 1640 ft

bull Repeaters used to connect multiple segmentsRepeater repeats bits it hears on one interface to its other

interfaces physical layer device onlybull Layer 1 device

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

36

Ethernet with Hubs2nd Attempt

bull Next form of Ethernetbull 10BaseT with Hubs

bull 10BaseT used twisted pair wiring instead of coaxial

bull 10BaseT could use Category 3 twisted pair wirendash Commonly already present in modern

office buildings for telephone systembull Contributed hugely to Ethernets popularity

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

37

Ethernet Technologies Next Attempt10BaseT and 100BaseTbull Hub(s) connected by twisted pair in ldquostar topologyrdquo

bull Distance of any node to hub lt 326 ft

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

38

The 10Mbs Ethernet StandardIEEE 8023

Ethernet MAC Protocol

10Base-5 10Base-2 10Base-T 10Base-F

Different physical layer

options

10Base-5 Original Ethernet large thick coaxial cable10Base-2 Thin coaxial cable version10Base-T Voice-grade unshielded twisted-pair

Category-3 telephone cable10Base-F Two optical fibers in a single cable

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

39

8023u Fast Ethernet

bull In 1995 IEEE adopted 8023u Fast Ethernet standardbull Fast Ethernet is a 100 Mbps Ethernet

standardbull With Fast Ethernet came full-duplex Ethernetbull Previously Ethernets worked in half-duplex

modebull Two stations could transmit at the same time

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

40

The 100Mbs Ethernet StandardldquoFast Ethernetrdquo

Ethernet MAC Protocol

100Base-T4 100Base-TX 100Base-FX

Different physical layer options

Up to 100m of cable per segment

100Base-T4 Uses four pairs of voice grade Category-3 cable 100Base-TX Uses two pairs of data grade Category-5 cable100Base-FX Uses two optical fibers

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

41

The 1Gbs Ethernet Standard

bull June 1998 - Gigabit Ethernet defined in 8023z

bull 8023z defines a network running atndash 1000 Mbps in half-duplex or full-duplex

mode over a variety of different network media

ndash Half duplex ndash one speaks at a timendash Full duplex ndash both can transmitspeak

same time

httpenwikipediaorgwikiIEEE_8023

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

42

The 1Gbs Ethernet StandardldquoGigabit Ethernetrdquo

Ethernet MAC Protocol

1000Base-TX 1000Base-FX

1000Base-TX Uses four pairs of data grade Category-5 cable1000Base-FX Uses two optical fibers

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5 DataLink Layer 5-43

Ethernet Frame Structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble bull 7 bytes with pattern 10101010 followed

by one byte with pattern 10101011bull Used to synchronize receiver sender

clock rates

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

44

Ethernet Frame Structure (more)bull Addresses

bull If adapter receives frame with matching destination address or with broadcast address it passes data in frame to network layer protocol accepts the frame

bull Otherwise adapter discards frame

bull What kind of addresses at this layerbull MAC - Media Access Control bull Example 001302BA4356

bull Type Indicates higher layer protocol (mostly IP but others possible eg Novell IPX)

bull CRC checked at receiver if error is detected frame is dropped

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Use of Ethernet Switches Versus Hubs in a LAN

Collisions with Switch and HubHubs

Switch

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

CSMACD

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

47

CSMACD Protocol

All hosts transmit amp receive on one channelPackets are of variable size

When a host has a packet to transmit1 Carrier Sense Check that the line is quiet

before transmitting2 Collision Detection Detect collision as soon

as possible If a collision is detected stop transmitting wait a random time then return to step 1

binary exponential backoff

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

48

Ethernet CSMACD algorithmCarrier Sense Multiple AccessCollision Detection

Algorithm1 NIC receives datagram from

network layer creates frame2 If NIC senses channel idle starts

frame transmission If NIC senses channel busy waits

until channel idle then transmits3 If NIC transmits entire frame

without detecting another transmission

NIC is done with frame

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet CSMACD algorithm

4 If NIC detects another transmission while

transmitting aborts and sends jam signal

5 After aborting NIC enters exponential backoff after mth collision NIC chooses a

K small integer at random from 012

hellip2m-1

NIC then waits K512 bit time Returns to Step 2 More details follow hellip

49

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet CSMACD algorithm

bull Featuresbull Transmitting station intentionally

transmits a jam sequence to ensure all stations are notified the frame transmission failed due to a collision

bull Station then remains silent for a random period of time before attempting to transmit again

bull Repeats Until frame is eventually transmitted successfully 50

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

51

Ethernetrsquos CSMACD (more)

Exponential Backoffbull Goal Adapt retransmission attempts to

estimated current loadbull Heavy load -gt random wait will be

longer and more varied

bull First collision Choose K from 01 Delay is K 512 bit transmission timesbull After second collision Choose K from

0123hellipbull After ten collisions Choose K from

01234hellip1023

bull Set size grows Exponentially

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Ethernet and Switches

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Switches Again

Layer 2 switching media access control address (MAC address)

Each network interface cards (NICs) has a MAC address

This address used to decide where to forward frames

Layer 2 switching is hardware based switches use application-specific integrated circuit (ASICs) to build and maintain tables

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

How Switching Works

Switch dynamically builds address table by using the MAC source address of the frames received

When switch receives a frame for a MAC destination address not listed in its address table

Floods frame to all LAN ports of same VLAN except port that received the frame

When destination station replies switch adds its relevant MAC source address and port ID to address table

Switch then forwards subsequent frames to a single LAN port without flooding all LAN ports

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5 DataLink Layer 5-55

Switch Allows multiple simultaneous transmissions

bull Hosts have dedicated direct connection to switch

bull Switches buffer packets

bull Ethernet protocol used on each incoming link no collisions AND full duplexbull Each link is its own

collision domainbull Switching A-to-Arsquo and

B-to-Brsquo simultaneously without collisions bull Not possible with

ldquodumbrdquo hub

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5 DataLink Layer 5-56

Switch Table

bull Q how does switch know that Arsquo reachable via interface 4 Brsquo reachable via interface 5

bull A Each switch has switch table each entrybull MAC address of host

interface to reach host time stamp

bull Looks like a routing tablebull Q how are entries

created maintained in switch table bull Self-Learning

A

Arsquo

B

Brsquo

C

Crsquo

switch with six interfaces(123456)

1 2 345

6

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5-57

Switch self-learningbull Switch learns which

hosts can be reached through which interfacesbull When frame

received switch ldquolearnsrdquo location of sender incoming LAN segment

bull Records senderlocation pair

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

MAC addr interface TTL Switch table (initially empty)A 1 60

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

5 DataLink Layer 5-58

Switch self-learning

bull Frame with Destination A arrives at switch from interface 1

Two possibilities1 No entry in table for A

Switch forwards frame to all interfaces except 1

- Entry for A added

2 Entry in table for A

interface of 4 frame

would get forwarded

A

Arsquo

B

Brsquo

C

Crsquo

1 2 345

6

A Arsquo

Source ADest Arsquo

MAC addr interface TTLSwitch table

(initially empty)A 1 60

60A 4

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Switches and CSMACD

bull Do we need to use CSMACD on todays switched networkbull Collision domain has pretty much been

relegated to historybull Hubs still use CSMACD but if network

uses Fast Ethernet switches in full-duplex mode then CSMACD no longer comes into play

bull Full-duplex switches use separate wire pairs so switch port can send data to attached computer while receiving data from that computer on another wire pair

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

60

Link Layer

bull 51 Introduction and services

bull 52 Error detection and correction

bull 53Multiple access protocols

bull 54 Link-Layer Addressing

bull 56 Link-layer switches

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Topics

bull LAN Addressingbull Arp Protocol

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

62

MAC Addressesbull Network Layer bull 32-bit IP address

bull Network-layer address dotted decimal Ex 14618713076bull To route datagram to destination machine

bull MAC (or LAN or physical or Ethernet) Address bull MAC stands for Media Access Controlbull 48 bit MAC address (for most LANs)

bull Burned in NIC ROM also sometimes software settable

bull 24 bits set for manufacturer 24 bits for NIC adapter

Ex 00E0B89CA660

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

MAC Addressbull Why would you want to change your MAC

addressbull Many reasons 1 To get around MAC address filtering of wireless

routers You sniff for Mac address of someone already on network then change your Mac address to one thats acceptable

Why filtering by Mac address is not very secure2 To keep a burned-in MAC address out of IDS and

security logs keeps deviant behavior from being connected to hardware

3To pull off a denial of service attack assume MAC of gateway to a subnet lots of WiFi routers will lock up if a client tries to connect with the same MAC as routers BSSID

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Change Your MAC Addressbull How to change your MAC address

bull Windows XP2000Vistabull Use regedit to edit registry or use a utilitybull Mac Makeup

httpwwwgorlanicompublicprjmacmakeupmacmakeupasp

bull MadMACs

httpwwwirongeekcomiphppage=security madmacs-mac-spoofer

bull Smac - httpwwwklcconsultingnetsmacbull Etherchange - httpntsecuritynutoolboxetherchange

bull Linux $ ifconfig eth0 down hw ether 000000000001 $ ifconfig eth0 up httpwwwirongeekcomiphppage=securitychangemac

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

65

LAN AddressesEach adapter on LAN has unique LAN address except forBroadcast address which is FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN(wired orwireless)

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

66

LAN Addressbull MAC address allocation administered by IEEEbull Manufacturer buys portion of MAC address

space (to assure uniqueness) Table

httpstandardsieeeorgregauthouiouitxt

bull Analogy (a) MAC address hellip like Social Security

NumberTake it with you

(b) IP address hellip like postal addressChanges when you move

bull Flat MAC address increases Portability bull Can move LAN card from one LAN to

anotherbull IP hierarchical address NOT portable

bull Address depends on IP subnet to which node is attached

bull Must change IP address if move to a different subnet

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

67

ARP Address Resolution Protocol

bull Each IP node on LAN has ARP table

bull ARP table IPMAC address mappings for some LAN nodes

lt IP address MAC address TTLgt

bull TTL (Time To Live) time after which address mapping discarded

bull Varies 1 to 20 minutes on average

Question How to determineMAC address of Bknowing Brsquos IP address

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137196723

137196778

137196714

137196788

A

B

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

ARP Cache

For every outgoing packet sending ARP request and wait for response is inefficientndash Requires more bandwidthndash Consumes Time

So ARP cache maintained at each node

Size limit = 512 entries

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

69

ARP Protocol Same LAN

bull A wants to send datagram to B and Brsquos MAC address not in Arsquos ARP table

bull A broadcasts ARP query packet containing Bs IP address

bull Shouts to everyone on LANbull Destination MAC address = FF-FF-FF-FF-

FF-FFbull All machines on LAN receive ARP query

bull B receives ARP packet replies to A with its (Bs) MAC address

bull Frame sent to Arsquos MAC address (unicast)

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Types of ARP Messages

ARP request Who is IP addr XXXX tell IP addr YYYY

ARP reply IP addr XXXX is Ethernet Address

hhhhhhhhhhhh

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

ARP Protocol Same LAN

bull A caches (saves) IP-to-MAC address pairbull Called ARP table until information becomes

old bull Eventually

bull Times outbull ARP table keeps Soft state information

that times out unless refreshedbull ARP is ldquoplug-and-playrdquobull Nodes create their ARP tables without

intervention from you the network administrator

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

72

ARP Protocol Routing to another LAN

R

1A-23-F9-CD-06-9B

222222222220111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Walkthrough Send datagram from A to B via router R

Assume A knows Brsquos IP address

bull Two ARP tables in router R one for each IP network (LAN)

bull Routers have several NICs ndash Network Interface Cards

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

73

ARP Protocol example continuedbull A creates IP datagram with source A destination B bull A uses ARP to get Rrsquos MAC address for

111111111110

bull A creates link-layer frame with Rs MAC address as destination frame contains A-to-B IP datagram

bull Arsquos NIC sends frame bull Rrsquos NIC receives frame

bull R removes IP datagram from Ethernet frame sees its destined to B

bull R uses ARP to get Brsquos MAC address bull R creates frame containing A-to-B IP datagram sends

to B

R

1A-23-F9-CD-06-9B

222222222220

111111111110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D

111111111112

111111111111

A74-29-9C-E8-FF-55

222222222221

88-B2-2F-54-1A-0F

B222222222222

49-BD-D2-C7-56-2A

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

Summary

bull Ethernet highly successful LAN technologybull Simple cheap and adaptablebull Can adapt to new faster underlying medium

bull Hubs Switches and Routersbull Good to know what each doesbull Hubs and switches at Link Layerbull Router at higher layer

74

End

bull Due Final given out Friday

March 14th

75

End

bull Due Final given out Friday

March 14th

75