Ethernet
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ethernet as PDF for free.
More details
- Words: 2,645
- Pages: 7
Ethernet Processes Ethernet is the original Local Area Network technology. Other LAN technologies have competed with Ethernet, but Ethernet is really the only LAN technology left in the market place. At one time, it looked like Ethernet would fade because of performance issues, but Layer 2 switching technology saved Ethernet. The problem was collisions. Before layer 2 switching, Ethernet LANs (10Base2, 10Base5, 10BaseT) lost up to 70% of its bandwidth because of collisions. Layer 2 switches create a collision-free network. A switch has a very high speed back plane that connects to each port on the switch. The back plane is much faster than the speed of an individual port. Data from a computer is “stored” in the port and is “forwarded” when the back plane can accept the data without a collision. Think of the back plane as a very fast, but very safe, interstate highway. Cars wait for an opening before entering the flow of traffic. The car then travels to its destination and exits without having a wreck, or collision. The data travels on the back plan much faster than the port speed where it entered the switch, freeing up the back plane for data from other ports. Before layer 2 switches, Ethernet was more like the interstate highways that most of us travel, the one where about 70% of the cars are affected by wrecks and we are late for work about three times a week. With the development of layer 2 switching, Ethernet became the fastest, most reliable, and, more importantly, the least expensive LAN technology on the market. Today, Ethernet ports on our computers are essentially “free” since it is installed on almost every new computer. Most laptops have both copper Ethernet such as 100BaseT or even Gigabit Ethernet, and wireless Ethernet, and the increase in cost for the Ethernet connections is minimal. Layer 2 switch ports on a 2950 switch cost about $100 per port. If you need a few switch ports at home, they cost even less. Your $50 internet router has them for as little as $12 each, though the primary cost of your router is not ports but rather the routing function (as strange as it may seem that you bought a router to route). An eight-port switch can cost as little as $20, or $2.50 a port. Enhanced functionality such as full duplex and 100BaseT, or increasingly, 1000BaseT, produce speeds that were unimaginable only a few years ago, and at low prices also unimaginable. With Layer 2 switching, data rates increased while cost decreased. The result: Ethernet survived and other LAN technologies disappeared. While understanding the physical aspects of Ethernet are important for the CCNA exam, that is not the purpose of this document. Both the Cisco CCNA and Sybex CCNA books cover the historical and physical aspects of Ethernet very well. Even more complete explanations of Ethernet can be found on the Internet, so there is no need to reinvent the wheel here. Make sure you completely understand the physical aspects of Ethernet technology as well as processes such as collision detection, broadcasts, etc., before you take the CCNA exam. We will not cover CSMA-CD, for example, though it is coming back with wireless LANs. This document covers Ethernet addressing, how computers use the addresses, and more importantly for your exam, how Cisco switches use Ethernet addresses. This explanation is important for understanding future labs and switch function.
Ethernet Addressing Each Ethernet device has an address coded into the hardware. Each address is six bytes, 48 bits, 12 hexadecimal digits in length. The first three bytes identify the manufacturer and is called the “Organizationally Unique Identifier” or OUI. The last three bytes keep the card unique, a serial number, if you like. Just don't call it a serial number. The address has several names, and you should know them all: 1. Unicast address, as in a frame addressed to a single, or “uni” address. 2. MAC Address (Media Access Control) 3. Ethernet address 4. “burned in address” since it is “burned in” to the controller on the card. 5. Layer 2 address MAC address and unicast address seem to the the most common terms, and have the most value when working with Cisco equipment. An Ethernet frame has the following format: Preamble or Preamble + Start Frame Delimiter (SFD)
Destination Address – computer receiving data
Source Address Computer transmitting data
Type/ Data Length
FCS
8 bytes SFD -7 bytes + 1 byte
6 bytes
6 bytes
2 bytes 48 – 1500 bytes
4 bytes
The International Electrical and Electronics Engineers (IEEE) oversee a number of standards related to data communication: cabling, voltages, protocols, etc. The IEEE made three changes to the original Ethernet standard, but none to Ethernet addressing. 1. The new standard was named 802.3, using the 802 naming convention. 2. Part of the preamble were renamed. Ethernet defined the preamble as 64 bits: 62 “one” bits followed by “01”. The “01” bits indicated that the next bits were meaningful data, the destination address. Basically, the “01” was for framing, or indicating where meaningful data started. The IEEE defined the Preamble as two parts. The first 7 bytes, or 56 bits, are “one” bits, and are called the Preamble. However, the last byte, 8 bits, differed in the last two bits: 11111101. This byte was named the “Start Frame Delimiter,” or “SFD.” Actually, the term SFD is more accurate, since the data is “delimited,” or starts after this byte. Everyone calls it the Preamble, and everyone knows what it means, but it might be an issue on an exam. Or not. 3. Another change was the 2 byte type field. The IEEE used used it as a length field, to
indicate the amount of data, and used other bits to define the type of data. While there are more complete explanations available for the changes, the address fields were not changed. Since all Ethernet computers originally shared the same coax cable or hub network, every computer had to evaluate every frame. Each device processed the destination address to determine if the frame had been sent to them. The computer that had the destination address then had to “remember” the source address in order to reply if necessary. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
00-18-37-9A-48-12
00-16-D4-EE-D1-E6 2 bytes 48 – 1500 bytes
FCS 4 bytes
Often the transmitting computer needs access to a service, but does not know the MAC address of the computer that provides the service. When the MAC address of the destination computer is not known, the source computer will send a broadcast request for the information. A broadcast frame uses all 1 bits, or hexadecimal FF-FF-FF-FF-FF-FF, in the Destination address. It puts its own address, 00-16-D4-EE-D1-E6, in the source address field so that the servicing computer will know how to address the reply. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
FF-FF-FF-FF-FF-FF
00-16-D4-EE-D1-E6 2 bytes Request for service or address
FCS 4 bytes
Every computer that “sees” the broadcast will evaluate the request. The computer that can service the request will reply. In this example, the computer with the address 00-18-37-9A-4812 services the request. The acknowledgment frame uses the source MAC address of the request as the destination address for the reply, and its own address in the source address field. Preamble
Destination Address
Source address
Type/ Data Length
FCS
11111...01
00-16-D4-EE-D1-E6
00-18-37-9A-48-12
2 bytes Reply
4 bytes
The original computer that requested the information will use the source address in the reply frame to send another frame, this time with data. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
00-18-37-9A-48-12
00-16-D4-EE-D1-E6 2 bytes Data
FCS 4 bytes
This process of alternating the source and destination addresses is the key to understanding Ethernet data transfer. Each receiving computer uses the source address in the received frame as the destination address for the reply, and puts its own address in the source address field. If a computer does not know the address of the destination computer, it uses a broadcast, all 1's bits, or FF-FF-FF-FF-FF-FF hexadecimal. The reply to the broadcast will have the needed MAC address.
Computers store the MAC addresses that they learn in a table. Windows- and UNIX/Linuxbased computers and Cisco routers store the information in an ARP table (ARP, Address Resolution Protocol, is an IP function and will be discussed later). Cisco switches store the information in a MAC address table, called a mac-address-table. Each devices finds the information in the same way: by reading the Source address field in an Ethernet frame. The format of how the address is displayed varies between operating systems. The address is not different, only the way the address is displayed. All MAC addresses are simply 48 bits. – Windows uses the format xx-xx-xx-xx-xx-xx – UNIX/Linux uses the format xx:xx:xx:xx:xx:xx – Cisco uses the format xxxx.xxxx.xxxx To display the MAC address of the local Ethernet card/interface: – Windows: ipconfig /all – UNIX/Linux: ifconfig -a (some systems require -a, some do not) – Cisco: show interface x/y, show version To display the table of known MAC addresses: – Windows: arp -a – UNIX/Linux: netstat – Cisco switches: show mac-address-table – Cisco routers: show arp Layer 2 switching and Ethernet Addresses It will be difficult to understand Cisco switching processes without completely understanding the information above. The CCNA exam will have questions that use all of this information. Unfortunately, it will not be simple questions about the format of an Ethernet frame, or the parts of an Ethernet address. Instead it will be questions that apply your knowledge of Ethernet processes. The rules for Layer 2 switching were developed long before layer 2 switches were developed. Layer 2 forwarding was developed for devices called “bridges.” Bridges were basically computers with multiple Ethernet ports. The forwarding/filtering decisions were made in software, a slow process by today's standards. However, the process has survived, except now the decisions are made in hardware, and happen much faster. Switching involves two processes: MAC Address learning and deciding whether to forward or filter. Address Learning A switch or a bridge learns the Ethernet MAC addresses of the devices that are connected to it, and create a table of the MAC addresses and the ports that MAC addresses are connected to.
The process of building the MAC address table is the same for all computer: determine the source address in the frame. When a frame enters the switch, the switch will examine the source address and determine if it is already in the MAC address table. If the source MAC address is not in the MAC Address table, the switch will create another entry for the address and the port that it came into the switch on. So a MAC address table is just a list of the ports and the MAC addresses connected to the ports. So far, so good. A switch learns the addresses by examining source addresses and records them with the port they are connected to. This table has various names: ARP table, ARP cache, MAC address table, Forward vs. Filter The switch uses the MAC address table to determine whether to forward the frame to another port, or filter the frame. Filtering is simply ignoring or dropping the frame. When a frame enters a switch, the switch examines the destination address. – If the destination MAC address and the source MAC address are on different ports, the switch will forward the frame to the port that supports the destination MAC address. – If both the source and destination MAC addresses are on the same port, the switch will filter, or drop the frame. The reason for filtering is that there is no need to transmit the frame again. The destination device should see the frame since it is on the same media. Some frames are forwarded automatically. Broadcast frames are forwarded, or transmitted, on all ports EXCEPT the port that the frame entered the switch on. Any devices supported by the same port should see the broadcast when the switch does. There is no need to retransmit it on the same port. Frames with unknown destination MAC addresses are also forwarded on all ports EXCEPT the port that the frame entered the switch on. This guarantees that the device with the unknown address will receive the frame. You may wonder how a device would send a frame to an unknown MAC address. The term “unknown MAC address” applies to the switch, not to the source computer. The answer is found in how the switch manages its MAC address table. All devices, switches and computers, age the entries in their tables based on use. Each time a MAC address is used in a transmission, the computer restarts the timer for that MAC address. If an address is not used in a specified amount of time, the device, switch or computer, will delete the entry from the table to save memory. If a switch deletes an entry before a computer does, the computer can still know the MAC address, but the switch does not. The computer knows the MAC address, and it will create and transmit a frame to the MAC address, but the switch will have to transmit it on all ports to make sure that the frame is delivered to the destination device. Summary 1. A switch learns the MAC addresses of the devices connected to it by reading the source
2. 3. 4. 5.
MAC address in every Ethernet frame. The switch creates a table, the mac-address-table, that has the source MAC addresses and their switch ports. When an Ethernet frame enters the switch, the switch compares the destination MAC address to the entries in the mac-address-table. If the destination address is on a different port than the source address, the switch forwards the frame to the destination port. If the destination address is on the same port as the source address, the switch filters the port. If the frame is a broadcast or to an unknown MAC address, the frame is forwarded on all ports.
Below is a partial display of the mac-address-table from an enterprise switch. Mac Address Table ------------------------------------------Vlan ---All All All All 1 1 202 202 202 202 202 202 202 203 203 203 203 204 210
Mac Address ----------000f.9041.9b00 0100.0ccc.cccc 0100.0ccc.cccd 0100.0cdd.dddd 0011.9354.7230 0018.18df.3281 0000.0c07.acc6 000e.0cc7.04d2 0012.1ea2.6cb0 0060.2e02.aee3 0080.8c02.70e1 00e0.1eae.cdc8 c288.6060.0d83 0000.0c07.ac03 00e.0c5c.d8b0 0010.db65.66c0 0018.19c1.0ac1 0011.9354.7241 0011.9354.7242
Type ----STATIC STATIC STATIC STATIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC YNAMIC DYNAMIC DYNAMIC DYNAMIC
Ports ----CPU CPU CPU CPU Fa0/2 Fa0/1 Fa0/6 Fa0/16 Fa0/19 Fa0/15 Fa0/23 Fa0/14 Fa0/12 Fa0/3 Fa0/10 Fa0/8 Fa0/9 Fa0/4 Fa0/5
Reading the display – Column 1 is the VLAN assignment for the interface (shown on the far right). VLANs will be covered in future labs. – Column 2 is the MAC address of the computer connected to the interface – Column 3, Type, indicates how the MAC address was discovered. – Static MAC addresses are internal addresses for the switch. Internal switch MAC addresses will be covered in future labs. – Dynamic addresses are addresses that were discovered by the process described in this document: examining the source MAC address fields of Ethernet frames – Ports is the interface that supports the computer with the recorded MAC address.
If you are using Packet Tracer, the “show mac-address-table“ display will not show static MAC addresses, only dynamic addresses. The primary emphasis in this document is on unicast addresses, or data addressed to a single remote address. However, Cisco will include questions about addresses to multiple remote devices simultaneously, both broadcast and multicast addressing. You have seen the most common type of addressing used to communicate with multiple remote hosts: broadcast. Not discussed in this document is the multicast address, an address that is intended for multiple, but not necessarily all, remote hosts.
Copyright by Hedgehog Technical Institute®.
Ethernet Addressing Each Ethernet device has an address coded into the hardware. Each address is six bytes, 48 bits, 12 hexadecimal digits in length. The first three bytes identify the manufacturer and is called the “Organizationally Unique Identifier” or OUI. The last three bytes keep the card unique, a serial number, if you like. Just don't call it a serial number. The address has several names, and you should know them all: 1. Unicast address, as in a frame addressed to a single, or “uni” address. 2. MAC Address (Media Access Control) 3. Ethernet address 4. “burned in address” since it is “burned in” to the controller on the card. 5. Layer 2 address MAC address and unicast address seem to the the most common terms, and have the most value when working with Cisco equipment. An Ethernet frame has the following format: Preamble or Preamble + Start Frame Delimiter (SFD)
Destination Address – computer receiving data
Source Address Computer transmitting data
Type/ Data Length
FCS
8 bytes SFD -7 bytes + 1 byte
6 bytes
6 bytes
2 bytes 48 – 1500 bytes
4 bytes
The International Electrical and Electronics Engineers (IEEE) oversee a number of standards related to data communication: cabling, voltages, protocols, etc. The IEEE made three changes to the original Ethernet standard, but none to Ethernet addressing. 1. The new standard was named 802.3, using the 802 naming convention. 2. Part of the preamble were renamed. Ethernet defined the preamble as 64 bits: 62 “one” bits followed by “01”. The “01” bits indicated that the next bits were meaningful data, the destination address. Basically, the “01” was for framing, or indicating where meaningful data started. The IEEE defined the Preamble as two parts. The first 7 bytes, or 56 bits, are “one” bits, and are called the Preamble. However, the last byte, 8 bits, differed in the last two bits: 11111101. This byte was named the “Start Frame Delimiter,” or “SFD.” Actually, the term SFD is more accurate, since the data is “delimited,” or starts after this byte. Everyone calls it the Preamble, and everyone knows what it means, but it might be an issue on an exam. Or not. 3. Another change was the 2 byte type field. The IEEE used used it as a length field, to
indicate the amount of data, and used other bits to define the type of data. While there are more complete explanations available for the changes, the address fields were not changed. Since all Ethernet computers originally shared the same coax cable or hub network, every computer had to evaluate every frame. Each device processed the destination address to determine if the frame had been sent to them. The computer that had the destination address then had to “remember” the source address in order to reply if necessary. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
00-18-37-9A-48-12
00-16-D4-EE-D1-E6 2 bytes 48 – 1500 bytes
FCS 4 bytes
Often the transmitting computer needs access to a service, but does not know the MAC address of the computer that provides the service. When the MAC address of the destination computer is not known, the source computer will send a broadcast request for the information. A broadcast frame uses all 1 bits, or hexadecimal FF-FF-FF-FF-FF-FF, in the Destination address. It puts its own address, 00-16-D4-EE-D1-E6, in the source address field so that the servicing computer will know how to address the reply. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
FF-FF-FF-FF-FF-FF
00-16-D4-EE-D1-E6 2 bytes Request for service or address
FCS 4 bytes
Every computer that “sees” the broadcast will evaluate the request. The computer that can service the request will reply. In this example, the computer with the address 00-18-37-9A-4812 services the request. The acknowledgment frame uses the source MAC address of the request as the destination address for the reply, and its own address in the source address field. Preamble
Destination Address
Source address
Type/ Data Length
FCS
11111...01
00-16-D4-EE-D1-E6
00-18-37-9A-48-12
2 bytes Reply
4 bytes
The original computer that requested the information will use the source address in the reply frame to send another frame, this time with data. Preamble
Destination Address
Source address
Type/ Data Length
11111...01
00-18-37-9A-48-12
00-16-D4-EE-D1-E6 2 bytes Data
FCS 4 bytes
This process of alternating the source and destination addresses is the key to understanding Ethernet data transfer. Each receiving computer uses the source address in the received frame as the destination address for the reply, and puts its own address in the source address field. If a computer does not know the address of the destination computer, it uses a broadcast, all 1's bits, or FF-FF-FF-FF-FF-FF hexadecimal. The reply to the broadcast will have the needed MAC address.
Computers store the MAC addresses that they learn in a table. Windows- and UNIX/Linuxbased computers and Cisco routers store the information in an ARP table (ARP, Address Resolution Protocol, is an IP function and will be discussed later). Cisco switches store the information in a MAC address table, called a mac-address-table. Each devices finds the information in the same way: by reading the Source address field in an Ethernet frame. The format of how the address is displayed varies between operating systems. The address is not different, only the way the address is displayed. All MAC addresses are simply 48 bits. – Windows uses the format xx-xx-xx-xx-xx-xx – UNIX/Linux uses the format xx:xx:xx:xx:xx:xx – Cisco uses the format xxxx.xxxx.xxxx To display the MAC address of the local Ethernet card/interface: – Windows: ipconfig /all – UNIX/Linux: ifconfig -a (some systems require -a, some do not) – Cisco: show interface x/y, show version To display the table of known MAC addresses: – Windows: arp -a – UNIX/Linux: netstat – Cisco switches: show mac-address-table – Cisco routers: show arp Layer 2 switching and Ethernet Addresses It will be difficult to understand Cisco switching processes without completely understanding the information above. The CCNA exam will have questions that use all of this information. Unfortunately, it will not be simple questions about the format of an Ethernet frame, or the parts of an Ethernet address. Instead it will be questions that apply your knowledge of Ethernet processes. The rules for Layer 2 switching were developed long before layer 2 switches were developed. Layer 2 forwarding was developed for devices called “bridges.” Bridges were basically computers with multiple Ethernet ports. The forwarding/filtering decisions were made in software, a slow process by today's standards. However, the process has survived, except now the decisions are made in hardware, and happen much faster. Switching involves two processes: MAC Address learning and deciding whether to forward or filter. Address Learning A switch or a bridge learns the Ethernet MAC addresses of the devices that are connected to it, and create a table of the MAC addresses and the ports that MAC addresses are connected to.
The process of building the MAC address table is the same for all computer: determine the source address in the frame. When a frame enters the switch, the switch will examine the source address and determine if it is already in the MAC address table. If the source MAC address is not in the MAC Address table, the switch will create another entry for the address and the port that it came into the switch on. So a MAC address table is just a list of the ports and the MAC addresses connected to the ports. So far, so good. A switch learns the addresses by examining source addresses and records them with the port they are connected to. This table has various names: ARP table, ARP cache, MAC address table, Forward vs. Filter The switch uses the MAC address table to determine whether to forward the frame to another port, or filter the frame. Filtering is simply ignoring or dropping the frame. When a frame enters a switch, the switch examines the destination address. – If the destination MAC address and the source MAC address are on different ports, the switch will forward the frame to the port that supports the destination MAC address. – If both the source and destination MAC addresses are on the same port, the switch will filter, or drop the frame. The reason for filtering is that there is no need to transmit the frame again. The destination device should see the frame since it is on the same media. Some frames are forwarded automatically. Broadcast frames are forwarded, or transmitted, on all ports EXCEPT the port that the frame entered the switch on. Any devices supported by the same port should see the broadcast when the switch does. There is no need to retransmit it on the same port. Frames with unknown destination MAC addresses are also forwarded on all ports EXCEPT the port that the frame entered the switch on. This guarantees that the device with the unknown address will receive the frame. You may wonder how a device would send a frame to an unknown MAC address. The term “unknown MAC address” applies to the switch, not to the source computer. The answer is found in how the switch manages its MAC address table. All devices, switches and computers, age the entries in their tables based on use. Each time a MAC address is used in a transmission, the computer restarts the timer for that MAC address. If an address is not used in a specified amount of time, the device, switch or computer, will delete the entry from the table to save memory. If a switch deletes an entry before a computer does, the computer can still know the MAC address, but the switch does not. The computer knows the MAC address, and it will create and transmit a frame to the MAC address, but the switch will have to transmit it on all ports to make sure that the frame is delivered to the destination device. Summary 1. A switch learns the MAC addresses of the devices connected to it by reading the source
2. 3. 4. 5.
MAC address in every Ethernet frame. The switch creates a table, the mac-address-table, that has the source MAC addresses and their switch ports. When an Ethernet frame enters the switch, the switch compares the destination MAC address to the entries in the mac-address-table. If the destination address is on a different port than the source address, the switch forwards the frame to the destination port. If the destination address is on the same port as the source address, the switch filters the port. If the frame is a broadcast or to an unknown MAC address, the frame is forwarded on all ports.
Below is a partial display of the mac-address-table from an enterprise switch. Mac Address Table ------------------------------------------Vlan ---All All All All 1 1 202 202 202 202 202 202 202 203 203 203 203 204 210
Mac Address ----------000f.9041.9b00 0100.0ccc.cccc 0100.0ccc.cccd 0100.0cdd.dddd 0011.9354.7230 0018.18df.3281 0000.0c07.acc6 000e.0cc7.04d2 0012.1ea2.6cb0 0060.2e02.aee3 0080.8c02.70e1 00e0.1eae.cdc8 c288.6060.0d83 0000.0c07.ac03 00e.0c5c.d8b0 0010.db65.66c0 0018.19c1.0ac1 0011.9354.7241 0011.9354.7242
Type ----STATIC STATIC STATIC STATIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC YNAMIC DYNAMIC DYNAMIC DYNAMIC
Ports ----CPU CPU CPU CPU Fa0/2 Fa0/1 Fa0/6 Fa0/16 Fa0/19 Fa0/15 Fa0/23 Fa0/14 Fa0/12 Fa0/3 Fa0/10 Fa0/8 Fa0/9 Fa0/4 Fa0/5
Reading the display – Column 1 is the VLAN assignment for the interface (shown on the far right). VLANs will be covered in future labs. – Column 2 is the MAC address of the computer connected to the interface – Column 3, Type, indicates how the MAC address was discovered. – Static MAC addresses are internal addresses for the switch. Internal switch MAC addresses will be covered in future labs. – Dynamic addresses are addresses that were discovered by the process described in this document: examining the source MAC address fields of Ethernet frames – Ports is the interface that supports the computer with the recorded MAC address.
If you are using Packet Tracer, the “show mac-address-table“ display will not show static MAC addresses, only dynamic addresses. The primary emphasis in this document is on unicast addresses, or data addressed to a single remote address. However, Cisco will include questions about addresses to multiple remote devices simultaneously, both broadcast and multicast addressing. You have seen the most common type of addressing used to communicate with multiple remote hosts: broadcast. Not discussed in this document is the multicast address, an address that is intended for multiple, but not necessarily all, remote hosts.
Copyright by Hedgehog Technical Institute®.
