bitmindframes

Interframe Spacing:

Minimum spacing between 2 frames following each other on the line.
Time for media to stabilize and devices to process frame.
From the last bit of FCS to the first bit of the Preamble.
96 bit times (9.6 microsec)– time shortens as speed increases.
As we speed up, gap gets shorter as the bits get shorter.
Allows time for slow hosts to process frames.

A = Start Frame Field.
B = Address Field.
C = Type/Length Field.
D = Data Field.
E = FCS Field.

Jam Signal:

In the event that two devices transmit simultaneously, CSMA/CD attempts to resolve the issue.
When a collision is detected, the sending devices transmit a 32-bit “jam” signal that will enforce the collision. (ensures all devices in the LAN to detect eh collision).
It is important that the “jam” signal not be detected as a valid frame, otherwise the collision would not be identified.
Most commonly observed pattern for a “jam” signal is simply a repeating 1,0,1,0… pattern, which is the same as the Preamble.
Corrupted, partially transmitted messages are often referred to as collision fragments or runts.
Normal collisions are less than 64 octets in length and therefore fail both the minimum length and the FCS test, making them easy to identify.

Backoff Timing:

After a collision all devices wait the interframe spacing.
Those that collided must wait an additional – and potentially longer – period of time before attempting to retransmit the collided frame (random period).
First to finish the random backoff time may listen and send.
After 16 attempts, it gives up and reports error to L3.

Ethernet Physical Layer:

The differences between standard Ethernet, Fast Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet occur at L1, often reffered to as the Ethernet PHY

10Mbps Ethernet:

IEEE 802.3 standards.
Uses Manchester-encoding over two UTP

10BASE-T using Cat3/Cat5.
Early implementations used Cat3 cabling.
Using switches it can support full-duplex.
UTP pair wires 1 and 2 used for Tx, wires 3 and 6 used for Rx.
A physical star topology (using a hub or repeater).

Includes:

10BASE5 using Thicknet coaxial cable.
10BASE2 using thinnet coaxial cable.

100Mbps – FastEthernet:
802.3u.
100BASE-TX using Cat5 or later UTP.
Two pairs of copper.
4B/5B.
A physical star topology (usually a switch at the center instead of a hub).

100BASE-FX using fiber.
Two standsards of fiber.
Same encoding as copper, but signalling is optical.
Often SC connectors.
Fiber is always a point-to-point connection, (between two PC, PC and switch or two switches).

1000 Mbps – Gigabit Ethernet:

1000BASE-T Ethernet:
802.3ab (over copper only, using all four pairs in Cat5 or later UTP cable).
GbE over copper enables an increase from 100 Mbps per wire pair to 125 Mbps, or 500 Mbps for the four pairs.  (Each wire pair signals in full duplex doubling the 500 Mbps to 1000 Mbps).
Shorter bit times ? more susceptible to noise.
Encoding is more complex, 2 step process.
4D-PAM5 encoding, (translates an 8-bit byte of data into a simultaneous transmission of four code symbols (4D), which are sent over the media, one on each pair, as 5-level Pulse Amplitude Modulated (PAM5) signals.  This means that every symbol corresponds to two bits of data).
Permanent collisions – complex voltage patterns.
Up to 17 voltage levels.

Tx and Rx simultaneously in full duplex on each Cat 5 or later wire pair.

1000BASE-SX and 1000BASE-LX Ethernet Using Fiber-Optics (not required to know)
Fiber – 802.3z
Offers the following advantages over UTP:
Noise immunity.
Small physical size.
Increased unrepeated distances and bandwidth.

Support full-duplex binary transmission at 1250 Mbps.
Transmission coding based on 8B/10B encoding scheme.
Because of the overhead of this encoding, the dat transfer rate is 1000 Mbps.

Ethernet Future Options:

802.3ae – 10Gbps, - fiber.
Evolving LAN only to WANs and MANs.
Only full-duplex fiber, no CSMA/CD.
Variety of 10GBASE standards.

802.3an – 10GbE copper.
Cat6 or 6a.

IEEE is working 40, 100, and 160GbE

Ethernet – Using Switches:

Switches segment LANs into separate collision domains.
Each port on a switch is its own collision domain.
Full bandwidth to each port.
Where a hub is connected to a switch port, there is still shared bandwidth, but on that segment only!.
Throughput increases dramatically because:
Dedicated bandwidth to each port.
Collision-free environment.
Full-duplex operation (in effect doubling the bandwidth).
These physical star topologies are essentially point-to-point links.

Switches and Selective Forwarding:

Selective forwarding – forward frames only to intended node.
A brief point-to-point link between 2 nodes, having full bandwidth.
Any full-duplex node can transmit without waiting.
A switch buffers incoming frames and forwards them when that port is idle.  Called Store and forward.
With store and forward, the switch receives the entire frame, checks the FCS, and forwards to the appropriate port.
Forwarding is Based on the L2 address.  Destination MAC.
The switch maintains a MAC table – matches destination MAC with the port connected to that node.
The destination MAC of incoming frames are compared to the list in the MAC table.
If a match is found, the frame is forwarded to that port.
MAC table = switch table = bridge table = Content Addressable Memory (CAM) = Source Address Table (SAT).
Switching – derived from bridging (switch = multiport bridge).
A Bridge connects (bridges) 2 physical network segments.
Wireless Bridges interconnect 2 wireless network segments, (will see a lot of bridging here).

Switch Operations:

Ethernet switches use 5 basic operations:
1. Learning – filling MAC table for normal traffic.
As frames pass thru, their src MAC and port # are mapped.
2. Aging – learned entries are time stamped and aged out (Cisco switch ages out in 300 sec by default).
3. Flooding – unknown dest MACs are sent everywhere.
Also used for broadcast frames.
If you see all f’s then it must forward.
4. Selective Forwarding – central function of a switch.
Forwards frames only out correct port, when known.
5. Filtering – not forwarding frames.
Don’t forward to the port on which a frame arrived.
Drop a corrupt frame.
Filter for security.

How a Switch learns Addresses:

ARP process: (Address Resolution Protocol) – Mapping IP to MAC addresses

The ARP protocol provides 2 basic functions:
1. Resolving IPv4 addresses to MAC addresses.
2. Maintains a cache of mappings (ARP table), (usually only on a PC but really anything that runs IP, Routers and switches also have them).

To place a frame on media it must have a destination MAC.
A node refers to a table to find the MAC mapped to IP.
This table is called the ARP table or the ARP cache.
Stored in RAM (volatile).

A node attempts to locate the MAC in cache first.
If no mapped entry for the given IP then an ARP request is sent.

Maintaining the ARP Table:

Two ways a device can gather MAC addresses.
1. Listen and map the source IP and MAC addresses as frames go by.
Only listens to its own frames.
2. Broadcast an ARP request.

ARP sends an L2 broadcast to all devices on the LAN.
Contains the IP address of the destination host.
The node with that IP address responds with an ARP reply.
This response is entered into the ARP table.
Entries are time stamped like the MAC table in switches.
After timestamp expires, the entry is flushed.
If there is any other traffic from that address it will renew its timestamp.
Static map entries can be entered – rarely done.
Do not expire and must be manually removed.
If no device responds to an ARP request, the packet is dropped.
This failure is reported to the upper layers.
Routers may respond to the source host with ICMP (can be disabled).

Destinations Outside the Local Network:

Frames must be delivered to the local network only.
A sending host compares its destination IP and its own IP to see if they are on the same IP network.
If the IP destination is local, the frame will use the destination MAC address.
If the IP destination is not local, it will use the gateway MAC address.

Proxy ARP:

To provide a MAC address for these hosts, a router interface may use a proxy ARP to respond on behalf of the remote host.  This means that the ARP cache of the requesting device will contain the MAC address of the gateway mapped to any IP addresses not on the local network.
Using proxy ARP, a router interface acts as if it is the host with the IPv4 address requested by the ARP request.
By “faking” its identity, the router accepts responsibility for routing packets to the “real” destination.
The proxy ARP must be enabled on the router interface.
Uses for enabling proxy ARP:
If a host improperly configured with wrong subnet mask (e.g. /16 vice /24).
If host is not configured with a default gateway.

By default Cisco routers have proxy ARP enabled on LAN interfaces.

ARP – Removing Address Mappings:

An ARP cache timer removes old entries.
The time depends on OS.
Windows = 2 minutes initially.
If the entry is used again during the time, the ARP timer for that entry is extended to 10 minutes..
Entries may be manually removed (forces ARP request).
From cmd: arp –d [ip addr].
Arp –d * (to clear all).
Arp –d a (to view ARP cache).
Anytime you go outside your domain you will get your default gateway back.

ARP Broadcasts – Issues:

Overhead on the Media.
As a broadcast frame, an ARP request is received and processed by every device on the local network and could effect the network performance due to overhead issues.
However, after initial ARP broadcasts and have learned the necessary MAC addresses, any impact on the network will be minimized.

Security.
In some cases, ARP can lead to a potential security risk.  ARP spoofing or ARP poisoning, is a technique used by an attacker to inject the wrong MAC address association into a network by issuing fake ARP requests.
Manually configuring static ARP associations is one way to prevent ARP spoofing.

Tags: switch, ip, study, router, 802.1q, interface