CA Ex S1M09 Ethernet

8/3/2019 CA Ex S1M09 Ethernet

1/136

Please purchase a personal

license.Network Fundamentals Chapter 9


2/136

Objectives

Identify the basic characteristics of network media used inEthernet.

Describe the physical and data link features of Ethernet. Describe the function and characteristics of the media

access control method used by Ethernet protocol.

Hc vin mng Bach Khoa - Website: www.bkacad.com

xp a n e mpor ance o ayer a ress ng use ordata transmission and determine how the different types ofaddressing impacts network operation and performance.

Compare and contrast the application and benefits of

using Ethernet switches in a LAN as apposed to usinghubs.

Explain the ARP process.


3/136

Labs and Activities



4/136

Overview of Ethernet



5/136

Ethernet Standards and Implementation



6/136

Ethernet Standards and Implementation

IEEE (Electrical and Electronics Engineers) Standards

The first LAN is the original version of Ethernet. Robert Metcalfe andhis coworkers at Xerox designed it more than 30 years ago.

The first Ethernet standard was published in 1980 by a consortiumof Digital Equipment Corporation, Intel, and Xerox (DIX). It wasreleased as an open standard. The first Ethernet standard productswere sold in the early 1980s.


In 1985, the IEEE standards committee for Local and MetropolitanNetworks published standards for LANs. These standards start with thenumber 802, and 802.3 is for Ethernet. To compare to the InternationalStandards Organization (ISO) and OSI model, the IEEE 802.3

standards had to address the needs of Layer 1 and the lower portionof Layer 2 of the OSI model. As a result, some small modifications tothe original Ethernet standard were made in 802.3.

Ethernet operates in the lower two layers of the OSI model: the DataLink layer and the Physical layer.


7/136

Ethernet Layer 1 and Layer 2



8/136

LLC Connecting to the Upper Layers

Device Driver ?


LLC is implemented in software, and its implementation is independent of the physicalequipment.

In a computer, the LLC can be considered the driver software for the Network Interface

Card (NIC). The NIC driver is a program that interacts directly with the hardware on theNIC to pass the data between the media and the Media Access Control sublayer.


9/136

Extra: The structure of LLC



10/136

MAC Getting Data to the Media


Media Access Control (MAC) is the lower Ethernet sublayer of the DataLink layer. MAC is implemented by hardware, typically in the computer

Network Interface Card (NIC). The Ethernet MAC sublayer has 2 primary responsibilities:

1. Data Encapsulation2. Media Access Control

Logical Topology: all the nodes (devices) in that network segment share the medium. This requires examining the addressing in the frame provided by the

MAC address, and using of CSMA/CD.


11/136


12/136

Physical and Implementations of Ethernet


Most of the traffic on the Internet originates and ends with Ethernet connections. Sinceits inception in the 1970s, Ethernet has evolved to meet the increased demand for high-speed LANs. When optical fiber media was introduced, Ethernet adapted to this newtechnology to take advantage of the superior bandwidth and low error rate that fiber

offers. Today, the same protocol that transported data at 3 Mbps can carry data at 10 Gbps. The success of Ethernet is due to the following factors:

1. Simplicity and ease of maintenance2. Ability to incorporate new technologies3. Reliability4. Low cost of installation and upgrade


13/136

Ethernet

Communication through the LAN



14/136

Historic Ethernet



15/136

Historic Ethernet



16/136

Historic Ethernet

Early Ethernet Media: Coaxial cable Logical and physical bus topology

10BASE5, or Thicknet, used a thick coaxial that allowed for cabling

distances of up to 500 meters before the signal required a repeater.

10BASE2, or Thinnet, used a thin coaxial cable that was smaller indiameter and more flexible than Thicknet and allowed for cabling


Now, it was replaced by UTP cables. The UTP cables were easier to work with, lightweight, and less

expensive.

Physical topology was a star topology using hubs.

Hubs concentrate connections.

Any single cable to fail without disrupting the entire network.

However, repeating the frame to all other ports did not solve theissue of collisions.


17/136

Ethernet Collision Management


Legacy Ethernet In 10BASE-T networks, typically using a hub.

This created a shared media. Only one station could successfully transmit at a time: half-duplex

communication. More devices, more collisions. Using CSMA/CD to manage collisions, with little or no impact on

performance. As the number of devices and subsequent data trafficincrease, however, the rise in collisions can have a significant impact

on the user's experience.


18/136

Ethernet Collision Management


Current Ethernet 100BASE-TX Ethernet. Switches replace hubs Switches can control the flow of data by isolating each port and

sending a frame only to its proper destination (if the destination is

known), rather than send every frame to every device. The switch reduces or minimizes the possibility of collisions. Support full-duplex communications (transmit and receive signals

at the same time)

1Gbps Ethernet and beyond.


19/136


20/136


21/136

Extra: Metro Ethernet



22/136

Ethernet Frame



23/136

The Frame Encapsulating the Packet



24/136

The Frame Encapsulating the Packet

Ethernet II is theEthernet frame

format that isused in TCP/IPnetworks.



25/136

Ethernet frame structure

The Preamble is used for timingsynchronization in theasynchronous 10 Mbps and

slower implementations of

Ethernet. Faster versions ofEthernet are synchronous, andthis timing information isredundant but retained for

10101011


compatibility.

Note: the timing informationrepresented by the preamble andSFD is discarded and not countedtoward the minimum andmaximum frame size.


26/136


The Destination Address fieldcontains the MAC destinationaddress. It can be unicast,

multicast (group), or broadcast (all

nodes)The Source Address isgenerally the unicast address ofthe transmitting Ethernet node

10101011


(can be virtual entity group or

multicast).


27/136


The Type value specifies theupper-layer protocol to receivethe data after Ethernetprocessing is completed.

The Length indicates thenumber of bytes of data thatfollows this field. (so contents ofthe Data field are decoded per

Length if value < 1536 decimal,(0x600) need LLC to identify

upper protocol


.

Type if value >= 1536 decimal,

(0x600)

it identify upperprotocol

4bytesCRC


28/136


The Maximum TransmissionUnit (MTU) for Ethernet is 1500octets, so the data should notexceed that size

Ethernet requires that theframe be not less than 46 octetsor more than 1500 octets (Pad isrequired if not enough data).

Length if value < 1536 decimal,(0x600) need LLC to identify

upper protocol


. ,

released in 1998, extended themaximum allowable frame sizeto 1522 bytes.

The frame size wasincreased to accommodate

a technology called VirtualLocal Area Network (VLAN).

Type if value >= 1536 decimal,

(0x600)

it identify upperprotocol

4bytesCRC


29/136



A FCS contains a 4-byte CRC value that is created by the device that sends dataand is recalculated by the destination device to check for damaged frames.

Note: If the two numbers are different, an error is assumed, the frame is discarded.


30/136

Extra: Ethernet frame structure


The data field must be at least 46 bytes long.This length assures that the frame signals stay on the network long enough for every Ethernetstation on the network system to hear the frame within the correct time limits.

Every station must hear the frame within the maximum round-trip signal propagation time of anEthernet system.


31/136

The Ethernet MAC Address



32/136

The Ethernet MAC Address


Ethernet uses MAC addresses that are 48 bits in length and expressed as12 hexadecimal digits.

Sometimes referred to as burned-in addresses (BIA) because they areburned into read-only memory (ROM) and are copied into random-access

memory (RAM) when the NIC initializes.


33/136

Hexadecimal Numbering and Addressing



34/136


Hexadecimal Numbering: The base 16 numbering system usesthe numbers 0 to 9 and the letters A to F.

Understanding Bytes: 8 bits (a byte) is a common binarygrouping, binary 00000000 to 11111111 can be represented inhexadecimal as the range 00 to FF.

Representing Hexadecimal Values: preceded by 0x (for example


x

Hexadecimal is used to represent Ethernet MAC addresses andIP Version 6 addresses.

Hexadecimal Conversions: Number conversions between

decimal and hexadecimal values are straightforward, but quicklydividing or multiplying by 16 is not always convenient. If such

conversions are required, it is usually easier to convert the

decimal or hexadecimal value to binary, and then to convert the

binary value to either decimal or hexadecimal as appropriate.


35/136




36/136

Another Layer of Addressing



37/136


Data Link Layer

OSI Data Link layer (Layer 2) physical addressing, implementedas an Ethernet MAC address, is used to transport the frame

across the local media. Although providing unique host addresses, physical

addresses are non-hierarchical (Flat !).

The are associated with a articular device re ardless of its


location or to which network it is connected. These Layer 2 addresses have no meaning outside the localnetwork media.

A packet may have to traverse a number of different Data

Link technologies in local and wide area networks before itreaches its destination.

A source device therefore has no knowledge of thetechnology used in intermediate and destination networks orof their Layer 2 addressing and frame structures.


38/136


Network Layer

Network layer (Layer 3) addresses, such as IPv4 addresses,provide the ubiquitous, logical addressing that is understood at

both source and destination. To arrive at its eventualdestination, a packet carries the destination Layer 3 addressfrom its source. However, as it is framed by the different DataLink layer protocols along the way, the Layer 2 address it


rece ves eac me app es on y o a oca por on o e

journey and its media.In short:

The Network layer address enables the packet to be forwardedtoward its destination.

The Data Link layer address enables the packet to be carried bythe local media across each segment.


39/136

Ethernet Unicast



40/136

Ethernet Broadcast



41/136

Ethernet Multicast


The source will always havea unicast address.


42/136

Extra: IP Multicast address MAC Multicats address



43/136

Ethernet Media Access Control


M di A C t l i Eth t


44/136

Media Access Control in Ethernet


E CSMA/CD


45/136

Extra: CSMA/CD

CSMA/CD used in Ethernetperforms 3 functions:

1. Transmitting and receiving

data packets2. Decoding data packetsand checking them forvalid addresses before

Listen-before-transmit


passing them to the upper

layers of the OSI model3. Detecting errors within

data packets or on thenetwork

Transmitting& listening

E t CSMA/CD


46/136

Extra: CSMA/CD

Carrier Sense Multiple Access (CSMA): when a NIC has data totransmit, the NIC first listens to the cable (using a transceiver) to seeif a carrier (signal) is being transmitted by another node. This may

be achieved by monitoring whether a current is flowing in the cable(each bit corresponds to 18-20 milliAmps (mA)).

Collision Detection (CD) : when there is data waiting to be sent,


each transmitting NIC also monitors its own transmission. If it

observes a collision (excess current above what it is generating, i.e.> 24 mA for coaxial Ethernet), it stops transmission immediately andinstead transmits a 32-bit jam sequence.

CSMA/CD The Process


47/136

CSMA/CD The Process


Activity 9.4.2

CSMA/CD The Process


48/136

CSMA/CD The Process


CSMA/CD The Process


49/136

CSMA/CD The Process



50/136

CSMA/CD The Process


51/136

CSMA/CD The Process

Hubs and Collision Domains


CSMA/CD The Process


52/136

CSMA/CD The Process


Ethernet Timing


53/136

Ethernet Timing


The electrical signal that is transmitted takes a certain amount of time(latency) to propagate (travel) down the cable.

Each hub or repeater in the signal's path adds latency as it forwardsthe bits from one port to the next.

This accumulated delay increases the collisions because a listeningnode may transition while the hub or repeater is processing themessage. Because the signal had not reached this node while it waslistening, it thought that the media was available. This condition often

results in collisions.

Extra: Ethernet delay/latency


54/136

Extra: Ethernet delay/latency

Listen - Free ? - Transmit

101


01

delay

latency

Ethernet Timing


55/136

Ethernet Timing


Ethernet 10Mbps and slower are asynchronous. Ethernet 100Mbps and higher are synchronous. However, for compatibility reasons, the Preamble and Start

Frame Delimiter (SFD) fields are still present.

Ethernet Timing


56/136

Ethernet Timing


Interframe spacing and Backoff


57/136

p g

Bit Time: For each different media speed, a period of time is required


or a t to e p ace an sense on t e me a. s per o o t me s

referred to as the bit time. Example: 10Mbps: 10^7 bit/10^9 nano second (ns) 1bit at the MACsublayer requires 100ns to transmit.

Slot Time: In half-duplex Ethernet, where data can only travel in onedirection at once, slot time becomes an important parameter indetermining how many devices can share a network. For all speeds of Ethernet transmission at or below 1000 Mbps, the

standard describes how an individual transmission may be nosmaller than the slot time.

Interframe Spacing: this time is measured from the last bit of the FCSfield of one frame to the first bit of the Preamble of the next frame.



58/136

p g

Jam Signal

As soon as a collision isdetected, the sending devicestransmit a 32-bit "jam" signalthat will enforce the collision.This ensures all devices in theLAN to detect the collision.


It is important that the jamsignal not be detected as avalid frame; otherwise thecollision would not be identified.The most commonly observed

data pattern for a jam signal issimply a repeating 1, 0, 1, 0pattern, the same as thePreamble.



59/136

p g




60/136

p g


Backoff Timing

After a collision occurs and all devices allow the cable to become idle, thedevices whose transmissions collided must wait an additional - and potentiallyprogressively longer - period of time before attempting to retransmit thecollided frame.

The waiting period is random. The waiting period is measured in increments of the parameter slot time. After 16 attempts, it gives up and generates an error to the Network layer.

Extra: Ethernet slot time


61/136




62/136




63/136


Extra: Slot time on 1000Mbps Ethernet


64/136


Extra: Backoff


65/136


Extra: Backoff


66/136


k=min (n,10); n= the number of transmission attemptsr=random (0,2^k)The backoff delay = r* slot time


67/136

Ethernet Physical Layer


Overview of Ethernet Physical Layer


68/136


10Mbps and 100Mbps Ethernet


69/136

10BASE5 using Thicknet coaxial cable 10BASE2 using Thinnet coaxial cable 10BASE5, and 10BASE2 used coaxial cable in a physical bus. No

longer used; and are not supported by the newer 802.3 standards.

10BASE-T:

10BASE-T (in 1990) used cheaper and easier to install Category 3


unshielded twisted pair (UTP) copper cable rather than coax cable.

The cable plugged into a central connection device (the shared bus),this device was a hub.

This is referred to as a star topology. The distances the cables couldextend from the hub via another hub referred to as an extended startopology.

Originally 10BASE-T was a half-duplex protocol, but full-duplexfeatures were added later.

10BASE-T : Manchester encoding, max. 90 meter horizontal cable, useRJ-45 connectors



70/136


Extra: 10Mbps Ethernet


71/136

Common frame format

(Exponent)

r=random(0,2^k)k=min(n,10)

The wating period=r*slot time


10BASE5, 10BASE2, and 10BASE-T Ethernet are considered Legacy Ethernet The 4 common features of Legacy Ethernet are

1. timing parameters,

2. frame format,

3. transmission process,

4. and a basic design rule

The Legacy Ethernet transmission process is identical until the lower part of the OSI physical

layer

Common timing parameters

Extra: 5-4-3-2-1 Rule


72/136


The 5-4-3-2-1 rule requires that the following guidelines should not beexceeded:

5 segments of network media

4 repeaters or hubs 3 host segments of the network

2 link sections (no hosts)

1 large collision domain

Extra: Signal Quality Error


73/136


AUI transceiver cable

Extra: Signal Quality Error


74/136




75/136


100-Mbps Ethernet is also known as Fast Ethernet. The twotechnologies that have become important are 100BASE-TX, which is acopper UTP medium and 100BASE-FX, which is a multimode opticalfiber medium.

Three characteristics common to 100BASE-TX and 100BASE-FX are1. the timing parameters,2. the frame format,3. and parts of the transmission process.

100BASE-TX and 100-BASE-FX both share timing parameters. Notethat one bit time in 100-Mbps Ethernet is 10nsec

Extra: 100Mbps Ethernet


76/136


1000Mbps Ethernet


77/136

1000 Mbps - Gigabit Ethernet

The development of Gigabit Ethernet standards resulted inspecifications for UTP copper, single-mode fiber, and multimodefiber.

Encoding and decoding data is more complex. Gigabit Ethernet uses 2 separate encoding steps.1000BASE-T Ethernet


1000BASE-T Ethernet provides full-duplex transmission using allfour pairs in Category 5 or later UTP cable. Gigabit Ethernet over copper wire enables an increase from

100 Mbps per wire pair to 125 Mbps per wire pair, or 500Mbps for the four pairs.

Each wire pair signals in full duplex, doubling the 500 Mbpsto 1000 Mbps. 1000BASE-T uses 4D-PAM5 line encoding to obtain 1 Gbps

data throughput.


78/136

Although MACaddressing,CSMA/CD, and,most important, the

frame format fromearlier versions of

Ethernet are


,other aspects of the

MAC sublayer, thephysical layer, andthe medium have

been changed.

Extra: Gigabit and 10-Gigabit Ethernet


79/136

At the physical layer, the bit


patterns from the MAC layer

are converted into symbols.The symbols may also becontrol information such asstart frame, end frame,

medium idle conditionsFiber-based Gigabit Ethernet (1000BASE-X) uses8B/10B encoding, this is followed by the simpleNon-Return to Zero (NRZ) line encoding of lighton optical fiber

1000Mbps Ethernet


80/136

1000BASE-T (IEEE802.3ab) was developed toprovide additionalbandwidth.

1000BASE-T (CAT 5e)standard is interoperablewith 10BASE-T and100BASE-TX (Fast Ethernet


was designed to function

over Cat 5 copper cable.Most installed Cat 5 cablecan pass 5e certification ifproperly terminated)

In idle periods there are 9voltage levels found on thecable, and during datatransmission periods thereare 17 voltage levels foundon the cable

Extra: Compare 10,100BaseT with 1000BaseT


81/136

One pair is used for transmitting data and the other pair is used for receivingdata.


BI stands for bi-directional, while DA, DB, DC and DD stand for Data A,Data B, Data C and Data D, respectively:

Extra: Gigabit Ethernet on copper


82/136

As might be expected, this results in a permanent collision on the wirepairs.

These collisions result in complex voltage patterns.

With the complex integrated circuits using techniques such as echo

cancellation, Layer 1 Forward Error Correction (FEC), and prudentselection of voltage levels, the system achieves the 1Gigabitthroughput.


-(DSP) techniques. These include echo cancellation, near-end

crosstalk(NEXT) cancellation and far-end crosstalk(FEXT)cancellation.

Another DSP technique is signal equalization, to help compensatefor signal distortion over the channel.

The 1000BASE-T transceiver also scrambles the signal to spread outthe electromagnetic emission patterns in the data to help avoid signalemission from the cable.

1000Mbps Ethernet


83/136


1000BASE-SX and 1000BASE-LX Ethernet Using Fiber-Optics Advantages over UTP: noise immunity, small physical size, and increased

unrepeated distances and bandwidth.

Full-duplex binary transmission at 1250 Mbps over two strands of optical fiber.The transmission coding is based on the 8B/10B encoding scheme.

Each data frame is encapsulated at the Physical layer before transmission, andlink synchronization is maintained by sending a continuous stream of IDLEcode groups during the interframe spacing.

The principal differences among the 1000BASE-SX and 1000BASE-LX fiberversions are the link media, connectors, and wavelength of the optical signal.

Ethernet Future Options


84/136


The IEEE 802.3ae standard was adapted to include 10 Gbps, full-duplextransmission over fiber-optic cable. 10-Gigabit Ethernet (10GbE) is evolving foruse not only in LANs, but also for use in WANs and MANs.

10Gbps can be compared to other varieties of Ethernet in these ways:

Frame format is the same, allowing interoperability between all varieties oflegacy, fast, gigabit, and 10 gigabit Ethernet, with no reframing or protocolconversions necessary.

Bit time is now 0.1 ns. All other time variables scale accordingly.

Only full-duplex fiber connections are used, so CSMA/CD is not necessary. Up to 40 km fiber links and interoperability with other fiber technologies.


85/136

Ethernet Future Options


86/136



87/136

Hubs and Switches


Legacy Ethernet Using Hubs

U i h b t i t t d


88/136

Using hubs to interconnect nodes: not perform any type of traffic filtering;

forwards all the bits to every device;

share the bandwidth.

High levels of collisions on the LAN, so this type of Ethernet LAN haslimited use: typically in small LANs or in LANs with low bandwidth.

Scalability


More devices, less average bandwidth.

Latency Must wait to transmit to avoid collisions. Increases when the distance is

extended. Also affected by a delay of the signal across the media aswell as the hubs and repeaters process delay.

Increasing the length of media, the number of hubs and repeaters in asegment make the latency increase. Greater latency, more collisions.


N k F il


89/136

Network Failure

Because of share media, any device could cause problems for otherdevices. If any device connected to the hub generates detrimentaltraffic, the communication for all devices on the media could be

impeded. This harmful traffic could be due to incorrect speed or full-duplex settings on a NIC.

Collisions


According to CSMA/CD, a node should not send a packet unless thenetwork is clear of traffic. If two nodes send packets at the same time,a collision occurs and the packets are lost. Then both nodes send ajam signal, wait for a random amount of time, and retransmit theirpackets. Any part of the network where packets from two or more

nodes can interfere with each other is considered a collision domain. Anetwork with a larger number of nodes on the same segment has alarger collision domain and typically has more traffic. As the amount oftraffic in the network increases, the likelihood of collisions increases.



90/136




91/136




92/136


Extra: Layer 2 bridging


93/136


Ethernet Using Switches

Switches allow the segmentation of the LAN into


94/136

Switches allow the segmentation of the LAN intoseparate collision domains.




95/136


Nodes are Connected Directly

In a LAN where all nodes are connected directly to the switch, thethroughput of the network increases dramatically. The three primaryreasons for this increase are:

1. Dedicated bandwidth to each port2. Collision-free environment

3. Full-duplex operation



96/136


Dedicated Bandwidth

Each node has the full media bandwidth available in theconnection between the node and the switch. Each device

effectively has a dedicated point-to-point connection betweenthe device and the switch, without media contention.



97/136


Collision-Free Environment A dedicated point-to-point connection to a switch also removes anymedia contention between devices, allowing a node to operate with fewor no collisions.

In a moderately-sized classic Ethernet network using hubs,

approximately 40% to 50% of the bandwidth is consumed by collisionrecovery. In a switched Ethernet network - where there are virtually no collisions

- the overhead devoted to collision recovery is virtually eliminated. Thisprovides the switched network with significantly better throughputrates.



98/136


Full-Duplex Operation

Switching allows a network to operate as a full-duplex Ethernetenvironment. With full-duplex enabled in a switched Ethernet network,the devices connected directly to the switch ports can transmit and

receive simultaneously, at the full media bandwidth. This arrangement effectively doubles the transmission rate whencompared to half-duplex. For example, if the speed of the network is100 Mbps, each node can transmit a frame at 100 Mbps and, at thesame time, receive a frame at 100 Mbps.

Extra: Switch Characteristic


99/136

Content-addressable memory (CAM) is memory that essentially worksbackwards compared to conventional memory.

Entering data into the memory will return the associated address. Using CAM allows a switch to directly find the port that is

associated with a MAC address without using search algorithms.


n app cat on-spec c ntegrate c rcu t s a ev ce cons st ngof undedicated logic gates that can be programmed to performfunctions at logic speeds.

Operations that might have been done in software can now bedone in hardware using an ASIC.

The use of these technologies greatly reduced the delays causedby software processing and enabled a switch to keep pace with thedata demands of many microsegments and high bit rates.

Hubs vs Switches

Most modern Ethernet use switches to the end devices and operate fulld l B it h id h t th h t th


100/136

pduplex. Because switches provide so much greater throughput thanhubs and increase performance so dramatically, it is fair to ask: whynot use switches in every Ethernet LAN?

Three reasons why hubs are still being used:

Availability - LAN switches were not developed until the early1990s and were not readily available until the mid 1990s. EarlyEthernet networks used UTP hubs and many of them remain in


Economics - Initially, switches were rather expensive. As the price

of switches has dropped, the use of hubs has decreased and costis becoming less of a factor in deployment decisions. Requirements - The early LAN networks were simple networks

designed to exchange files and share printers. For many locations,the early networks have evolved into the converged networks oftoday, resulting in a substantial need for increased bandwidthavailable to individual users. In some circumstances, however, ashared media hub will still suffice and these products remain on themarket.

Switches Selective Forwarding

Activity 9 6 3 1


101/136

Activity 9.6.3.1



Activity 9.6.3.1


102/136

In fact, any node operating in full-duplex mode can transmit anytime ithas a frame, without regard to the availability of the receiving node. This is because a LAN switch will buffer an incoming frame and

Activity 9.6.3.1


then forward it to the proper port when that port is idle.

This process is referred to as store and forward. With store and forward switching, the switch receives the entire frame,

checks the FSC for errors, and forwards the frame to the appropriateport for the destination node.

Because the nodes do not have to wait for the media to be idle, thenodes can send and receive at full media speed without losses due tocollisions or the overhead associated with managing collisions.

Extra: Switch modes


103/136



104/136


Uponi i i li i f


105/136

initialization ofthe switch, theMAC address

table is empty


Host1 sendsdata to Host2.The frame sentcontains both asource MACaddress and adestinationMAC address



106/136




107/136




108/136




109/136




110/136



Activity 9.6.4.1


111/136



112/136

Address Resolution Protocol


Address Resolution Protocol (ARP)


113/136


In order for devices to communicate, the sending devices need both the

IP addresses and the MAC addresses of the destination devices. When they try to communicate with devices whose IP addresses they

know, they must determine the MAC addresses.

ARP enables a computer to find the MAC address of the computer thatis associated with an IP address.

The ARP protocol provides two basic functions:1. Resolving IPv4 addresses to MAC addresses

2. Maintaining a cache of mappings


114/136

ARP table in host


115/136


ARP operation

ARP Table:


116/136

?MAC

A.B.C.1.3.3MAC?

IP197.15.22.33

IP197.15.22.35

Data


197.15.22.33

A.B.C.1.3.3

197.15.22.35

A.B.C.7.3.5

197.15.22.34

A.B.C.4.3.4

AA BB CC

ARP operation: ARP request


117/136

MACA.B.C.1.3.3

MACff.ff.ff.ff.ff.ff

IP197.15.22.33

IP197.15.22.35

What is your MAC Addr?


197.15.22.33

A.B.C.1.3.3

197.15.22.35

A.B.C.7.3.5

197.15.22.34

A.B.C.4.3.4

AA BB CC

ARP operation: Checking


118/136

MACA.B.C.1.3.3

MACff.ff.ff.ff.ff.ff

IP197.15.22.33

IP197.15.22.35

What is your MAC Addr?


197.15.22.33

A.B.C.1.3.3

197.15.22.35

A.B.C.7.3.5

197.15.22.34

A.B.C.4.3.4

AA BB CC

ARP operation: ARP reply


119/136

MACA.B.C.7.3.5

MACA.B.C.1.3.3

IP197.15.22.35

IP197.15.22.33

This is my MAC Addr


197.15.22.33

A.B.C.1.3.3

197.15.22.35

A.B.C.7.3.5

197.15.22.34

A.B.C.4.3.4

AA BB CC

ARP operation: Caching

ARP Table:


120/136

A.B.C.7.3.5 197.15.22.35

MACA.B.C.1.3.3

MACA.B.C.7.3.5

IP197.15.22.33

IP197.15.22.35

Data


197.15.22.33

A.B.C.1.3.3

197.15.22.35

A.B.C.7.3.5

197.15.22.34

A.B.C.4.3.4

AA BB CC

ARP Destination Outside the Local Network


121/136




122/136




123/136




124/136




125/136




126/136


Proxy ARP


127/136



128/136

ARP Removing Address Mappings


129/136


For each device, an ARP cache timer removes ARP entries that have not been used fora specified period of time. The times differ depending on the device and its operatingsystem.

For example, some Windows operating systems store ARP cache entries for 2minutes. If the entry is used again during that time, the ARP timer for that entry is

extended to 10 minutes. Commands may also be used to manually remove all or some of the entries in the ARP

table. After an entry has been removed, the process for sending an ARP request andreceiving an ARP reply must occur again to enter the map in the ARP table.


130/136

ARP Broadcasts - Issues

Overhead on the Media As a broadcast frame, an ARP request is received and processed by

every device on the local network. If a large number of devices were to


131/136

be powered up and all start accessing network services at the sametime, there could be some reduction in performance for a short period

of time. However, after the devices send out the initial ARP broadcasts and


network will be minimized.

Security In some cases, the use of ARP can lead to a potential security risk.ARP spoofing, or ARP poisoning, is a technique used by an attacker toinject the wrong MAC address association into a network by issuingfake ARP requests. An attacker forges the MAC address of a device

and then frames can be sent to the wrong destination. Manually configuring static ARP associations is one way to prevent

ARP spoofing. Authorized MAC addresses can be configured on somenetwork devices to restrict network access to only those devices listed.

Extra: ARP poisoning


132/136


ARP Broadcasts - Issues


133/136

Hc vi

n m

ng Bach Khoa - Website: www.bkacad.com

Labs


134/136

Hc vi

n m

ng Bach Khoa - Website: www.bkacad.com

Summary


135/136



136/136


Documents

CA Ex S1M09 Ethernet