Network fundamentals - Ethernet StandardThe Ethernet protocol is the most used protocol in today's networks. Ethernet, as a protocol operates at the last two layers of the OSI stack, the Data Link Layer and the Physical Layer. These two layers are represented by the LLC ( Logical Link Control) and the MAC ( Media Access Control). There are differences between those two layers and how they operate. First of all layer 1 does not communicate with the upper layers, this is where LLC is used, to communicate with the upper layers. Another example is that layer 1 works only with bits while layer 2 operates with frames. Layer 2 uses addressing to identify devices that communicate with each other. For these sublayers of the Data Link Layer (LLC and MAC), two standards were created to describe their role and how they operate, IEEE 802.2 for LLC and 802.3 for MAC. Data Link Layer is the place where the hardware and software pieces are separated. LLC is implemented in software and MAC is implemented in hardware. Usually LLC is a software driver that is used to command the hardware equipment (an example is the driver for the network interface card). The MAC sublayer is used to encapsulate data with MAC addresses, error detection and delimiting frames. Also this sublayer is used to send streams of bits onto the media.
There are many types of devices that implement Ethernet like switches, hubs or routers. The early networks were using hubs to connect devices between each other. This implementation had some problems because all devices shared a common medium so collisions were frequent. This is why switches where invented, they are used to separate collision domains. Switches uses one port for each device and data is sent from one point to another directly without interfering with other devices.
MAC address is used to uniquely identify each device in a network. The source and destination MAC addresses are added when a packet is encapsulated into a frame. A MAC address is made of 48 bits composed of two parts. The first part (24 bits) identifies the company that produced the equipment and the last 24 bits are used to uniquely identify a device. Open a command prompt and type getmac to see the MAC addresses for the network devices attached to your computer (on a Windows OS):
first 6 hexadecimal digits (AC-16-2D) - manufacturer
last 6 hexadecimal digits (0D-49-B3) - device unique id
The MAC address is referred to as the burned-in address because it is written in the ROM (Read Only Memory) of a network device. By reading the MAC address, devices know where a frame must be sent. Read more about MAC address: http://en.wikipedia.org/wiki/MAC_address, about MAC http://en.wikipedia.org/wiki/Media_access_control and about LLC http://en.wikipedia.org/wiki/Logical_link_control.
In Ethernet implementations communications ca be either unicast, multicast or broadcast. I have already talked about these in a past post.
Hubs where used in an early implementation of networks. They were replaced by switches because of many factors. I've already told you that by using hubs all devices share the same medium so collisions can occur. The scalability (http://en.wikipedia.org/wiki/Scalability) is also affected because by adding devices in a hub network, the bandwidth is increasingly reduced. Another factor is that latency is increased and networks can be easily affected by devices that stop operating.
By using switches networks were highly improved. Communication between devices are made full-duplex, bandwidth is dedicated for each device, collision domains are segmented and networks can be easily expanded. Switches use MAC address tables to store addresses that are needed to communicate between devices. When a frame arrives, the switch decapsulates the frame, reads the MAC address and then forwards the frame to the next switch or to the destination. If the MAC address is not stored in the address table, it is added for a later transmission. Read more on http://en.wikipedia.org/wiki/Network_switch. A switch has some important functions:
Learning - A switch has the capacity to learn and store MAC addresses when they arrive.
Flooding - When a frame arrives, the switch checks it's MAC table. If the destination MAC address is not found then the switch sends the frame trough all interfaces.
Aging - After a certain idle period, if no communication is made, the MAC addresses stored in the address table are deleted.
Forwarding - A switch sends a certain frame to the corresponding exit interface based on the destination MAC address.
Filtering - A switch can make decisions based on the rules created for that frame. It can drop a frame if it's corrupted, it can block a certain frame, etc.
When frames are sent between devices, destination MAC addresses must be added. To get a certain MAC address, devices use the ARP protocol. The Address Resolution Protocol maps the MAC address with the IP address of a certain equipment. ARP uses broadcast to sent and receive messages about MAC addresses. If a frame is destined to a remote device, the frame is sent to the default gateway. This next image will make you understand how ARP works:
To display the MAC entries from the arp table of a windows workstation type arp -a:
An entry in the arp table has the following elements:
Internet Address - devices IP addresses
Physical Address - the corresponding MAC addresses
Type - how did the device learned about that entry (static or dynamic).
Read more about ARP here: http://en.wikipedia.org/wiki/Address_Resolution_Protocol.
That's it folks for this post, I wish you all the best.