Ethernet LAN switching (1)
Physical & Datalink layer
Ethernet involves Layer1 and Layer2 of the OSI model.
Physical Layer : [[OSI Model & TCP-IP Suite#1 Physical layer]]
Datalink Layer : [[OSI Model & TCP-IP Suite#2 Data Link layer]]
PDUs and Encapsulation : [[OSI Model & TCP-IP Suite#^encapsulation]]
Local Area Networks (LANs)
A network contained within a relatively small area, like an office floor or home network.
Routers are used to connect separate LANs.
Switches do not separate LANs. Adding more switches can be used to expand an existing LAN.
Ethernet frame
| Eth. header | Packet | Eth. trailer |
|---|---|---|
22 bytes | 4 bytes |
Ethernet header
| Preamble | SFD | Destination | Source | Type |
|---|---|---|---|---|
7 bytes | 1 byte | 6 bytes | 6 bytes | 2 bytes |
Preamble, SFD (Start Frame Delimiter) : used for synchronization and to allow the receiving device to be prepared to receive the rest of the data in the frame.
Destination : Layer2 address to which the frame is being sent.
Source : Layer2 address of the device which sent the frame.
Type : Layer3 protocol used in the encapsulated Packet (almost always IPv4 or IPv6). Sometimes this is a Length field (indicating the length of the encapsulated data), depending on the version of Ethernet.
Preamble & SFD
| Preamble | SFD |
|---|---|
Alternating 1's and 0's | Start Frame Delimiter |
Length : 7 bytes (56 bits) | Length : 1 byte |
10101010 * 7 | 10101011 |
Allows devices to synchronize their receiver clocks | Marks the end of the preamble, and the begining of the rest of the frame |
Destination & Source
Indicate the devices sending and receiving the frame.
Consist of the destination and source MAC (Media Access Control) address (just like in email).
MAC address is a 6 byte (48 bits) address of the physical device.
Different from IP address as MAC address is assigned to the device as it is made
Type or Length
2 byte (16 bit field).
Value of 1500 or less indicates the LENGTH of the encapsulated packet (in bytes). ^maxlength
Eg: If the value in this field is 1400, the length of the encapsulated field is 1400 bytes.
A value of 1536 or greater indicates the TYPE of the encapsulated packet, and length is determined via other methods.
IPv4 = 0x0800 (2048 in decimal), where 0x represents hexadecimal.
IPv6 = 0x86DD (34525 in decimal).
The Type in the ethernet header indicates the type of payload it carries.
Ethernet trailer
| FCS |
|---|
4 bytes |
FCS (Frame Check Sequence) : used by receiving device to detect any errors that might have occured in the transmission.
FCS
Frame Check Sequence.
4 bytes (32 bits) in length.
Detects corrupted data by running a CRC algorithm over the received data.
CRC = Cyclic Redundancy Check (Cyclic - cyclic codes, Redundancy - these 4 bytes at the end of the message, enlarge the message without adding any new info, Check - it checks/verifies the data for errors).
MAC address
6 byte (48 bit) physical address assigned to the device when it is made.
or Burned-In-Address (BIA).
Globally unique - no 2 devices in the world should have the same MAC address.
First 3 bytes are the OUI (Organizationally Unique Identifier), which is assigned to the company making the device.
Last 3 bytes are unique to the device itself.
Written as 12 hexadecimal (eg: 2C:54:91:88:C9:E3).
Scenario
3 PCs connected to a Switch.
PC1 wants to send some data to PC2. It sends the data through its Network Interface Card (NIC), which is connected to SW1 (a Frame is sent with destination and source MAC addresses).
This kind of frame is Unicast frame - a frame destined for a single target (PC2 here).
After SW1 receives the frame, it looks at the source MAC address and learns where the PC1 is.
Switch adds the source MAC address and the interface (eg: F0/1) it received the frame from, in a MAC address table (to know that it can reach that MAC address via that interface).
This is known as Dynamically learned MAC address or Dynamic MAC address (because it wasn't manually configured and the Switch learned it itself).
Then the Switch reads the destination MAC address, but it doesn't know to which of its interface the destination PC is connected.
Because the Switch doesn't know how to reach the destination, it floods the frame through all of its interfaces, except where the source is
This is called Unknown Unicast frame - a frame for which the switch doesn't have an entry in its MAC address table.
Flood - to forward the frame out of ALL of its interfaces, except the one it received.
PC3 after receiving the packet, ignores it, because the destination MAC address doesn't match its own MAC. It simply drops the packet.
PC2 receives the packet and processes it up the OSI stack. (de-encapsulation - [[OSI Model & TCP-IP Suite#^de-encapsulation]])
Switch, if never receives a packet from PC2, can't learn PC2's MAC address and use it to populate the MAC address table.
Now if PC2 wants to send a message or reply to PC1, the destination and source addresses of the frame is reversed.
PC2 sends it via its network interface and SW1 receives it.
SW1 then looks at the source MAC address and adds it to its MAC address table, associating it with the interface it received the frame from (F0/2).
Since the MAC address of PC1 is already in the table, it just forwards it to PC1.
This is called Known Unicast Frame, because the destination is already it its MAC address table.
Known Unicast Frames are just FORWARDED whereas Unknown Unicast Frames are FLOODED.
On Cisco switches, Dynamic MAC addresses are removed from the MAC address table after 5 minutes of inactivity.
Last updated
