Understanding Ethernet and IP Addressing in Networking
LLC sublayer handles the communication between the upper layers and the lower layers. This is typically between the networking software and the device hardware. MAC is implemented by hardware, typically in the computer NIC, specifics 802.3 standards. 2 primary res. Media access control,Media access control is responsible for the placement of frames on the media
and the removal of frames from the media,Data encapsulation, frame assembly before transmission and frame disassembly upon reception of a frame. 3 primary functions: Frame delimiting,The framing process provides important delimiters that are used to identify a group of bits that make up a frame. These delimiting bits provide synchronization between the transmitting and receiving nodes. Addressing,The encapsulation process contains the Layer 3 PDU and also provides for data link layer addressing. Error detection, Each frame contains a trailer used to detect any errors in transmissions. Ethernet is a contention-based method of networking. A contention-based method means that any device can try to transmit data across the shared medium whenever it has data to send. Any frame less than 64 bytes in length is called a “collision fragment” or “runt frame” and is automatically discarded by receiving stations. Frames with more than 1500 bytes of data are called “jumbo frames” or “baby giant frames.”Preamble The Preamble (7 bytes) and Start Frame Delimiter (SFD), also called the Start of Frame (1 byte), fields are used for synchronization between the sending and receiving devices. Destination MAC Address, This 6-byte field is the identifier for the intended recipient.Source MAC Address This 6-byte field identifies the frame’s originating NIC or interface. EtherType Field This 2-byte field identifies the upper layer protocol encapsulated in the Ethernet frame. Data This field (46–1500 bytes) contains the encapsulated data from a higher layer, which is a generic Layer 3 PDU, or more commonly, an IPv4 packet.
FCS The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a frame. Ethernet technology relies on MAC addresses to function. MAC addresses are used to identify the frame source and destination.
Is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit). The MAC address is often referred to as a burned-in address (BIA) because, historically, this address is burned into ROM (Read-Only Memory) on the NIC. A unicast MAC address is the unique address used when a frame is sent from a single transmitting device to a single destination device.The process that a source host uses to determine the destination MAC address is known as Address Resolution Protocol (ARP)
. Switches are used in Ethernet networks to improve both security and efficiency. Switches use MAC addresses to direct network communications through their switch fabric toward the destination node. The switch fabric is the integrated circuits and the accompanying machine programming that allows the data paths through the switch to be controlled.If the destination MAC address is not in the table, the switch will forward the frame out all ports except the incoming port. This is known as an unknown unicast. 2 forwarding methods: In store-and-forward switching, when the switch receives the frame, it stores the data in buffers until the complete frame has been received. During the storage process, the switch analyzes the frame for information about its destination. In this process, the switch also performs an error check using the CRC trailer portion of the Ethernet frame. In cut-through switching, the switch acts upon the data as soon as it is received, even if the transmission is not complete. The switch buffers just enough of the frame to read the destination MAC address so that it can determine to which port to forward the data. 2 cut-th.
Switching
Fast-forward switching offers the lowest level of latency. Fast-forward switching immediately forwards a packet after reading the destination address. Because fast-forward switching starts forwarding before the entire packet has been received. In fragment-free switching, the switch stores the first 64 bytes of the frame before forwarding. Fragment-free switching can be viewed as a compromise between store-and-forward switching and fast-forward switching. In port-based memory buffering, frames are stored in queues that are linked to specific incoming and outgoing ports.Shared memory buffering deposits all frames into a common memory buffer that all the ports on the switch share.Asymmetric switching allows for different data rates on different ports.Full-duplex Both ends of the connection can send and receive Simultaneously. Half-duplex Only one end of the connection can send at a time. When the auto-MDIX feature is enabled, the switch detects the type of cable attached to the port and configures the interfaces accordingly. Physical address (the MAC address) Used for Ethernet NIC to Ethernet NIC communications on the same network. Logical address (the IP address) Used to send the packet from the original source to the final destination. To send data, the node must use both of these addresses. The node will use its own MAC and IPv4 addresses in the source fields and must also provide both a destination MAC address and a destination IPv4 address. Whereas the IPv4 address of the destination will be provided by a higher OSI layer, the sending node needs to use a destination MAC address to forward the frame. This is the purpose of ARP. When a packet is sent to the data link layer to be encapsulated into an Ethernet frame, the device refers to a table in its memory to find the MAC address that is mapped to the IPv4 address. This table is called the ARP table or the ARP cache.An ARP request is sent when a device needs a MAC address associated with an IPv4 address, and it does not have an entry for the IPv4 address in its ARP table. ARP spoofing or ARP poisoning is a technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another device, such as the default gateway.
Addressing end devices End devices must be configured with a unique IP address for identification on the network. Encapsulation The network layer encapsulates the protocol data unit (PDU) from the transport layer into a packet, The encapsulation process adds IP header information, such as the IP address of the source (sending) and destination (receiving) hosts.
Routing
The network layer provides services to direct packets to a destination host on another network. To travel to other networks, the packet must be processed by a router. The role of the router is to select the best path and direct packets toward the destination host in a process known as routing. A packet may cross many intermediary devices before reaching the destination host. Each router a packet crosses to reach the destination host is called a hop. De-encapsulation When the packet arrives at the network layer of the destination host, the host checks the IP header of the packet. If the destination IP address within the header matches its own IP address, the IP header is removed from the packet. After the packet is deencapsulated by the network layer, the resulting Layer 4 PDU is passed up to the appropriate service at the transport layer.Connectionless No connection with the destination is established before sending data packets. Best Effort IP is inherently unreliable because packet delivery is not guaranteed.Media Independent Operation is independent of the medium (i.E., copper, fiber optic, or wireless) carrying the data. One major characteristic of the media that the network layer considers: the maximum size of the PDU that each medium can transport. This characteristic is referred to as the maximum transmission unit (MTU). In some cases, an intermediate device, usually a router, must split up a packet when forwarding it from one medium to another medium with a smaller MTU. This process is called fragmenting the packet or fragmentation. IPv4 header include version, differentiated services, time to live, protocol, source address, destination add.3 IPV4 issues: IP address depletion – IPv4 has a limited number of unique
public IPv4 addresses available. Internet routing table expansion A routing table is used by routers to make best path determinations. As the number of servers connected to the Internet increases, so too does the number of network routes. These IPv4 routes consume a great deal of memory and processor resources on Internet routers.Lack of end-to-end connectivity Network Address Translation (NAT) is a technology commonly implemented within IPv4 networks. NAT provides a way for multiple devices to share a single public IPv4 address. However, because the public IPv4 address is shared, the IPv4 address of an internal network
host is hidden. This can be problematic for technologies that require end-to-end connectivity. IMPROVED IPV6 (VS IPV4): Increased address space IPv6 addresses are based on 128- bit hierarchical addressing as opposed to IPv4 with 32 bits. Improved packet handling The IPv6 header has been simplified with fewer fields. Eliminates the need for NAT With such a large number of public IPv6 addresses, NAT between a private IPv4 address and a public IPv4 is not needed. This avoids some of the NAT-induced application problems experienced by applications requiring end-to-end connectivity. IPv6 header has version, traffic class, flow label, payload length, next header, hop limit, source and dest add. A host can send packet to Itself A host can ping itself by sending a packet to a special IPv4 address of 127.0.0.1, which is referred to as the loopback interface. Pinging the loopback interface tests the TCP/IP protocol stack on the host. Local host This is a host on the same local network as the sending host. The hosts share the same network address. Remote host This is a host on a remote network. The hosts do not share the same network address. The default gateway is the network device that can route traffic to other networks. It is the router that can route traffic out of the local network. Routing table can store info about: Directly-connected routes These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated. Each of the router’s interfaces is connected to a different network segment. Remote routes These routes come from remote networks connected to other routers. Routes to these networks can be manually configured on the local router by the network administrator or dynamically configured by enabling the local router to exchange routing information with other routers using a dynamic routing protocol. Default route Like a host, routers also use a default route as a last resort if there is no other route to the desired network in the routing table. 4 types of router memory: RAM, ROM, NVRAM, Flash. Console This is a physical management port that provides out-of band access to a Cisco device. Out-of-band access refers to access via a dedicated management channel that is used for device maintenance purposes only. Secure Shell (SSH) SSH is a method for remotely establishing a secure CLI connection through a virtual interface, over a network. Unlike a console connection, SSH connections require active networking services on the device including an active interface
configured with an address.Telnet is an insecure method of remotely establishing a CLI session through a virtual interface, over a network. Unlike SSH, Telnet does not provide a securely encrypted connection. User authentication, passwords, and commands are sent over the network in plaintext. Each address consists of a string of 32 bits, divided into four sections called octets.IPv4 address Unique IPv4 address of the host Subnet mask Used to identify the network/host portion of the IPv4 address Default gateway Identifies the local gateway (i.E., local router interface IPv4 address) to reach remote networks.3 parts of global unicast: global routing prefix, subnet ID, interface iD. PING: is a testing utility that uses ICMP echo request and echo reply messages to test connectivity between hosts. In an Ethernet LAN, devices use broadcasts to locate: Other devices A device uses Address Resolution Protocol (ARP) which sends Layer 2 broadcasts to a known IPv4 address on the local network to discover the associated MAC address. Services A host typically acquires its IPv4 address configuration
using the Dynamic Host Configuration Protocol (DHCP) which sends broadcasts on the local network to locate a DHCP server.