Ethernet: The Physical and Link Layers



Ethernet: Definitions and Standards

History

The early development of Ethernet was done by Xerox research. The name "Ethernet" was a registered trademark of Xerox Corporation. Ethernet from this period is often called DIX after its corporate sponsors Digital, Intel, and Xerox. As the holder of the trademark, Xerox established and published the standards.

The technology was refined and a second generation called Ethernet II was widely used. The IEEE was assigned the task of developing formal international standards for all Local Area Network technology. The "802" committee was formed to look at Ethernet, Token Ring, Fiber Optic, and other LAN technology. The objective of the project was not just to standardize each LAN individually, but also to establish rules that would be global to all types of LANs so that data could easily move from Ethernet to Token Ring or Fiber Optics.

This larger view created conflicts with the existing practice under the old Xerox DIX system. The IEEE was careful to separate the new and old rules. It recognized that there would be a period when old DIX messages and new IEEE 802 messages would have to coexist on the same LAN. It published a set of standards of which the most important are:

802.2 - The new message format for data on any LAN

802.3 - Hardware standards for Ethernet cards and cables

802.4 – Hardware standards Token Bus cards and cables

802.5 - Hardware standards for Token Ring cards and cables

802.11 – Wireless LAN Technologies

The 802.3 standard further refined the electrical connection to the Ethernet. Today all Ethernet NICs cards conform to this standard.

The TCP/IP protocol used by the Internet refused to change. Internet standards are managed by the IETF group, and they decided to stick with the old DIX message format.

IBM implemented SNA over LAN until after the 802 committee released its standards, then rigorously implemented the 802 rules for everything except TCP/IP where the IETF rules take precedence. This means that NETBEUI (the format for NETBIOS on the LAN) and SNA obey the 802 conventions.

The old DIX rules for message format persist for some uses (Internet, DECNET, some Novell). The new 802 rules apply to other traffic (SNA, NETBEUI). The most pressing problem is to make sure that Novell clients and servers are configured to use the same frame format.

Networking Equipment Terminology

Network Interface Card

Network interface card is also frequently called a NIC. Currently, the most common types of NIC used in the home and office are Ethernet and wireless Ethernet cards.

The link light signifies that the NIC card has successfully detected a device on the other end of the cable. This indicates that you are using the correct type of cable and that the duplex has been negotiated correctly between the devices at both ends.

Full duplex data paths have the capability of allowing the simultaneous sending and receiving of data. Half duplex data paths can transmit in both directions too, but in only one direction at a time.

Error-detection and data-retransmission mechanisms ensure that the data reaches the destination correctly and are specifically designed to remedy data corruption caused when multiple devices start transmitting at the same time.

Most modern network cards can autonegotiate duplex with the device on the other end of the wire (802.3ae), if it is plugged into a switch.

Windows uses IPCONFIG to set ethenret parameters from the commands line. Most UNIX systems use the ifconfig command to set display ethernet card paramaters. Others use specific commands like ethtool (LINUX) or ndd (Solaris)

Media Access Control (MAC) Address

The media access control (MAC) address can be equated to the serial number of the NIC. Every IP packet is sent out of your NIC wrapped inside an Ethernet frame that uses MAC addresses to direct traffic on your locally attached network.

The MAC Address is a 6 byte field burned into the Ethernet chip on the NIC card by the manufacturer – represented as 12 hexadecimal digits. The first 3 bytes (6 hex numbers) represent the manufacturer.

MAC addresses have significance only on the locally attached network. As the packet hops across the Internet, its source/destination IP address stays the same, but the MAC addresses are reassigned by each router on the way using a process called ARP.

Frame Type

Each LAN Protocol has it’s own data format called a “frame”. The standards for each protocols are defined with the standard specification for the protocol.

Ethernet: Definitions and Standards

Ethernet Media Access Control: Access and Collisions - OSI Layer 1

Base Ethernet is a broadcast medium, every computer on a network section shares the same wire.

While an Ethernet can be built using one common signal wire – coax such as ThickNet or ThinNet - such an arrangement is not flexible enough to wire most buildings. Ethernet wire cannot be just spliced together, connecting one copper wire to another. Ethernet requires a repeater - a simple station that is connected to two wires that repeats the Ethernet signal bit-for-bit on the other wire.

Repeaters are passive devices (no MAC Address) that repeat digital signals from one side to the other. Ethernet repeaters are subject to the 5/4/3 rule – 5 segments connected by 4 repeaters with three segments active - a limit of 30 active workstations.

A multi-port repeater using twisted pair wiring is referred to as a hub.

The Ethernet hub contains a repeater connecting workstations over phone type wiring (Category 3) for every connection. It is possible to connect multiple hubs in a chain formation to create a LAN with more ports; often called daisy chaining. Hubs have their own version of the repeater rule when daisy-chained called the Class I (10 MBS, 4 hubs) or Class II (100 MBS 2 hubs) that define how they can be connected within a collision domain.

Hubs physically cross-connect all their ports with one another which causes all traffic sent from a server to the hub to be blurted out to all other servers connected to that hub whether they are the intended recipient or not.

Hubs have little or no electronics inside and therefore do not regulate traffic. It is possible for multiple servers to speak at once with all of them receiving garbled messages. When this happens the servers try again, after a random time interval, until the message gets through correctly. It is for these reasons that Ethernet devices that plug into hubs should be set to half duplex.

Digital Signals

10 MBS Ethernet uses Manchester encoding (first published in 1949) to encode the clock and data of a synchronous bit stream. In this technique, the actual binary data to be transmitted over the cable are not sent as a sequence of logic 1's and 0's (known technically as Non Return to Zero (NRZ)). Instead, the bits are translated into a slightly different format that has a number of advantages over using straight binary encoding (i.e. NRZ).

In Manchester encoding a logic 0 is indicated by a 0 to 1 transition at the centre of the bit and a logic 1 is indicated by a 1 to 0 transition at the centre of the bit. Note that signal transitions do not always occur at the ‘bit boundaries’ (the division between one bit and another), but that there is always a transition at the centre of each bit. The Manchester encoding rules are summarised below:

| Original Data | Value Sent |

| Logic 0 |0 to 1 (upward transition at bit centre) |

| Logic 1 |1 to 0 (downward transition at bit centre) |

The following diagram shows a typical Manchester encoded signal with the corresponding binary representation of the data (1,1,0,1,0,0) being sent.

[pic]

Note that signal transitions do not always occur at the 'bit boundaries' (the division between one bit and another), but that there is always a transition at the centre of each bit.The encoding may be alternatively viewed as a phase encoding where each bit is encoded by a postive 90 degree phase transition, or a negative 90 degree phase transition. The Manchester code is therefore sometimes known as a Biphase Code.

A Manchester encoded signal contains frequent level transitions which allow the receiver to extract the clock signal using a Digital Phase Locked Loop (DPLL) and correctly decode the value and timing of each bit. To allow reliable operation using a DPLL, the transmitted bit stream must contain a high density of bit transitions. Manchester encoding ensures this, allowing the receiving DPLL to correctly extract the clock signal. This is implemented in Ethernet using a 1-byte Start flag “0x7E: and a “preamble” consisting of 7 bytes of alternating one’s and zeroes ahead of the MAC Destination Address. The start field and preamble are typically not seen in LAN traces which show only Layer 2 data or above.

Bi-phase Manchester encoding consumes up to approximately twice the bandwidth of the original signal (20 MHz). This is the penalty for introducing frequent transitions. For a 10 Mbps LAN, the signal spectrum lies between the 5 and 20 MHz. Manchester encoding is used as the physical layer of an Ethernet LAN, where the additional bandwidth is not a significant issue for coaxial cable transmission

The limited bandwidth of CAT5e cable necessitated a more efficient encoding method for 100 Mbps transmission using a 4b/5b MLT code. This uses three signal levels (instead of the two levels used in Manchester encoding) and therfore allows a 100 Mbps signal to occupy only 31 MHz of bandwidth. Gigabit Ethernet utilises five levels and 8b/10b encoding, to provide even more efficient use of the limited cable bandwidth, sending 1 Gbps within 100 MHz of bandwidth.

A transmission rate of 10 Mbps implies that each bit is sent in 0.1 microseconds. For a coaxial cable, the speed at which the signal travels along the cable is approximately 0.77 times the speed of light (i.e. 0.77x3x10E8). A bit therefore occupies 23 metres of cable. Under the same conditions the smallest frame would be 13.3 km!

If you wish to do the same calculation for a twisted pair cable, you would have to take into consideration that the propagation speed is slower at 1.77x10E8 (0.59c). Increasing the bit rate, for example using 100BTx, decreases the time available to send each bit into the wire, but does not change the speed at which the edge of the bits travel through the cable!

Ethernet: Definitions and Standards

Access Method

Computers wait until the line (media) is clear before transmitting and then send their data while comparing what they wanted to send with what they actually sent on the cable as a means of error detection using a mathematical comparison, technique called cyclic redundancy check (CRC). Any detected differences between the two, the server assumes that it transmitted data simultaneously with another server on the cable. It waits some (pseudo) random time and retransmit at some later stage when the line was clear again.

The "Multiple Access" part means that every station is connected to a single copper wire (or a set of wires that are connected together to form a single data path). The "Carrier Sense" part says that before transmitting data, a station checks the wire to see if any other station is already sending something. If the LAN appears to be idle, then the station can begin to send data. Transmitting data only after first sensing whether the cable, which was strung between multiple devices, had the correct signaling levels is a methodology called carrier sense, multiple access or CSMA.

The ability to detect garbling due to simultaneous data transmissions, also known as collisions, is called collision detect or CD. Together this access mechanism is referred to as CSMA/CD. This stands for "Carrier Sense, Multiple Access/ Collision Detect".

An Ethernet station sends data at a rate of 10 megabits per second (base speed). That bit allows 100 nanoseconds per bit. Light and electricity travel about one foot in a nanosecond. Therefore, after the electric signal for the first bit has traveled about 100 feet down the wire, the station has begun to send the second bit. If two stations are located, say, 250 feet apart on the same cable, and both begin transmitting at the same time, then they will be in the middle of the third bit before the signal from each reaches the other station.

This explains the need for the "Collision Detect" part. Two stations can begin to send data at the same time, and their signals will "collide" nanoseconds later. When such a collision occurs, the two stations stop transmitting, "back off", and try again later after a randomly chosen delay period.

The 802.11 specifications defining many wireless Ethernet technologies are another example of commonly used layer 1 and 2 components of the OSI model uses a broadcast machanism called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) where the “random” access comes first instead of after a collison.

[pic]

"Ethernet" is generally reserved for a system that transmits 10 megabits per second with a round trip delay of 50 microseconds. The worst case for Ethernet starts when a workstation at one end of a wire begins sending data. The signal passes down the wire through repeaters, and just before it gets to the last station at the other end of the LAN, that station (hearing nothing and thinking that the LAN is idle) begins to transmit its own data.

A collision occurs. The second station recognizes this immediately, but the first station will not detect it until the collision signal retraces the first path all the way back through the LAN to its starting point. Any system based on collision detect must control the time required for the worst round trip through the LAN. As "Ethernet" is commonly defined, this round trip is limited to 512 “bit times” or (512 x 1/10**7) or 50 microseconds (millionths of a second) at 10 MHZ. This is enough time to transmit 500 bits. At 8 bits per byte, this is slightly less than 64 bytes.

To make sure that the collision is recognized, Ethernet requires that a station must continue transmitting until the 50 microsecond period has ended (512 bits). If the station has less than 64 bytes of data to send, then it must pad the data by adding zeros at the end.

The area within which CSMA/CD takes place is called a “collision domain”. With multiple workstations access ing the medium, full utilization is usually at 33% according to queueing theory.

To extend the LAN farther than the 50 microsecond or “collision domain” limit, one needs a bridge or router. A “bridge” is a Layer 2 device that connects multiple collison domains. A multiport bridge is called a switch, each port connection is it’s own collision domain with only two devices, the workstation and switch.

In a switch, unlike a hub, traffic sent from Server A to Server B will be received only by Server B. The only exception is broadcast traffic which is sent out all ports simultaneously. Switches can regulate traffic, thereby eliminating the possibility of message garbling and providing a more efficient traffic flow. Since each port on a switch terminates a collision domain; if only one device is connected to the port, CSMA/CD can be dropped. This allows the port to function in full-duplex (simultaneous send/receive) mode

Normal Switches and hubs provide no access control between servers connected to the same LAN. This is why network administrators group trusted servers having similar roles on the same LAN. Larger, more expensive switches can be configured to assign only certain ports to prespecified virtual LANs or (VLANs) chosen by the network administrator. In this case, the switch houses ports on multiple logical or virtual LANs. Some of these switches may also perform basic Layer 3 routing between VLANs for specific protocols (like IP). No router needed.

Ethernet: Definitions and Standards

Ethernet Frame Formats - OSI Layer 2

Ethernet frames are defined at OSI layer 2.

A block of data transmitted on the Ethernet is called a "frame." The first 12 bytes of every frame contain the 6 byte destination address (the recipient) and a 6 byte source address (the sender). Each Ethernet adapter card comes with a unique factory installed address (the "universally administered address"). Use of this hardware address guarantees a unique identity to each card.

The PC software (in PROTOCOL.INI or NET.CFG) can be configured to substitute a different address number that the “burned-in” AMC, called a "locally administered address."

The source address field of each frame must contain the unique address (universal or local) assigned to the sending card. The destination field can contain a "multicast" address representing a group of workstations with some common characteristic. A Novell client may broadcast a request to identify all Netware servers on the LAN, while a Microsoft or IBM client machine broadcasts a query to all machines supporting NETBIOS to find a particular server or domain.

In normal operation, an Ethernet adapter will receive only frames with a destination address that matches its unique address, or destination addresses that represent a multicast message. However, most Ethernet adapters can be set into "promiscuous" mode where they receive all frames that appear on the LAN. If this poses a security problem, a new generation of smart hub devices can filter out all frames with private destination addresses belonging to another station.

There are three common conventions for the format of the remainder of the frame:

1. Ethernet II or DIX

2. IEEE 802.3 and 802.2

3. SNAP

Ethernet II or DIX

(================== Data direction

[pic]

Before the development of international standards, Xerox administered the Ethernet conventions. As each vendor developed a protocol, a two byte Type code was assigned by Xerox to identify it. Codes were given out to XNS (the Xerox own protocol), DECNET, IP, and Novell IPX. Since short Ethernet frames must be padded with zeros to a length of 64 bytes, each of these higher level protocols required either a larger minimum message size or an internal length field that can be used to distinguish data from padding.

Type field values of particular note include:

0x0600 XNS (Xerox)

0x0800 IP (the Internet protocol)

0x6003 DECNET

IEEE 802.3 and 802.2

The IEEE 802 committee was charged to develop protocols that could operate the same way across all LAN media.

(================== Data direction

[pic]

To allow collision detect, the 10 megabit Ethernet requires a minimum packet size of 64 bytes (512) bits. Any shorter message must be padded with zeros. The requirement to pad messages is unique to Ethernet and does not apply to any other LAN media. In order for Ethernet to be interchangeable with other types of LANs, it would have to provide a length field to distinguish significant data from padding.

The DIX standard did not need a length field because the vendor protocols that used it (XNS, DECNET, IPX, IP) all had their own length fields. However, the 802 committee needed a standard that did not depend on the good behavior of other programs. The 802.3 standard therefore replaced the two byte type field with a two byte length field.

Xerox had not assigned any important types to have a decimal value below 1500. Since the maximum size of a packet on Ethernet is 1500 bytes, there was no conflict or overlap between DIX and 802 standards. Any Ethernet packet with a type/length field less than 1500 is in 802.3 format (with a length) while any packet in which the field value is greater than 1500 must be in DIX format (with a type).

The 802 committee then created a new field to substitute for Type. The 802.2 header follows the 802.3 header

[pic]

The 802.2 header is three bytes long for control packets or the kind of connectionless data sent by all the old DIX protocols. A four byte header is defined for connection oriented data, which refers primarily to SNA and NETBEUI. The first two bytes identify the SAP. Even with hindsight it is not clear exactly what the IEEE expected this field to be used for. In current use, the two SAP fields are set to 0x0404 for SNA and 0xF0F0 for NETBEUI. 0x0A0A for LLC2..

SNAP

The IEEE left all the other protocols in a confusing situation. They did not need any new services and did not benefit from the change. Furthermore, a one byte SAP could not substitute for the two byte type field. Yet 802.2 was an International Standard, and that has the force of law in many areas. The compromise was to create a special version of the 802.2 header that conformed to the standard but actually repackaged the old DIX conventions.

[pic]

Under SNAP, the 802.2 header appears to be a datagram message (control field 0x03) between SAP ID 0xAA. The first five bytes of what 802.2 considers data are actually a subheader ending in the two byte DIX type value. Any of the old DIX protocols can convert their existing logic to legal 802 SNAP by simply moving the DIX type field back eight bytes from its original location.

Ethernet: Definitions and Standards

Local Area Network Connectivity

When a DCE (hub or switch) connects to a DTE(workstation ), a straight-through cable is used. DCEs connected to DCEs or DTEs connected to DTEs require crossover cables. This terminology is generally used with Ethernet cables.

A straight-through Ethernet cable is easy to identify. Hold the connectors side by side, pointing in the same direction with the clips facing away from you. The color of the wire in position #1 on connector #1 should be the same as that of position #1 on connector #2. The same would go for positions #2 through #8, that is, the same color for corresponding wires on each end. A crossover cable has them mixed up. Table 2-3 provides some good rules of thumb.

Cabling Rules of Thumb

|Scenario |Likely Cable Type |

|PC to PC |Crossover |

|Hub to hub |Crossover |

|Switch to switch |Crossover |

|PC to modem |Straight-Through |

|PC to hub |Straight-Through |

|PC to switch |Straight-Through |

Some manufacturers configure the Ethernet ports of their networking equipment to be either of the DTE or the DCE type, and other manufacturers have designed their equipment to flip automatically between the two types until it gets a good link (autoMDIX); making cable selection unecessary. As you can see, confusion can arise when selecting a cable. If you fail to get a link light when connecting your Ethernet devices together, try using the other type of cable.

Note that any device that functions an OSI Layer 3 only (router) or above (firewall etc), is a DTE for LAN connectivity purposes. These terms are often confused:

• A repeater (Layer 1 device) receives and then immediately retransmits each bit. It has no memory and does not depend on any particular protocol. It duplicates everything, including the collisions.

• A bridge (Layer 2 device) receives the entire message into memory. If the message was damaged by a collision or noise, then it is discarded. If the bridge knows that the message was being sent between two stations on the same cable, then it discards it. Otherwise, the message is queued up and will be retransmitted on another Ethernet cable. The bridge has no address. Its actions are transparent to the client and server workstations.

• A router (Layer 3 device) acts as an agent to receive and forward messages. The router has an IP address and is known to the client or server machines. Typically, machines directly send messages to each other when they are on the same cable, and they send the router messages addressed to another zone, department, or subnetwork. Routing is a function specific to each protocol.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download