Ethernet

Traditional Ethernet media access

CSMA/CD - Carrier Sense, Multiple Access with Collision Detection

Listen, if no one else talking, then you can begin to talk.

As you talk you listen to what you hear on the wire. If someone else talked at the same time as you (collision) then stop and wait a random time and then try again.

Collisions are ok (On half duplex Ethernet), just part of the CSMA/CD algorithm.

Ethernet - frame structure

Wikipedia page on Ethernet types

        Ethernet II     PRE[8] DST[6] SRC[6] TY[2] payload[1500] FCS[4] 8+1518
        802.3           PRE[8] DST[6] SRC[6] LEN[2] DSAP[1] SSAP[1] CONT[1] payload[1497] FCS[4] 8+1518

Preamble (at beginning) and FCS(at end) are not usually displayed by Ethernet analyzer programs (like wireshark)

DST = destination Ethernet address
SRC = source Ethernet address
TY = type when using a Ethernet II frame
LEN = length when using a 802.3 frame
FCS = frame check sequence, a checksum on the data
DSAP = Destination Service Access Point
SSAP = Source Service Access Point
CONT = Control Byte

Max payload size for standard Ethernet is 1500 octets. Min payload size 46 octets. Modern ethernet can use what are called jumbo frames, which can be larger.

802.3 frames have length in the 13th and 14th octet. The length will be less than 0x0600 (IE less then 1536 octets)

Ethernet II frames have type in the 13th and 14th octet, the type code will always be more than 0x0600. If the payload is an IP packet the type code will be 0x0800. If the packet is ARP packet the type code will be 0x0806.

The MTU is the maximum transmission unit of a media. For standard Ethernet it is 1518 octets. 6 octets of destination address, 6 octets of source address, 2 octets of type/len, up to 1500 octets for payload, and 4 octets of CRC so the MTU is 1518.

For half duplex Ethernet limits to distance can be signal attenuation (loss of strength / clarity) or timing of collision detection. All stations on the network need to be able to detect a collision within the first 512 bits (64 bytes) of the frame. For 10 Mbit Ethernet and most cat 5 copper media the propagation delay will limit you to 2.5 Kilometers for the collision domain. Repeaters will add delay to that as well. Of course for 100Mbit Ethernet your collision timing space is going to be 10 times smaller. Most 100Mbps is run full duplex. Full duplex is the only option for 1G and 10G ethernet.

Address types

Unicast (single destination) - Every Ethernet network adapter has a built in unicast Ethernet address that it uses as source address for all traffic it sends. It is a 48 bit address that is usually written as 6 two digit hexadecimal number separated by colons (or sometimes dashes). IE 00:C0:A8:7D:77:4A is a unicast Ethernet address, as would be 00:A0:D2:39:4D:74.

Multicast (multiple destinations). The address address has bit one of first byte set. IE 01:XX:XX:XX:XX:XX. IE first byte of address is an odd number. Note that since Ethernet transmits least significant bit first, the very first bit received will tell of if this is a unicast (=0) or multicast (=1) frame.

Broadcast (all stations) address FF:FF:FF:FF:FF:FF (all ones). Really a special case of multicast.

The first 3 bytes of a source Ethernet address are manufacturer code. You can find these at http://www.cavebear.com/archive/cavebear/Ethernet/ or http://standards-oui.ieee.org/oui.txt

Repeaters

Repeaters and Hubs are two names for the same thing. A device that electrically repeats a Ethernet signal. Usually it has multiple "ports" of a single media (10 base 2, or more frequently 10 base T).

It might also have ports of multiple media types, IE a 10 Base T repeater with a 10 base 2 port, or a AUI port.

Since it electrically repeats the signal (and any collisions) it simply extends the collision domain. Signals on any physical segment of the network tied together with repeaters can "collide" with others. Collisions are not bad things for half duplex ethernet. The detection of collisions and retransmission is the media access control algorithm of half duplex ethernet.

Switches / Bridges

Fits in network anywhere a repeater/hub would go. Accepts frame, uses a table of known destinations to decide weather to forward or not. A switch retransmits the frame, using all CSMA/CD rules. Not just an electrical layer 1 relay like a repeater is. Though a switch will fully receive and retransmit a frame using all CSMA/CD rules, it does not modify the content in any way. Each port of a switch is a separate collision domains. A older name for a two port switch is a bridge.

Compare a switch to a repeater/hub. The repeater works at layer 1 (physical layer). All stations connected to a repeater are in the same collision domain. IE if more than one station connected to a repeater tries to transmit, they signals (and frames) will collide. On the other hand each station connected to a switch can be in it's own collision domain.

Compare a switch to "router" (IE Layer 3 device). Switch doesn't change source or destination Ethernet address. It doesn't recalculate CRC. It forwards frame untouched. Router accepts frame, discards layer 2 information. May forward frame based on layer 3 information. If it does forward it based on Layer 3 information it will have a new layer 2 (Ethernet) source address.

Full Duplex Ethernet

If only two stations on the twisted pair (or fiber optic) Ethernet, there is no chance of collisions. So no need for collision detection. Can transmit and receive separate data at the same time.

If you connect a switch to a single station you can set the port on the switch and the station to full duplex

If you connect a switch to a repeater you have to set the port on the switch (and the ports on each station connected to the repeater) to half duplex. All the stations connected to the repeater are in the same collision domain.

Full duplex can only be used when there is only one station on the switch port. In this case there is no possibility for collision.

Two types of 100mbit repeaters class 1 and class 2. Class 2 is faster (lower signal propagation delay) then class 1 Media for all ports on class 2 is the same (all TX or all FX) With twisted pair and class 1 repeaters you can only have one repeater on a segment With twisted pair and class 2 you can have two repeaters station <-100m-> repeater <-5m-> repeater <-100m-> station max

Full duplex Ethernet

no CSMA/CD needed. Stations can transmit and receive at the same time
station distance limited only by attenuation
no worries about collision.
no worries about timing of collision propagation.

Switches - multi port bridges

Each port is in its own collision domain.
Each port can be full or half duplex.
Full duplex if it talks to a single station or another switch
Half duplex if it talks to a repeater (multiple stations in the collision domain)

Switches learn about which stations are on which ports. When they receive a frame the make note of the source address and build a table associating that source address with a port. Now when they receive a frame destined to that address they will only send it out the port that the destination is on. These tables time out. Broadcast (and except under certain circumstances multicast) packets are always sent to all stations.

The behavior of basic switches/bridges is defined in the IEEE 802.1d which is available at the IEEE explore website

A good links about the "Learning Bridge Algorithm" are: here The Wikipedia page is here.

Multi speed switches

These are switches that have ports that might run at 10M, 100M, 1G or even 10G Bits/sec.

These multi speed switches can lead to saturation of slower segments. IE frames can be lost/dropped if 100Mbit/sec of data tries to go out a 10Mbit/sec port. Or if 1G of data want to go out a 100M port. Also frames can be lost/dropped if two stations send more than 100Mbps to a 100Mbps port at the same time. In each case above the switch will buffer as much as it can, but when the buffer fills it will start to drop packets. This is called "tail drop" as once a buffer is full new packets (the tail of the conversation) will be dropped. This can be modified by 802.1q priorities. (see below)

Auto-negotiation

Modern Ethernet cards and switches (interfaces) will attempt to use a auto negotiation protocol to sync up at the fastest common speed and best common duplex. IE if you have a card that operates at 10Mbps half duplex only and connect to a switch port which can operate at 10M, 100M, and 1G in full or half duplex, then the best common speed is 10Mbps half duplex, and if auto negotiation works then the two interfaces will use 10Mbps/half to communicate. If you have a 100Mbps full duplex card connected to the same port then they should sync up at 100Mbps full. It doesn't always work with older equipment, but most modern equipment does it correctly.

802.1q Vlans/Priorities

Wikipedia page on 802.1q

802.1q allows you to run multiple broadcast domains between switches. The Ethernet frame is labeled with type 0x8100 and 4 bytes are added which after the type field which contain a vlan tag and the original Ethernet type. The vlan tag is 16 bits. 3 bits are "priority" 0-7 where 0 is lowest and 7 is highest. followed by a bit called the CFI which is always 0 (for Ethernet) and then 12 bits which specify a vlan number 0-4095. Vlans 0 and 4095 are "reserved" so really only 4094 assignable.

Jumbo frames

Wikipedia page on Jumbo frames

Jumbo frames are Ethernet with a payload of larger than 1500 octets. There is no IEEE standard, but most vendors Ethernet cards and switches that support jumbo frames inter-operate just fine. They can only be used in full duplex Ethernet and help increase throughput by reducing the CPU time overhead to process each frame. 9000 octets is the preferred max payload on high performance networks. All stations within a broadcast domain must agree on the MTU of jumbo frames.