Connecting The Network Layer to Data Link Layer
MAC Addresses and ARP 32-bit IP address: network-layer address used to get datagram to destination IP subnet MAC (or LAN or physical or Ethernet) address: function: get frame from one interface to another physically-connected interface (same network) 48 bit MAC address (for most LANs) burned in NIC ROM, also sometimes software settable 5: DataLink Layer
LAN Addresses and ARP Each adapter on LAN has unique LAN address 1A-2F-BB-76-09-AD Broadcast address = FF-FF-FF-FF-FF-FF LAN (wired or wireless) = adapter 71-65-F7-2B-08-53 58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98
ARP: Address Resolution Protocol Question: how to determine MAC address of B knowing B’s IP address? Each IP node (host, router) on LAN has ARP table ARP table: IP/MAC address mappings for some LAN nodes < IP address; MAC address; TTL> TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min) 137.196.7.78 1A-2F-BB-76-09-AD 137.196.7.23 137.196.7.14 LAN 71-65-F7-2B-08-53 58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98 137.196.7.88
ARP in the IP Layer The Address Resolution Protocol (ARP) Part of the Internet Protocol (IP) to solve a specific problem Usually considered to be a part of the link layer The physical layer has 6 byte MAC addresses, while the network layer has independent (4 byte) IP addresses
ARP What is the connection between IP and HW (MAC = Ethernet) addresses? There is no a priori connection as they live in different layers But they need some connection otherwise we won't be able to use a physical layer to send IP packets: we won't know where a particular IP packet should physically be sent
ARP Every host on the Internet has (at least) one 32 bit (4 byte) IP address It is unique to that host and so identifies that machine on the Internet
ARP IP addresses are chosen by the local system administrator to suit the local network Ethernet addresses are built into the interface hardware by the manufacturer The two addresses bear absolutely no relationship to one another (as we would expect from the layering principles)
ARP Suppose want to send a packet over (say) an Ethernet We only know the destination's IP address To build the Ethernet frame we have to know the Ethernet address that the destination has This is what ARP does: It finds the hardware address corresponding to an IP address
How ARP finds the Targets MAC Address STEP 1: ARP broadcasts an ARP Request packet that contains the target IP address in an Ethernet frame with destination address ff:ff:ff:ff:ff:ff and source (its own) Ethernet address All hosts on the local network read this broadcasted frame The target host recognises the request for its IP address
ARP STEP 2: The target sends an ARP Reply packet containing its own Ethernet address It knows the source's Ethernet address as found in the request packet The source gets the reply and reads out the target's Ethernet address It can now use that Ethernet address to send IP packets
WHAT is ARP FRAME? The frame type for ARP is 0806 Hardware type: 1 for an Ethernet address Protocol type: 0800 for an IP address Sizes: sizes in bytes of the address fields, 6 for Ethernet, 4 for IP
ARP OP: 1 for a request, 2 for a reply Address fields: the data In a request the target MAC address field is not filled in, which is what we are trying to find! In a reply the sender MAC address is the address we seek
ARP The source caches the address so it doesn't need to do an ARP for every IP packet The cache expires after (say) 20 minutes, after which a fresh ARP exchange is needed This is in case the Ethernet-to-IP address relationship changes, e.g., an IP address is reassigned to a new machine
What if the Target is not on the Same LAN? If no machine on the local network has the requested IP address, or that machine is down, no reply will be forthcoming In this case, after a few seconds (and a few repeated ARP requests), an error message is send to the application trying to make the IP connection This might be “no such host” or “host unreachable”
SRC and DST on different Networks: ARP Bridging A clever trick that shows ARP can be used for things other than it was designed to do This trick allows us to extend an Ethernet (or other network) over a physically larger distance than its specifications allow, and to join a wireless network to a wired one so they appear to be a single network
ARP Bridging A bridge is a host with two interfaces, one on each network If host h1 wishes to send to host h2 it must determine its hardware address
ARP Bridging So h1 sends an ARP broadcast for h2 The bridge sees this request and responds on behalf of h2 (a proxy ARP), but it supplies its own hardware address b1
ARP Bridging Now h1 sends data to what it thinks is h2, but is actually the bridge The bridge reads the packet, sees it is destined for h2 (by its IP address) and forwards it to the other network where h2 can read it
ARP Bridging The forwarded frame will be changed to have h2 as destination and b2 as source If h2 replies, it can either use h2 which it got from the original packet or do an ARP request, which the bridge proxies in a symmetrical way
ARP Bridging In either case the packet goes to the bridge, which forwards it to h1, again rewriting the frame addresses appropriately This is all transparent to h1 and h2 who believe they are on the same network
ARP Bridging This is sometimes called transparent bridging If h1 is communicating with both h2 and h3 its cache will show then to have the same hardware address b1: this is not a problem
ARP Bridging ARP bridging is fine for joining a pair of small networks, but less so for larger collections of networks IEEE 802.1d Ethernet Bridging standard addresses this, dealing with the cases of multiple routes between hosts
Remote ARP Bridging Bridging can also connect networks that are widely separated, e.g., by a WAN, again to appear as a single network using remote bridging Compare this with tunnelling
Remote ARP Bridging The endpoints are called half bridges This is similar in principle to local bridging, but now the half bridges must cope with encapsulation over the WAN; differences in speed and packet sizes of the LAN and WAN and so on
Reverse Address Resolution Protocol (RARP) Reverse ARP addresses to opposite problem to ARP: given a hardware address find the IP address Needed by hosts that don't initially know their own IP address, e.g., a diskless computer, a laptop plugging into a network, a refrigerator, etc.
Reverse Address Resolution Protocol (RARP) Very similar to ARP Frame type 8035 Same frame layout Op type 3 for a RARP request, type 4 for a RARP reply RARP is OK for limited purposes, but much better protocols exist to solve the same problem (see DHCP)
DHCP a Sublayers Under the Network Layer How does a host get allocated an IP address? allocated manually by an administrator: OK as far as it goes but does not scale to large networks and some networks (e.g., home networks) don't have (competent) administrators Use the Dynamic Host Configuration Protocol 28
DHCP a Sublayers Under the Network Layer DHCP, and its predecessor BOOTP, exist to allocate IP addresses to hosts We start with BOOTP then describe DHCP which is similar but massively extends BOOTP Both extend RARP 29
Dynamic Host Configuration Protocol :DHCP How Does DHCP Work? Dynamic Host Configuration Protocol :DHCP DHCP is designed for the general configuration of a host: address, subnet mask, gateway, name servers, and more Needed usually for hosts with non-permanent connections, e.g., Internet service providers, etc 30
How Does DHCP Work? DHCP has a pool of available addresses that it can assign to hosts as they need When a host leaves, its address can be reused DHCP gives a lease time on an address If the lease expires the host can renew via DHCP A well-behaved host will signal (via DHCP) when it no longer needs an address 32
How Does DHCP Work? DHCP supplies IP address Gateway Subnet mask name servers lease times print servers Gateway boot servers mail servers host name web servers 33
Prechecking of an IP Address Before supplying an address, DHCP should ping the network for that address: this is to check that no host is accidentally using that address already 34
Prechecking of an IP Address Before supplying an address, DHCP should ping the network for that address: this is to check that no host is accidentally using that address already Inform others: After getting an address, the host can send an ARP reply containing its own address. This gratuitous ARP informs other hosts on the network of the new address association so they can update their ARP caches 35
How Does DHCP Work? The data is encoded in a DHCP packet as a tag byte to indicate the type of data a length byte the data itself Tag 0 to pad data for alignment Tag 255 to indicate end of data 36
The Packet Header 37
DHCP Message Flow
Ethernet Topologies “dominant” wired LAN technology: cheap $20 for NIC first widely used LAN technology simpler, cheaper than token LANs and ATM kept up with speed race: 10 Mbps – 10 Gbps Metcalfe’s Ethernet sketch 5: DataLink Layer
Star topology bus topology popular through mid 90s all nodes in same collision domain (can collide with each other) today: star topology prevails active switch in center each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other) switch bus: coaxial cable star 5: DataLink Layer
Ethernet Frame Structure Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame Preamble: 7 bytes with pattern 10101010 followed by one byte with pattern 10101011 used to synchronize receiver, sender clock rates 5: DataLink Layer
Ethernet Frame Structure (more) Addresses: 6 bytes if adapter receives frame with matching destination address, or with broadcast address (eg ARP packet), it passes data in frame to network layer protocol otherwise, adapter discards frame Type: indicates higher layer protocol (mostly IP but others possible, e.g., Novell IPX, AppleTalk) CRC: checked at receiver, if error is detected, frame is dropped 5: DataLink Layer
Ethernet: Unreliable, connectionless connectionless: No handshaking between sending and receiving NICs unreliable: receiving NIC doesn’t send acks or nacks to sending NIC stream of datagrams passed to network layer can have gaps (missing datagrams) gaps will be filled if app is using TCP otherwise, app will see gaps Ethernet’s MAC protocol: unslotted CSMA/CD 5: DataLink Layer
Hubs … physical-layer (“dumb”) repeaters: bits coming in one link go out all other links at same rate all nodes connected to hub can collide with one another no frame buffering no CSMA/CD at hub: host NICs detect collisions twisted pair hub 5: DataLink Layer
Switch link-layer device: smarter than hubs, take active role store, forward Ethernet frames examine incoming frame’s MAC address, selectively forward frame to one-or-more outgoing links when frame is to be forwarded on segment, uses CSMA/CD to access segment transparent hosts are unaware of presence of switches plug-and-play, self-learning switches do not need to be configured 5: DataLink Layer
Switch: allows multiple simultaneous transmissions hosts have dedicated, direct connection to switch switches buffer packets Ethernet protocol used on each incoming link, but no collisions; full duplex each link is its own collision domain switching: A-to-A’ and B-to-B’ simultaneously, without collisions not possible with dumb hub C’ B 1 2 6 3 4 5 C B’ A’ switch with six interfaces (1,2,3,4,5,6) 5: DataLink Layer
switch with six interfaces Switch Table A Q: how does switch know that A’ reachable via interface 4, B’ reachable via interface 5? A: each switch has a switch table, each entry: (MAC address of host, interface to reach host, time stamp) looks like a routing table! Q: how are entries created, maintained in switch table? something like a routing protocol? C’ B 1 2 6 3 4 5 C B’ A’ switch with six interfaces (1,2,3,4,5,6) 5: DataLink Layer
Switch: self-learning Source: A Dest: A’ A A A’ switch learns which hosts can be reached through which interfaces when frame received, switch “learns” location of sender: incoming LAN segment records sender/location pair in switch table C’ B 1 2 6 3 4 5 C B’ A’ MAC addr interface TTL A 1 60 Switch table (initially empty) 5: DataLink Layer
Switch: frame filtering/forwarding When frame received: 1. record link associated with sending host 2. index switch table using MAC dest address 3. if entry found for destination then { if dest on segment from which frame arrived then drop the frame else forward the frame on interface indicated } else flood forward on all but the interface on which the frame arrived 5: DataLink Layer
Self-learning, forwarding: example Source: A Dest: A’ Self-learning, forwarding: example A A A’ C’ B frame destination unknown: 1 2 flood A A’ A A’ A A’ A A’ A A’ 6 3 4 5 destination A location known: C A’ A selective send B’ A’ MAC addr interface TTL A 1 60 Switch table (initially empty) A’ 4 60 5: DataLink Layer
Interconnecting switches switches can be connected together D E F S2 S4 S3 H I G S1 A B C Q: sending from A to G - how does S1 know to forward frame destined to F via S4 and S3? A: self learning! (works exactly the same as in single-switch case!) 5: DataLink Layer
Self-learning multi-switch example Suppose C sends frame to I, I responds to C S4 1 S1 2 S3 S2 A F D I B C H G E Q: show switch tables and packet forwarding in S1, S2, S3, S4 5: DataLink Layer
Institutional network mail server to external network web server router IP subnet
Switches vs. Routers both store-and-forward devices routers: network layer devices (examine network layer headers) switches are link layer devices routers maintain routing tables, implement routing algorithms switches maintain switch tables, implement filtering, learning algorithms 5: DataLink Layer
VLANs: motivation What happens if: CS user moves office to EE, but wants connect to CS switch? single broadcast domain: all layer-2 broadcast traffic (ARP, DHCP) crosses entire LAN (security/privacy, efficiency issues) each lowest level switch has only few ports in use What’s wrong with this picture? Computer Science Computer Engineering Electrical Engineering 5: DataLink Layer
VLANs Port-based VLAN: switch ports grouped (by switch management software) so that single physical switch …… 1 7 9 15 Virtual Local Area Network 2 8 10 16 … … Switch(es) supporting VLAN capabilities can be configured to define multiple virtual LANS over single physical LAN infrastructure. Electrical Engineering (VLAN ports 1-8) Computer Science (VLAN ports 9-15) … operates as multiple virtual switches 1 8 2 7 9 16 10 15 … … Electrical Engineering (VLAN ports 1-8) Computer Science (VLAN ports 9-16) 5: DataLink Layer
Electrical Engineering Port-based VLAN router traffic isolation: frames to/from ports 1-8 can only reach ports 1-8 can also define VLAN based on MAC addresses of endpoints, rather than switch port forwarding between VLANS: done via routing (just as with separate switches) in practice vendors sell combined switches plus routers 1 7 9 15 2 8 10 16 dynamic membership: ports can be dynamically assigned among VLANs … … Electrical Engineering (VLAN ports 1-8) Computer Science (VLAN ports 9-15) 5: DataLink Layer
VLANS spanning multiple switches 1 7 9 15 16 1 3 5 7 2 8 10 2 4 6 8 … … Electrical Engineering (VLAN ports 1-8) Computer Science (VLAN ports 9-15) Ports 2,3,5 belong to EE VLAN Ports 4,6,7,8 belong to CS VLAN trunk port: carries frames between VLANS defined over multiple physical switches frames forwarded within VLAN between switches can’t be vanilla 802.1 frames (must carry VLAN ID info) 802.1q protocol adds/removed additional header fields for frames forwarded between trunk ports 5: DataLink Layer