Ethernet Frame Fields and MAC Addressing PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an overview of Ethernet frame fields and MAC addressing. It covers topics such as frame size, frame structure, MAC address format, and types of MAC addresses. The document also includes information on how switches use MAC address tables for efficient frame forwarding.
Full Transcript
Ethernet Frame Fields and MAC Addressing Ethernet Frame Fields: 1. Frame Size: ○ Minimum: 64 bytes ○ Maximum: 1518 bytes ○ Frames smaller than 64 bytes are called "collision fragments" or "runt frames" and are discarded. ○ Frames larger than 1500...
Ethernet Frame Fields and MAC Addressing Ethernet Frame Fields: 1. Frame Size: ○ Minimum: 64 bytes ○ Maximum: 1518 bytes ○ Frames smaller than 64 bytes are called "collision fragments" or "runt frames" and are discarded. ○ Frames larger than 1500 bytes are considered "jumbo" or "baby giant frames." ○ Frames outside the valid size range are dropped as invalid due to collisions or other issues. 2. Frame Structure: ○ Preamble and Start Frame Delimiter (SFD): 8 bytes (7 bytes preamble + 1 byte SFD) for synchronization. ○ Destination MAC Address: 6 bytes identifying the intended recipient; can be unicast, multicast, or broadcast. ○ Source MAC Address: 6 bytes identifying the originating device's NIC. ○ Type/Length: 2 bytes specifying the upper layer protocol (e.g., 0x0800 for IPv4, 0x86DD for IPv6). ○ Data Field: 46 to 1500 bytes containing encapsulated data from a higher layer. ○ Frame Check Sequence (FCS): 4 bytes for error detection using a cyclic redundancy check (CRC). Using Wireshark to Examine Ethernet Frames: Objectives: ○ Examine header fields in an Ethernet II frame. ○ Capture and analyze Ethernet frames using Wireshark. MAC Address and Hexadecimal: 1. MAC Address Format: ○ A 48-bit binary value represented using 12 hexadecimal digits. ○ Hexadecimal uses numbers 0-9 and letters A-F. ○ One hexadecimal digit represents four binary bits, allowing a 48-bit MAC address to be expressed using 12 hex values. ○ Example: Binary 0000 1010 in hexadecimal is 0A. 2. MAC Address Structure: ○ Organizationally Unique Identifier (OUI): First 6 hex digits assigned by IEEE to vendors. ○ Vendor-assigned: Last 6 hex digits, uniquely assigned by the vendor. ○ Example: Cisco's OUI might be 00-60-2F, followed by a unique vendor code like 3A-07-BC, making the MAC address 00-60-2F-3A-07-BC. Frame Processing: 1. Burned-in Address (BIA): ○ MAC address is permanently encoded in the NIC's ROM. ○ Copied to RAM during boot. ○ Can be changed in software on modern systems. 2. Frame Forwarding: ○ Source MAC: The MAC address of the sending device. ○ Destination MAC: The MAC address of the receiving device. ○ If a device receives a frame where the destination MAC matches its own, it processes the frame; otherwise, it discards it. Types of MAC Addresses: 1. Unicast: ○ Unique address used for communication between a single sender and a single receiver. ○ Example: ARP uses unicast MAC addresses. 2. Broadcast: ○ Destination MAC: FF-FF-FF-FF-FF-FF (all devices on the LAN process the frame). ○ Used for DHCP, ARP requests, etc. ○ Flooded to all devices on the LAN but not forwarded by routers. 3. Multicast: ○ Used for communication to a group of devices. ○ IPv4 Multicast MAC: Begins with 01-00-5E. ○ IPv6 Multicast MAC: Begins with 33-33. ○ Devices part of a multicast group listen for frames with a specific multicast address. Address Resolution: 1. IPv4: Address Resolution Protocol (ARP) maps IP addresses to MAC addresses. 2. IPv6: Neighbor Discovery (ND) performs a similar function. Key Concepts: Ethernet Frame Validity: ○ Frames must be within the specified size range. ○ FCS is used to verify the integrity of the frame. Hexadecimal Notation: ○ Often preceded by 0x (e.g., 0x73) or followed by an H (e.g., 73H). MAC Address Duplication: ○ Possible but rare; can occur due to manufacturing errors or software modifications. Multicast Group: ○ Devices that share a multicast MAC address can receive frames sent to that address. 7.3 The MAC Address Table 7.3.1 Switch Fundamentals Function of MAC Addresses: ○ Layer 2 Ethernet switches use MAC addresses to make forwarding decisions. ○ Unlike Ethernet hubs that broadcast frames to all ports, switches direct frames to the appropriate port using MAC addresses. Forwarding Decisions: ○ Switches forward frames based solely on Layer 2 MAC addresses, ignoring the protocol inside the frame (e.g., IPv4, ARP, IPv6 ND). MAC Address Table: ○ A switch maintains a MAC address table (CAM table) mapping MAC addresses to specific ports. ○ This table starts empty when the switch is powered on. 7.3.2 Switch Learning and Forwarding Learning Process: ○ The switch builds its MAC address table dynamically by examining the source MAC address of incoming frames. ○ If the MAC address is new, it is added to the table along with the port number where the frame entered. Forwarding Process: ○ The switch checks its MAC address table for the destination MAC address. ○ If a match is found, the frame is forwarded to the corresponding port. ○ If no match is found, the switch broadcasts the frame to all ports except the incoming one. Table Refresh: ○ The switch updates the timer for an existing entry when it sees traffic from that MAC address. ○ Entries are typically kept for 5 minutes. 7.3.3 Filtering Frames Filtering Frames: ○ The switch uses the MAC address table to filter and forward frames to the correct port. ○ Example: If PC-D sends a reply to PC-A, the switch adds PC-D's MAC address to the table associated with the receiving port. Efficient Forwarding: ○ By learning MAC addresses, the switch reduces unnecessary traffic by forwarding frames only to the appropriate port. 7.3.4 MAC Address Tables on Connected Switches Connected Switches: ○ When switches are connected, a single port on a switch may have multiple MAC addresses associated with it. ○ The switch keeps a separate entry in the MAC address table for each different source MAC address received on a port. 7.3.5 Sending the Frame to the Default Gateway Remote Networks: ○ If the destination device is on a different network, the frame is sent to the default gateway (router) instead of directly to the destination. ○ The switch forwards the frame to the port where the default gateway is connected. 7.4 Switch Speeds and Forwarding Methods 7.4.1 Frame Forwarding Methods on Cisco Switches Frame Forwarding Methods: ○ Store-and-Forward Switching: Receives the entire frame and computes the CRC to check for errors. If the CRC is valid, the switch forwards the frame to the correct port. Advantage: Detects errors and discards corrupted frames, reducing bandwidth consumption. Required for Quality of Service (QoS) on converged networks to prioritize traffic (e.g., VoIP). ○ Cut-Through Switching: Forwards the frame before it is entirely received. Only reads the destination MAC address before forwarding. Does not perform error checking. 7.4.2 Cut-Through Switching Variants of Cut-Through Switching: ○ Fast-Forward Switching: Offers the lowest latency by immediately forwarding a packet after reading the destination address. May forward packets with errors, which are discarded by the destination NIC. Latency is measured from the first bit received to the first bit transmitted. ○ Fragment-Free Switching: Stores the first 64 bytes of the frame before forwarding. A compromise between store-and-forward and fast-forward switching. Checks for collisions or errors in the first 64 bytes to enhance error detection. Switch Behavior: ○ Some switches can switch between cut-through and store-and-forward based on error thresholds. 7.4.3 Memory Buffering on Switches Buffering Techniques: ○ Port-Based Memory: Frames are stored in queues linked to specific ports. A frame is transmitted only when all frames ahead in the queue are successfully transmitted. Can cause delays if the destination port is busy. ○ Shared Memory: Frames are stored in a common buffer shared by all ports. Dynamically allocates buffer memory to each port. Allows storing larger frames with potentially fewer dropped frames. Important for asymmetric switching with different data rates on ports (e.g., 10 Gbps server and 1 Gbps PCs). 7.4.4 Duplex and Speed Settings Duplex Settings: ○ Full-Duplex: Both ends of the connection can send and receive simultaneously. ○ Half-Duplex: Only one end of the connection can send at a time. Autonegotiation: ○ Automatically negotiates the best speed and duplex capabilities between devices. ○ Defaults to full-duplex if supported by both devices and to their highest common bandwidth. Duplex Mismatch: ○ A common cause of performance issues when one port is half-duplex and the other is full-duplex. ○ Can lead to collisions and degraded network performance. ○ Best practice: Configure both ports to full-duplex or ensure autonegotiation is enabled on both sides. 7.4.5 Auto-MDIX Auto-MDIX: ○ Automatically detects the type of cable connected (crossover or straight-through) and configures the interfaces. ○ Allows using either cable type for connections to a copper 10/100/1000 port on a switch. ○ Enabled by default on Cisco switches running IOS Release 12.2(18)SE or later. ○ Can be re-enabled using the mdix auto interface configuration command.
