RTFM: Packet and Protocol: IP across the Ether
IP over Ethernet explained
In the last RTFM we saw how IP packets are transmitted across the network. Here, we tackle Ethernet and see how packets are encapsulated and used.
To explain fully the way in which IP packets are used, we need to take a look at the Ethernet protocol in detail. The original idea was conceived, like so many other technologies, in Xerox's famous Palo Alto Research Centre by the Godfather of Ethernet: Bob Metcalf.
Ethernet
Metcalf created the first incarnation, which ran at 2.94Mbps. The standard was later internationally defined as the 10Mbps 802.3 standard. Incarnations since have seen the technology rise to 1Gbps, and 10Gbps is just around the corner.
Ethernet was conceived as a technology to join multiple computers together over a shared medium. Originally this was through 10Base2 coaxial cabling. Each computer tapped into the wire via a BNC connector. At each end of the cable sits a terminator - a 50-ohm resistor. This stops transmissions from echoing back along the line and causing errors.
Multiple stations transmitting at the same time would cause similar errors. This is called a collision. To avoid this, Ethernet uses a Carrier Sense Multiple Access/Collision Detection (CSMA/CD) algorithm. We'll take a look at both parts of this algorithm.
Carrier Sense Multiple Access
CSMA is used to detect when the transmission media is free. When this is the case, it's safe for a station to transmit. If the medium is busy, then a station backs off and waits for it to become free.
There are two main algorithms to perform this: 1-persistent CSMA and nonpersistent CSMA.
1-persistent CSMA monitors the channel until it is free. It's called 1-persistent because a station will transmit with a probability of 1 when the channel is free.
These systems reduce waiting times for transmission and thus offer higher network utilisation at low network loads. However, if a lot of stations are waiting, then a collision will occur the moment the line is free. This means that collisions are more likely when load is high.
Nonpersistent CSMA waits for the line to become free in the same way as 1-persistent CSMA system. However, when the line is free a station waits a random amount of time before transmitting.
This is less greedy than 1-persistent, but increases the time before transmission. This is more efficient at high loads.
For Ethernet it was decided to go with the 1-persistent model.
Collision Detection
The collision detection part of CSMA/CD is designed to monitor the line during transmission and watch out for collisions. Collisions happen when two stations start transmitting at the same time.
When this is detected in Ethernet, both transmitting stations back off and wait a random amount of time before starting to transmit again. The random time interval ensures that the same collision doesn't happen repeatedly.
In looking at collision detection, there are three important concepts: collision window, frame size, and collision back-off.
Collision Window
The collision window specifies the amount of time that a transmission is vulnerable to collisions after transmission has started. This window is caused by the speed of an electrical or light transmission.
Take the situation where two machines (A and B) are sitting on either end of a long length of cable. If machine A starts transmitting there is a delay before the signal will hit machine B. This delay will be sufficiently long that B will decide the channel is free and starts transmitting its own data.
At this point, a collision will occur. The exact size of the collision window is determined by the length of cable between machines.
Frame Size
As a station is barred from transmitting when another station is already transmitting, Ethernet defines a maximum transmission size. Ethernet places a 1518-byte limit on all frames transmitted. We'll take a look at the exact layout of an Ethernet frame later on in this article.
There's also a minimum frame size of 64-bytes. This is to ensure that there's always time for a station to detect a collision before it finishes transmitting.
After a transmission all stations have to remain silent for 9.6ms. This interpacket gap is used to allow circuits to recover and reset in time for the next transmission.
Collision back-off
When a collision is detected, the transmitting station 'floods' the network. This ensures that all systems on a segment detect the collision.
The Ethernet Frame
Here we?ll run through the fields in an Ethernet frame.
Preamble
This seven-byte field contains the pattern 10101010 seven times. It produces a 10-MHz square wave in the Manchester Biphase encoding scheme, which is used to physically put data on the wire. This information is used to synchronise the receiving station with the transmitting one.
Start of frame delimiter
This is used to define the actual start of the frame. It contains eight-bits transmitting the pattern 10101011.
Destination and Source Address
These two fields are both either two or six-bytes (16 or 48-bits) long. The destination address is looked at by all receiving machines. If the destination address doesn't match the local settings, the frame is discarded. The source address is used so that the replies can be sent back.
While there are two standard lengths for Ethernet addresses, the industry has mostly settled for the 48-bit standard. In a PC you'll know this as the Medium Access Control (MAC) address, which is hardwired into NICs.Ethernet addresses are represented by six hex numbers, such as 00-C0-4F-83-24-44
Length of data
This two-byte field defines the length in bytes of the data in the packet. It has a minimum value of 0 and a maximum of 1500. While 0 is a valid length the Ethernet standard states that a packet must be at least 64-bytes long. Including all of the other components in the frame this means that the data field has to be at least 46-bytes.
Data
This field can be from 0 to 1500-bytes long as discussed above. It contains the actual data that is being transmitted. When an IP frame is sent over an Ethernet network, it is stored in this portion of the frame.
Pad
The pad field can be from 0 to 46-bytes. It is used to push the frame size up the minimum if the data field is not long enough.
Checksum
This four-byte field contains a checksum for the Ethernet packet. It allows the receiving station to check that the contents of the frame haven't been damaged in transmission.
How IP fits in
So far the Ethernet frame allows us to transmit data over an Ethernet network using Ethernet addresses. This introduces a problem when higher-level protocols such as IP are introduced.
Devices sitting on an Ethernet network only understand Ethernet addresses. For IP to work in a environment such as this there has to be a method of finding out which IP address belongs to which Ethernet address. And it is at this point where the Address Resolution Protocol (ARP) comes in.
ARP
The protocol is evoked at the stage where the IP packet is created. We'll take the example of two machines, A and B, sitting on the same IP network.
When machine A starts to transmit IP traffic to machine B it examines the destination IP address. As machine A knows that machine B sits on the same network, it has to find out B's Ethernet address.
A sends out a broadcast ARP request to all machines on the Ethernet network, essentially asking "who's got B's IP address?"
All machines on the network get the request and immediately check their IP address. When B finds it is being contacted, it sends a response back to machine A.
A now builds an Ethernet frame and puts the IP packet in the payload field. The frame is then sent over the Ethernet network to machine B.When B decodes the frame, the IP packet is passed up to the IP software and dealt with in the usual way.
This is ARP in its most simplistic state, but there are methods to improve its efficiency and cut down on the amount of network traffic.First, all machines maintain an ARP cache. Every time a machine wants to send a packet it checks the cache to see if it has the correct mapping. If it does then it forgoes sending an ARP request.
There is one caveat that as IP addresses can be assigned to different machines, the ARP cache has to timeout at regular intervals.
ARP can also be setup so that each machine broadcasts it's IP/Ethernet address mapping on boot. This causes every receiving machine to add the mapping into their local ARP caches and cuts down on the amount of broadcast traffic on the network.
Routers ARP runs into trouble when routers are involved. Routers will not pass on Ethernet broadcasts. This can make it difficult for devices on different subnets to communicate.
A workaround is to have the router to respond to all ARP requests for foreign networks. From this point on all machines will quite happily send further packets to the router. This means that routers, and switches, have to be able to store thousands of address mappings locally. In a switch this is used to help the switch pass frame out of the correct port.
RARP The Reverse Address Resolution Protocol is used to give a machine an IP address when it knows its Ethernet address. This is often the case when a diskless workstation boots up.
In this case a RARP server responds to the request and gives the machine its IP address.
However, RARP broadcasts only reach as far as the router. This means that the requesting station has to be on the same network as the RARP server.
A better protocol is Bootp, which uses UDP to span routers. Bootp also sends additional information including a file to boot from, the IP address of the default router, and the subnet mask.
Other data-link protocols and IP
In this RTFM we've learnt how IP fits in with the most common network architecture. But what about the rest of the internet?
As we know, the internet is made up of lots of different networks joined together by routers. The process of transmitting an IP packet from one station to another is similar in operation to the Ethernet method that we have already described.
IP packets are encapsulated in the data section of data-link protocol, such as Ethernet or FDDI. When the packet hits a router, the IP packet is stripped out and the destination address examined.
As the router knows which path to take for that IP address it encapsulates in the local technology and passes it on. For example, a packet coming in on an Ethernet interface could find itself being passed out onto a Sonet network.
The same process happens at each network hop until the IP packet arrives at its destination.