OSI Model OSI MODEL - Open Systems Interconnection Reference ...

bonkburpsNetworking and Communications

Oct 23, 2013 (3 years and 7 months ago)

213 views

MAC Addresses

Notes
-

OSI Laye
r
1

1

/
108

Gnall

MEDIA


PowerPoint

Slide 1
and

Primer P
age
3


Consider two comput
ers, A and B, which need to exchange
information with each other:




Fig. 1


When PCs were first us
ed in office environments in the early 1980's, floppy disks were

used to exchange
information via "sneaker net".


Eventually, copper, such as co
-
ax or twisted pair, was used to transf
er data from
one
machine to another:




Fig. 2



SIMPLE NETWORKS


Additional comp
uters can
be connected via
a
mesh
topology
:




Fig. 3


With a mesh
topology
,
getting data to the correct computer is easy
-

just send it out the
appropriate

port.
No addressing is required.


However, each time a computer is added to the network, a NIC mu
st be added to each computer and more
cabling (a lot more cabling) must be added. Eventually this becomes unmanageable and cost prohibitive.



HUBS

-

STAR TOPOLOGY


The above

mesh
topology

can be replaced with a
star topology

with the use of a hub
:





Fig. 4



Inside the hub, we can think of all four computers connected together via one big solder ball.

MAC Addresses

Notes
-

OSI Laye
r
1

2

/
108

Gnall

CO
-
AX
-

BUS TOPOLOGY


The older co
-
ax based
bus topology

is functionally similar to a hub
-
based star topology:





Fig.
5




HYBRID /
BUS
-
STAR TOPOLOGY





MAC Addresses

Notes
-

OSI Layer 2

3

/
108

Gnall

MAC ADDRESS

-

Media Access Control


With the hub configuration shown
in Figure
6
, a packet sent out by A, will be read by B, C and D. If the
packet sent out by A is m
eant to only
be
read by B, then C and D's time is wasted

since they also

process

the packet.

(The same is true for the bus topology shown
in Figure 5
.)





Fig.
6



Adding a
destination
MAC address

field
to the packet allow
s each
receiving
computer to determine
whether the packet is meant for
it
. Each computer's
NIC

(Network Interface Card) reads the destination
MAC address to determine whether to
drop the packet or to
take
it

in
for further processing. If the
packet's
dest
ination MAC address matches the MAC address burned into
the
NIC, then the pac
ket
undergoes

further
processing by the computer.


A
source MAC address

is also added to the packet so that the receiving computer can rep
ly back to the
sending computer.

Since th
e first thing a NIC cares about is determining whether a packet it receives should
be processed or dropped, the destination MAC address is placed
at the beginning

of the packet, before the
source MAC address.



Destination MAC

Source MAC

Data



Fig.
7


MA
C is an acronym for
Media Access Control
.


The
Ethernet protocol

defines how MAC addresses are to be used.

MAC Addresses

Notes
-

OSI Layer 2

4

/
108

Gnall

MAC ADDRESS

-

Structure


Primer Page 9


A MAC address is comprised of
48 bits
:


------------------------------------------------


While
a computer
treats a MAC address as a single continuous string of 48 bits, the bits are often written in
6 gr
oups of 8 bits, known as
octets
:


--------
.
--------
.
--------
.
--------
.
--------
.
--------


To improve readability, and to make it easier to recognize that an add
ress is a MAC address

and not some
other address
, each octet is expressed in
hexadecimal

(base 16). Keep
in
mind that the MAC address is still
a string of 48 binary digits (base 2
-

0's and 1's) even though it is written in base 16.


Depending on the inter
f
ace
/
GUI, a MAC can be displayed

with each octet separated by a
colon, dash or
period. The following MAC address:


00000000.00011010.01001011.01111100.01111000.11000100


can be expressed
in any of the following forms
:


00:1A:4B:7C:78:C4


00
-
1A
-
4B
-
7C
-
78
-
C4


00.1A.4B.7C.78.C4



MAC ADDRESS
-

Unicast vs. Broadcast


A
unicast

destination MAC address targets a single NIC.


If the destination MAC address matches the MAC address of the receiving NIC, then
the NIC will pass the
packet onto the next layer of softwar
e for additional processing.


If the destination MAC address does NOT match the MAC address of the receiving NIC,
then the packet will
be dropped

by the NIC.



An example of a unicast MAC address might be:


00.1A.4B.7C.78.C4


A
broadcast

destination MAC ad
dress targets all NICs.

All NICs receiving a packet with a broadcast
destination MAC address will process the packet and pass it onto the next layer of software

(IP)

for
additional processing. A broadcast MAC address has all of its bits set to a value of 1
:


11111111.11111111.11111111.11111111.11111111.11111111


FF.FF.FF.FF.FF.FF




MAC Addresses

Notes
-

OSI Layer 2

5

/
108

Gnall


MAC ADDRESS

-

Uniqueness


A network will fail to function if two NICs have identical MAC addresses.

(A computer other than the intended
computer will
process

the wrong packet
s. ARP, which we will learn about soon, will also fail.)


The I
EEE (Institute for Electrical and Electronic Engineers) assigns ea
ch NIC manufacturer a
unique

Block

ID

and each
manufacturer

assi
gn
s a unique
Device ID

to each NIC manufacture
d

with that Block

ID.




BlockID
:
DeviceID



00:1A:4B
:
7C:78:C4


T
he BlockID is al
so referred to as an
OUI

(Organizationally Unique Identifier)
.


Since the DeviceID is comprised of 24 bits, a

single OUI provides an organization with 2
24

= 16.8 million
MAC addresses.


AN orga
nization must use up 95% of the addresses in
its

OUI before it can purchase an additional OUI.



OUI
vs.

IAB


A single OUI provides an organization with 2
24

= 16.8 million MAC addresses.


If an organization
does not need and/or
cannot afford to pay for a f
ull OUI, it can purchase a less expensive
IAB
, which comes with
the left
-
most
36 bits pre
-
assigned. The remaining 12 free bits provides 2
12

=
4096
free addresses.


At this point in time, all IABs have the same OUI.



MAC ADDRESS

-

Further Reading


IEEE
-

Standard Group MAC Addresses: A Tutorial Guide

http://standards.ieee.org/develop/regauth/tut/macgrp.pdf



IEEE
-

Registration Authority

FAQ

http://standards.ieee.org/faqs/regauth.html



IEEE
-

OUI Pricing

(OUI + 24

IEEE bits)

http://standards.ieee.org/develop/regauth/oui/index.html



IEEE
-

IAB Pricing

(O
UI
-
36

+ 12 IEEE bits)

http://standards.ieee.org/develop/regauth/iab/index.html



IEEE
-

OUI Lookup

http://stan
dards.ieee.org/develop/regauth/oui/public.html


CSMA/CD

Notes
-

OSI Layer 2

6

/
108

Gnall

CSMA/CD

-

Carrier Sense Multiple Access / Collision Detection


Primer Pages 10

-

11


Consider

the following network in which A sends out a packet meant to be read by B, and D sends out a
packet meant to be

read by C.






Fig.
8




This will not work since the packet sent out by A will be received by B, C and D while the packet sent out by
D will be received by C, B, and A.






Fig.
9





CSMA/CD

Notes
-

OSI Layer 2

7

/
108

Gnall

For example, i
f the bit stream sent out by A looks like:





Fig.
10



and the bit stream sent out by D looks like:





Fig.
11



then the combined bit stream will look like:





Fig.
12



B will see one combined bit stream and will not be able to extract the data from either A or D, including the
destination and source MAC addresses.


Here's another example:





Fig.
13



When a NIC, suc
h as the one belonging to B, receives two or more packets at the same time, this is referred
to as a
collision
.


Ideally,
D

would
sense

th
at a signal (elevated voltage or current level) is already present on the wire, and
then
wait to send out
its

own data
.


However, because it takes a finite amount of time before the signal from A reaches
D
,
D

may send out it's
packet before realizing that there is another signal on the network. The result is a collision between
the
packets sent out by A and
D
.


CSMA/CD

Notes
-

OSI Layer 2

8

/
108

Gnall

An eas
ier

way to
visualize

how
a collision

can happe
n is to consider a bus topology,
which is similar to a star
topology.

(Prior to
Ethernet

based star topologies, computers were networked via co
-
ax bus topologies.)


In
Figure
14a
,
computer
A starts transmitting be
fore D

decides to start transmitting.





Fig.
14a


The signal sent out by A is already out on the network when D checks (senses) the wire to determine if the
wire is already carrying data.

Since the signal from A has not yet
reached D, D proceeds to send out its own
data, destined for C.




Fig.
14
b


Continuing…




Fig.
14c


Eventually, C will be receiving data from A and D before D
receives any data from A and

realizes there are
two sets of data being transmitted.





Fig.
1
4
d


Once D receives data from A,
while
still
transmitting data to C,
D

will

realize/
detect

that there has been a

collision
.






Fig.
1
4
e

CSMA/CD

Notes
-

OSI Layer 2

9

/
108

Gnall

D

detect
s

a higher than
expected voltage
/current

on the network and realize
s

that there are two signals
present and that the packet it is transmitting is collidi
ng with another packet
.

D

will stop transmitting data
and send out

a warning signal
indicating

there has just been a collision. Both A and
D

(and any other node
on the network

receiving the warning signal
) will wait a random amount of time before attempting to send
out data again.


CSMA/CD is considered to be
multiple ac
cess

because it is a method by which multiple computers can gain
access to a shared transmission media in a controlled fashion.



TOKEN
RING


Another method for controlling media access is with token passing. Token ring technology was invented by
IBM in 19
85, but has lost out to the faster, cheaper and easier to use Ethernet technology.


http://www.datacottage.com/nch/troperation.htm#.Uk9iTYasi
-
0


"Unlike Ethernet, Token Ring uses a

ring topology whereby the data is sent from one machine to the
next and so on around the ring until it ends up back where it started. It also uses a token passing
protocol which means that a machine can only use the network when it has control of the Toke
n, this
ensures that there are no collisions because only one machine can use the network at any given time.


Token Ring networks are now very rare because the cost and flexibility of Ethernet came to dominate
the market."






Fig. 15


DEMO:
http://ipsit.bu.edu/sc546/sc546Fall2002/TokenRing_pr
oject/_private/




A logical token ring topology can be configured in either a physical ring or physical star topology.



o
r

Fig. 16


DEMO:
http://www.datacottage.com/nch/troperation.htm#.Uk9iTYasi
-
0
Switches

Notes
-

OSI Layer 2

10

/
108

Gnall

SWITCHES

-

Isolat
ed Communication Paths and MAC Table


Primer Pages 12
-

13


With multiple
computers connected to
gether via

a hub, CSMA/CD
works to minimize the number of collisions

and
also
to
recover from collisions

which were unavoidable
.


But
even with CSMA/CD,
only on
e
exchange of data

at a time is allowed.


As more and more computers are added to the network
, the number of collisions may reach the point at
which almost all attempts at transferring data result in a collision
-

the network be
comes unacceptably
inefficie
nt.


A way to isolate the communication paths between devices is needed.

The solution is to replace the hub with
a
switch
.


A
s
witch sends a packet out only via the port which leads to the destination computer. It does this on the
basis of the packet's des
tination MAC address.


How does a switch know which ports correspond to which MAC addresses? Initially
the switch

doesn't

and it will
send a packet arriving on one port out all other ports
.
But as packets arrive t
he switch reads the source
address of each
incoming packet and builds a
MAC
table
.


Port

MAC Address

1

...:A5

2

...:C2

3

...:2B

4

...:73


Since computers tend to announce themselves to the network as soon as they boot up,
the switch

is able to
learn

fairly quickly

which ports will reach which
MAC addresses.

Compare the following switch diagram with the
previous
hub diagram

(Figure
9
)
:




Fig.
17







Fig. 18

DEMO:
http://cc.concord.edu
/Networking/networking.htm

Simplex / Half
-
Duplex / Full
-
Duplex

Notes
-

OSI Layer 2

11

/
108

Gnall

Simplex vs. Half
-
Duplex vs. Full Duplex


Simplex

wiring allows communication in one direction only.





Half
-
duplex

communication allows communication in both directions, but not simultaneously.




or





Full
-
duplex

communication allows simultaneous communication in both di
rections, but requires two wires to
do so.





Hubs only operate in half
-
duplex mode on
ly
, whether between themselves or with a connected device
.



or




A fully switched network (one
without hubs) will work in full
-
duplex mode
, whether between themselves or
with a connected device.





Switches will drop back to half
-
duplex mode when connected to a hub.


Cross
-
Over vs. Pass
-
Through Cables

Notes
-

OSI Layer 2

12

/
108

Gnall

CROSS
-
OVER vs. PASS
-
THROUGH CABLES


With older NICs, a straight
-
through cable
can

NOT

be used to directly connect o
ne computer to the another.




With older NICs, a cross
-
over cable must be used to connect two computers directly to each other.




Newer a
uto
-
sensing NICs allow the use of straight
-
through cabl
es to connect one computer to another.




Dedicated uplink ports on older switches without auto
-
sensing NICs allowed the use of straight
-
through cables.



Cross
-
Over vs. Pass
-
Through Cables

Notes
-

OSI Layer 2

13

/
108

Gnall





Netgear EN104TP 4
-
Port 10 Mbps Et
hernet Hub RJ
-
45 with Uplink Button

http://support.netgear.com/product/EN104




Netgear FS105 ProSafe 5
-
Port Fast Ethernet Desktop Switch

http
://support.netgear.com/product/FS105


Coll
ision Domains

Notes
-

OSI Layer 2

14

/
108

Gnall

COLLISION DOMAINS


Primer Pages 12
-

13


Consider the following network in which eight computers are connected together via three hubs
.
While
computer
A

exchanges data

with B,
all of the other computers also
receive

the data exchanged between A
and B. Therefore,
no other compu
t
ers in this network can
exchange data

at the same time as A and B.
In
general, a
ny attempt
s

at simultaneous conversation
s

will result in a collision.

Packets from A, B, C, D, X, Y,
Z and W all h
ave the potential to collide with each other.





Fig. 1
9



If
the center hub, H3, is replaced with a switch, the

switch will block the A
-
B data exchange from reaching X,
Y, Z and W.

T
he switch reads the destination

MAC address in the data packets and compares them with the
entries in its MAC table
.

I
t k
nows that A and B

are connected to its left port and therefore there is no need to
send those data packets out it's right port.





Fig.
20


Note however, that the data exchanged by A and B, will
still reach

C

and

D.

So C and D still
can
not have a
conversation while
A

and
B

are having a conversation.

Coll
ision Domains

Notes
-

OSI Layer 2

15

/
108

Gnall


Since the switch is preventing the A
-
B data

exchange

from reaching the right hand
side of the network, X
and Y are able to have a conversation while A and B are communicating. However, note that the data
exchanged by X and Y will still reach Z and W via H2.


So while the switch enables A and B to exchange data while X and Y are exchangi
ng data, C and D can NOT
exchange data while A and B are exchanging data. Similarly, Z and W cannot exchange data while X and Y
are exchanging data.





Fig.
21



In other words, packets from A, B, C and D can still

collide with each other and

packets from X, Y, Z and W
can collide with each other. A, B, C and D are considered to be included in a single
collision domain

while
X, Y, X and W are considered to be included in a

separate

collision domain.


In
Figure 19

in

which H3 had not yet been replaced by
a

switch, all eight computers were included in a single
collision domain.


W
hat
has been

gained by replacing a hub with a switch is to divide

a single collision domain into two collision
domains
-

see Figures 22 and 2
3
.
Coll
ision Domains

Notes
-

OSI Layer 2

16

/
108

Gnall

One collision domain:









Fig.
22
a









Two collision domains:







Fig.
2
2b


Coll
ision Domains

Notes
-

OSI Layer 2

17

/
108

Gnall

How many collision domains? (
Question

-

see next page for answer
)










Fig.
2
3a

Coll
ision Domains

Notes
-

OSI Layer 2

18

/
108

Gnall

How many collision domains? (
Answer
)


If the connection between the two switches is half
-
duplex, then there are five collision domains.


If the connection between the two switches is full
-
duplex, then there are four collisio
n domains.















Fig.
2
3b




Coll
ision Domains

Notes
-

OSI Layer 2

19

/
108

Gnall

In a completely switched
-
based network (no hubs) which is full
-
duplex everywhere (no half
-
duplex or
simplex), does it still make sense to talk about collision domains?


If there are no

hubs in the network and it is fully switched, then the whole network can run at full
-
duplex
and there are no collision domains.












Fig.
24


Ethernet Frames

Notes
-

OSI Layer 2

20

/
108

Gnall

Ethernet Frame
s


Frame Structure


Ethernet frames are often drawn with just t
he MAC ad
dress fields and the data field:


D
-
MAC

6 bytes

S
-
Mac

6 Bytes

Data

0
-
1500 Bytes


However, the Ethernet protocol adds more than just MAC addresses to the D
ata field:


Preamble

8 bytes

D
-
MAC

6 bytes

S
-
Mac

6 Bytes

EtherType

2 bytes

Data

0
-
1500 Bytes

(IP Datagram)

Padding

0
-

46 Bytes

Checksum

4 Bytes

InterFrame Gap

5
-

12 Bytes

*


Preamble Field


The Preamble field is an alternating binary series:


10101010 10101010 10101010 10101010 10101010 10101010 10101010 101010
11


The Preamble gives the

NIC time to wake up and get ready to read the Destination MAC address field. The
last two repeated 1 bits indicate that the next two bits are the beginning of the address field.


EtherType Field


There are four versions of the Ethernet protocol, the most
popular of which is Ethernet II:




Ethernet II




Novell raw IEEE 80
2.3 non
-
standard variation




IEEE 802.2
Logical Link Control (LLC)




IEEE 802.2 Subnetw
ork Access Protocol (SNAP)


Depending on which Ethernet version is being used, the EtherType field will e
ither give the total length of the
Ethernet frame or state what kind of information is contained in the next field.


Ethernet Type

Field Meaning

Range

Meaning

Ethernet 802.3

Frame Length

<=1500

size of the data field + padding

Ethernet II

Ether Type

>=15
36

which protocol is encapsulated in the data field


Padding

Field


In order for CSMA/CD to work, the
minimum

size for an Ethernet frame is 64 bytes (not including the
preamble or InterFrame gap).


The combined size of the destination and source MAC addre
sses, Ether Type and Checksum fields is
18 bytes

(6 + 6 + 2 + 4).


Subtracting 18 from 64 leaves 46 bytes which must be accounted for by either the data and/or padding
fields.


For example, if the data field is empty, then 46 bytes of padding must be added

to the Ethernet frame.

For example, if the data field contains 46 or more bytes, then no padding is required.


Ethernet Frames

Notes
-

OSI Layer 2

21

/
108

Gnall

Checksum Field


The checksum field is a CRC calculated over the
entire

frame.


InterFrame Gap Field


The InterFrame Gap can range from 5 to 12
bytes, depending on the speed of the link connection.


Q Tag Field


Newer versions of Ethernet II can add an additio
nal
four

byte 802.1Q tag field
between the S
-
MAC and
EtherType fields to identify the frame's VLAN and priority. The presence of a Q Tag fie
ld is determined by the
fact that it always begins with a value of 0x8100 (a value which wouldn't be found in the EtherType field).


Preamble

8 bytes

D
-
MAC

6 bytes

S
-
Mac

6 Bytes

Q Tag

4 Bytes

EtherType

2 bytes

Data

0
-
1500 Bytes

(IP Datagram)

Padding

0
-

46

Bytes

Checksum

4 Bytes

InterFrame Gap

5
-

12 Bytes

*


Frame Size


When asked "What is the
maximum

size an Ethernet frame can be?", Google will provide many answers,
such as:


1500 bytes


(data field)


1518 bytes


(data field + MAC addresses + EtherType +

Checksum)


1522 bytes


(data field + MAC addresses + EtherType + Checksum + Q Tag)


1526 bytes


(data field + MAC addresses + EtherType + Checksum + Preamble)


1530 bytes


(data field + MAC addresses + EtherType + Checksum + Preamble + Q Tag)


1542 bytes


(data field + MAC addresses + EtherType + Checksum + Preamble + Q Tag + InterFrame Gap)




For frames not containing a Q Tag field, the correct answer is 1518 bytes, as the Preamble and InterFrame
Gap are not considered to be part of the Ethernet frame, b
ut rather as support structure for the Ethernet
protocol.


For frames containing a Q Tag field, the correct answer is 1522 bytes.


An answer of 1500 bytes refers to just the maximum size of the data field.


Why 1500 bytes?

http://www.tomshardware.com/forum/19754
-
42
-
maximum
-
size
-
ethernet
-
frame


The 1500 byte payload limit was somewhat arbitrary. *Some* upper limit is needed for a number of
reasons:


-

The longer the maximu
m frame allowed, the longer the maximum delay on a shared medium. All stations
must wait for a frame
-
in
-
progress to complete before attempting their own transmission; longer frames
means longer wait time.


-

Longer frames increases the probability that one

or more bits in the frame will be received in error,
necessitating retransmission of the frame. (In the extreme case, an infinitely
-
long frame is *guaranteed* to
contain bit errors, ensuring that it would *never* be correctly received!)


-

A longer maximu
m frame increases the memory requirement for a NIC using a simple, fixed buffer design.
This is the *real* reason for the 1500 byte limit; at the time we designed it (1979), buffer memory was
much more expensive than it is now, and DMA controllers were too

complex to be implemented in anything
less than a full
-
custom chip.
Routers &
IP Addresses

Notes
-

OSI Layer 3

22

/
108

Gnall

1

http://www.businesswire.com/news/home/20100816005081/en/Internet
-
Connected
-
Devices
-
Pass
-
5
-
Billion
-
Milestone

ROUTERS
&

NETWORK SEGMENTS,
IP ADDRESSES

& SUBNETS

Primer Pages 14
-

15, 17
-

18


In the following network, each switch
will maintain

a MAC table with 24 entries, one for each computer.





Fig.
25

For a small network, consisting of just a few
hundred

computers, building the network out of just hubs and
switches
is feasible
. Modern processor and memory technologies can handle MAC tables of th
is

size.


However,

if just hubs and switches are used to build the entire Internet,
which contains
b
illions
1

of
computers,
then e
ach switch would
need

to store billions of MAC addresses.
Such a switch would

most likely
be slow and
/or

prohibitively expensive to build.


The s
olution is to divide the network up into smaller
groups of computers or network
segments. This is done
in such a way that
the switches only need

to maintain a
table

of MAC addresses for

computers in their own
network segment.


R
outer
s

are

used to divide
a

network up into
network segments

and
IP addresses

are used to
group
computers into
subnets
. Usually, there is a one
-
to
-
one
correspondence

between network segments and
subnets. Each network segment contains only one subnet and a subnet is confined to one ne
twork segment.
The IP address identifies both the subnet to which a computer belongs and the computer's individual identity
within the subnet.





Fig.
26
Routers &
IP Addresses

Notes
-

OSI Layer 3

23

/
108

Gnall

To
understand

how

routers and
IP addresses

work together

to identify n
etworks and
individual computers
within
a

network
, consider the following network
.
(
In this network, each switch needs to maintain eight MAC
addresses in their respective MAC tables.
)







Fig.
27


Replace the center switch wi
th a router.
(
After r
eplac
ing

t
he center switch with a router
, each
remaining
switch
now only needs

to maintain
f
ive

MAC addresses in their respective MAC tables.
)








Fig.
28


I
n the network

segment

on the left,

each of
the IP addresses begins with "192.168.1"
.


In the network

segment

on the right, each of the IP addresses begins with "192.168.2".


The three numbers on the left identify which
subnet

the computer is in, and the last number on the right
identifies the indiv
idual computer within the
subnet
.


(We will see later that sometimes it is just the first two numbers, or sometimes just the first number which
identifies which
subnet

the computer is in.

(With complex subnetting, it is even more complicated.
)
)


Each of th
e four numbers

(separated by a period or "dot")

within the IP address is referred to as an
octet
,
since it is the decimal equivalent of an eight bit binary number.

(An IP address has a total length of 32 bits.)
IP Address

Routers &
IP Addresses

Notes
-

OSI Layer 3

24

/
108

Gnall

It should be noted at this point that routers

will divide a network up into collision domains just as switches
will
.
If the two switches in
Figure 28

are replaced with hubs, collisions will occur between computers in the
red network, and collisions will occur between computers in the blue network, bu
t collisions will not occur
between the two networks.










Fig.
29







When data is sent from one device to another, destination and source IP address
es

are included in the
packet along with the MAC addresse
s. Note that the order of the IP addresses is the opposite of the order of
the MAC addresses.



Destination MAC

Source MAC

Source IP

Destination IP

Data




Fig.
30
Network Address & Broadcast Address

Notes
-

OSI Layer 3

25

/
108

Gnall

SUBNET MASKS
,
NETWORK ID, HOST ID


Primer Pages 1
7
-

1
8, 20
-

21


As stated earlier, it is
not always the case that the first three octets of an IP address identify which subnet a
computer is in. Sometime it is just the first two octets or sometimes it is just the first octet.


Compare the network
in Figure 29

with the two networks on this page.


In
Figure 29 on the previous page
, all of the red computer IP addresses have the

same

first three
octets
,
and all of the blue

computer IP addresses have the

same

first three
octets
.


In
Figure 3
1

below, all of the red computer IP addresses
have the same
first two octets
, and all of the blue
computer IP addresses have the same f
irst two octets.


In
Figure 3
2

below, all of the red computer IP addresses
have the same
first octet
, and all of the blue
computer IP addresses have the s
ame first octet.






Fig.
3
1







Fig.
3
2

Network Address & Broadcast Address

Notes
-

OSI Layer 3

26

/
108

Gnall

Each computer, in addition to knowing its own IP address, also knows its own
subnet mask
. A

subnet mask
is used
to d
etermine which of
the octets in
an

IP address identify the
subne
t

to which
a

computer belongs
-

the first octet, the first and second octet, or the first, second and third octet. The remaining octets identify
the

computer
'
s
own unique
identity

within the network.


Like an I
P address, a subnet mask is

made up of four oc
tets

(32 bits)
. A subnet mask might look like:


255.255.255.0


255.255.0.0


OR


255.0.0.0


For each octet in a subnet mas
k which has a value of
255
,

the corresponding octet
(s)

in the IP address
are

part of the
Network ID

and

identif
y

which
subnet

the IP ad
dress belongs to.


For each octet in a subnet m
ask which has a value of
0
,

the corresponding octet
(s)

in the IP address
are

part of the
Host

ID

and

identif
y

the individual computer within the
subnet
.


So for
the
red and blue networks
in Figure 29
, in which

the first three octets determine the
N
etwork

ID

and
the last octet determine the Host ID
, the subnet mask would be:


255.255.255.0


For
the
red and blue networks

in Figure 30
, in which the first two octets determine the
N
etwork

ID

and the
last two octets
determines the Host ID
, the subnet mask would be:


255.255.0.0


For
the
red and blue networks

in Figure 31
, in which just the first octet determines the
N
etwork

ID
, the
subnet mask would be:


255.0.0.0



EXAMPLE:


Depending on the value of the associated s
ubnet mask, the network and host portions of an IP address will
vary. Consider the following IP
addresses

in combination with different subnet masks:


IP

Address
:

202.

67.

84.5



Subnet Mask:

255.255.255.0

Network ID:

202.

67.

84

Host ID:



5



S
ubnet Mask:

255.255.

0
.0

Network ID:

202.

67

Host ID:



84.5



Subnet Mask:

255.

0
.

0
.0

Network ID:

202

Host ID:



67.

84.5

Network Address & Broadcast Address

Notes
-

OSI Layer 3

27

/
108

Gnall

If two computers have the same Network ID, they are said to belong to the same
subnet
.


EXAMPLE:


Consider the followi
ng set of IP addresses:


192.168.1.5


192.168.2.5


If the subnet mask is
255.255.255.0
,

then
the two IP addresses are in
different

subnet
s.


If the subnet mask is
255.255.0.0
,

then the two IP addresses are in the
same

subnet
.


If the subnet mask is
255.0.0
.0
,

then the two IP addresses are in the
same

subnet
.


-----


Consider the following set of IP addresses:


192.
10
.1.5


192.
20
.2.5


If the subnet mask is
255.255.255.0
,

then the two IP addresses are in
different

subnet
s.


If the subnet mask is
255.255.0.0
,

then the two IP addr
esses are in

different

subnet
s.


If the subnet mask is
255.0.0.0
,

then the two IP addresses are in the
same

subnet
.


-----


Consider the following set of IP addresses:


100
.
10
.1.5


200
.
20
.2.5


If the subnet mask is
255.255.255.0
,

then t
he two IP addresses are in
different

subnet
s.


If the subnet mask is
255.255.0.0
,

then the two IP addr
esses are in

different

subnet
s.


If the subnet mask is
255.0.0.0
,

then the two IP addresses are
in

different

subnet
s.




A computer uses
its own subnet ma
sk

to determine its own Network ID and also uses
its own subnet
mask

to
derive

the

Network ID from the

IP address

of a

computer

with which it wishes to communicate
.


If the Network IDs are the same, then the two computers belong to the same subnet.


If the

network IDs are different, then then the two computers belong to different subnets.


Computers belonging to the same subnet are usually in the same network segment (same side of a router).


Computers belonging to different subnets are usually in different

network segments (different sides of a
router).



Class Based Subnetting

Notes
-

OSI Layer 3

28

/
108

Gnall

Class Based Subnetting


Up to this point, we have identified three types of subnet masks (later on we will see that there are more
than just these three):


255.0.0.0


255.255.0.0


255.255.255.0



Subnets
in which the just the first octet identifies the Network ID are referred to as
Class A

subnets.


Subnets in which the first and second octets identify the Network ID are referred to as
Class
B

subnets.


Subnets in which the first, second and third octets i
dentify the Network ID are referred to as
Class
C

subnets.



We will see later in these notes, that:


The first octet of a
Class A

network has a value between
0 and 127
.


The first octet of a
Class B

network has a value between
128 and 191
.


The first octe
t of a
Class C

network has a value between
192 and 223
.



Class

Subnet Mask

First Octet


Dotted Decimal

CIDR


Decimal

Binary

A


255.0.0.0


/8


0
-

127


0xxxxxxx

B


255.255.0.0


/16


128
-

191


10xxxxxx

C


255.255.255.0


/24


192
-

223


110xxxxx

ARP & PING

Notes
-

OSI Layer 3

29

/
108

Gnall

ARP
&

PING

-

Same Subnet


A common troubleshooting technique for network and system administrators is the use of
ping

packets. To
determine if a computer is connected to the network and responding to data packets, a

second

computer on
the network can be instru
cted to send a simple
ping
request
packet

to the computer in question. The ping
request
packet does nothing more than ask for a reply. If the computer
in question
re
sponds

to the ping
request packet with a
ping re
ply

packet
, then the administrator can assu
me the computer

in question

is
functioning properly (at least at the network level).


Consider the following simple network with four computers connected together via a switch:




Fig.
33


A
ping command
, issued from computer A
, and requesting a reply from computer D
,
would
look like:


ping 192.168.1.5


Note

that while the ping command only
references

the IP address of computer D, the ping packet itself must
also contain the MAC address of computer D.


Destination MAC

D

Source M
AC

A

Source IP

A

Destination IP

D

Data:

Please Re
ply


How does A know the MAC address of D if A is only given the IP address of D in the ping command?


Before computer A can issue the ping packet,
A

must first issue an
ARP
request p
acket

whose job it is t
o
determine the MAC address for computer D.

An ARP packet asks "

Who has this IP address and what is your
MAC address?".


An
ARP request packet

has the following structure

consisting of
two address fields

and
one data field

(there are no IP address fields)
:


Destination MAC

FF:FF:FF:FF:FF:FF

Source MAC

A

Data

Sender MAC:

A

Sender IP:


192.168.1.2

Target MAC:

00.00.00.00.00.00

Target IP:


192.168.1.5



Fig.
34


The ARP
request expects

to get a response from D.
D's NIC will only process the packet if the des
tination
MAC address matches D's MAC address or
if

the destination MAC address is a
broadcast MAC address
.

(
A
NIC will always process a data packet with a broadcast MAC address
.
)

Since A does not know D's MAC
address (that's what it is trying to find out)
A

must u
se a broadcast destination MAC address.


The A
RP

packet does not contain source or destination IP address fields since that information is included in
the data field of the packet.
ARP & PING

Notes
-

OSI Layer 3

30

/
108

Gnall

When a switch receives a packet with a broadcast destination
MAC ad
dress
, it will send the packet out all of
its other ports since its MAC table doesn't have an entry for a broadcast MAC address
.

So in this case, the
broadcast
ARP request packet

is sent out all ports to B, C and D.


Destination MAC

Broadcast

Source MAC

A

Who is

192.168.1.5

and

what is your MAC address?



Fig.
35




Fig.
3
6


Since D is able to retrieve A's MAC address from the ARP request packet, the
ARP reply packet

DOES
contain a specific unicast destination MAC address

and the switch will only send it out one port
:


Destination MAC

A

Source MAC

D

The MAC address for

192.168.1.5 is

D



Fig.
3
7



Fig.
3
8


Once A receives the ARP reply from D,
A

is able to issue the following
ping request
packet
:


Destination MAC

D

Source MAC

A

Source IP

A

Destination IP

D

Data:

Please Re
ply



Fig.
3
9

D will reply with the following
ping reply packet
:


Destination MAC

A

Source MAC

D

Source IP

D

Destination IP

A

Data:

Hi!



Fig.
40
ARP & PING

Notes
-

OSI Layer 3

31

/
108

Gnall

Suppose the previous swi
tched network is part of a routed network.





Fig.
41



In this network, when A sends out
an ARP request packet looking for D, S1 will send the packet out all of its
ports, so the router wi
ll also see it. When the route
r receives the broadcast ARP packet, it will NOT forward it
onto the other (blue) network. In general, with just a few exceptions, routers will not pass broadcast packets
from one network to another.


The fact that
routers will not pass broadcast packets

i
s a good thing. If routers passed all broadcast
packets from one network to the next, a network could become bogged down with broadcast traffic.


Since broadcast packets are restricted to the network segment from which they originate, a router creates
broa
dcast domains
, just as a switch creates collision domains.



ARP & PING

Notes
-

OSI Layer 3

32

/
108

Gnall

ARP

& PING

-

Different Subnets




Fig.
4
1



What if
computer
A wants to ping X?


ping 192.168.2.2


One might think that A would first send out
an ARP packet r
equesting the MAC address for the machine with
an IP address of 192.168.2.2. But this won't work for two reasons:


1) In order to reduce the total amount of network traffic, routers don't pass broadcast packets. So

in this
case,
the
broadcast
ARP
request p
acket
will never make it into the blue network.


2) Even if A could learn the MAC address of X via an ARP
request
packet or by other means, using X's
MAC address

as the destination MAC address

in the ping request packet would fail. The router's NIC
would i
gnore the
ping request
packet because the destination MAC address does not match the address
of the NIC.


So h
ow does A get a ping request packet to X?


Since X is in another network, A must send the
ping request packet

to the router and rely on the router

to
forward the packet to X. If A wants the router
's NIC

to process the packet, then the destination MAC address
must be that of the router, and not X. The destination IP address must still be that of X, so that the router
knows which computer to forward t
he packet to.


Destination MAC

R

Source MAC

A

Source IP

A

Destination IP

X

Data:

Please Re
ply



Fig.
4
2


How does A know the MAC address of R if A is only given the IP address of X in the ping command?


Computer A knows the IP address of the router

(192.1
68.1.1)

since it is part of the IP configuration assigned
to A either manually or via a DHCP ser
ver
.


Since A can retrieve the IP address of the router from its IP configuration, it can then ARP for the MAC
address belonging to the IP address of the router
.

ARP & PING

Notes
-

OSI Layer 3

33

/
108

Gnall

Computer A issues a
broadcast ARP request

looking for the

router's

MAC address:


Destination MAC

FF:FF:FF:FF:FF:FF

Source MAC

A

Who is 192.168.1.1

and

what is your MAC address?



Fig.
4
3



The router responds with a
unicast ARP reply
:


Destination MAC

A

Source MAC

R

The MAC addre
ss for

192.168.1.1 is

R



Fig.
4
4



Computer A
is now able to
send a
unicast ping request

to the router, but with an ultimate destination

IP
address

of computer X.

Note the values of the destination MAC address and destination
IP address.


Destination MAC

R

Source MAC

A

Source IP

192.168.1.2

D
estination IP

192.168.2.2

Data:

Please Re
ply



Fig.
4
5



The router receives the ping request and processes it since the destination MAC address matches its own
MAC address.

The router

see
s that the destination IP address is
not for itself but is
for machine X. The router
determines that X is in a network directly attached to one of its
port
s (again, more on this later) and issues a

broadcast

A
RP

request

looking for X's
MAC

address:


Destin
ation MAC

FF:FF:FF:FF:FF:FF

Source MAC

R

W
ho is 192.168.2.2

and

what is your MAC address?



Fig.
4
6



X responds with a
unicast ARP reply
:


Destination MAC

R

Source MAC

X

The MAC addr
ess for

192.168.2.2 is

X



Fig.
4
7



Now that the router knows X's MAC
address, the router

is able to
relay the

unicast ping request

to X
. Note
that the source IP address still belongs to A. This is because X needs to know that it should reply to A and
not the router. Note that the source MAC address does belong to R so that
X can also determine the direct
source of the packet.


Destination MAC

X

Source MAC

R

Source IP

192.168.1.2

Destination IP

192.168.2.2

Data:

Please Re
ply



Fig.
4
8



ARP & PING

Notes
-

OSI Layer 3

34

/
108

Gnall

X replies to A


X determines that the source IP address in the ping request is in a diff
erent network, so
X
knows it cannot
sen
d a ping reply direc
tly to A and must
instead
send the ping reply to the router and let the router forward
the packet.


The IP address for the router is stored in X's IP configuration and X knows the router's MAC addr
ess because
it was the source MAC address in the
ARP

and ping packets it just received from the router.

X retains this
information in its ARP cache for a short time.
So X does not need to issue an ARP packet.


X knows the ultimate destination IP address
o
f A

since it was the source IP address in the ping request.


X sends the following
unicast ping reply

to the router:


Destination MAC

R

Source MAC

X

Source IP

192.168.2.2

Destination IP

192.168.1.2

Data:

Hi
!



Fig.
4
9



The router receives the ping reply
and process
es

it since the destination MAC address matches its
own

MAC
address.


The router reads the destination IP address in the ping reply and realizes it needs to forward the packet to a
computer in a network directly attached to one of its ports. It
does not need to ARP for
A's

MAC address
since it still remembers A's MAC address from the ARP and ping packets it recently received from A.


The router sends the following
unicast ping reply

to A:


Destination MAC

A

Source MAC

R

Source IP

192.168.2.2

Dest
ination IP

192.168.1.2

Data:

Hi
!



Fig.
50


General Packet Routing

Notes
-

OSI Layer 3

35

/
108

Gnall

GENERAL
PACKET
ROUTING &
ADDRESSING

PROCESS


When a computer (A)

wants to

send

a packet

to another computer (B)
,

what A does depends on whether B
is in the same subnet or a different subnet (and therefore diff
erent network segment) as A.



A

must first decide if
B

is in the
same

subnet

or a
different subnet
:


A uses its own subnet mask and its own IP address to determine its own Network ID.


A uses its own subnet mask and B's IP address to determine B's Network

ID.


A compares its Network ID with B's Network ID.


If the Network IDs match, then A and B are in the same subnet.


If the Network IDs do NOT match, then A and B are in different subnets.



If
A

decides
B

is in the
same subnet
, the

following

happens
:


A

ARPs for
B
's MAC address.


B

replies to
A
's ARP request.


A

sends the packet directly to
B
.


The p
acket's destination MAC address equals
B
's
MAC address
.


The p
acket's destination
IP

address equals
B
's IP

address
.



If
A

decides
B

is in a
different subnet
,

the

following happens:


A

ARPs for the
router
's MAC address.


The
router

replies to
A
's ARP request.


A

sends the packet to the
router
.


The p
acket's destination MAC address equals the
router
's MAC address.


The p
acket's
source

MAC address equals
A
's MAC
address.


The p
acket's destination
IP

address equals
B
's IP address.


The p
acket's
source

IP

address equals
A
's IP address.


The
r
outer

ARPs for
B
's MAC address.


B

replies to the
router
's ARP request.


The
r
outer

sends the packet to
B
.


The p
acket's desti
nation MAC address equals
B
's MAC address.


The p
acket's
source

MAC address equals

the

router
's MAC address.


The p
acket's destination
IP

address equals
B
's IP address.


The p
acket's
source

IP

address equals
A
's IP address.

Subnet Masks
-

Decimal vs. Binary

Notes
-

OSI Layer 3

36

/
108

Gnall

SUBNET MASKS

-

Decimal

vs. Bina
ry


We have already seen how subnet masks are used to determine if two computers are in the same subnet or
not.


For example if we apply a Class B subnet mask to the following IP addresses, we can see that they belong to
different subnets since the second
octet is different for the two IP addresses.


SM:





255.255. 0.0



A IP:




130. 45.67.89

A Network ID:


130.
45

A Host ID:





67.89



B IP:




130. 46.98.76

B Network ID:


130.
46

B Host ID:




98.76



Although it is easy for humans to wor
k with IP addresses and subnet masks using dotted decimal notation,
the computers are actually performing the
comparisons

in binary.


Wherever there is a
1

in the subnet mask, then the corresponding binary digit in the IP address belongs to
the
Network ID
.


Wherever there is a
0

in the subnet mask, then the corresponding binary digit in the IP address belongs to
the
Host ID
.


SM:





255.255. 0.0



11111111.11111111.00000000.00000000



A IP:




130. 45.67.89



1000
0010
.
00
10
1101
.
0
100
0011
.
0
101
1001

A Network I
D:


130.
45





10000010
.
00
10
11
01
.

A Host ID:




67.89




0
100
0011
.
0
101
1001



B IP:




130. 46.98.76



1000
0010
.
00
10
11
10.
0
110
0010
.
0
100
1100

B Network ID:


130.
46





10000010
.
00
10
11
10
.

B Host ID:





98.76




0
110
0010
.
0
100
1100


Since the last two binary digits in the Network IDs are different, A and B are in different subnets.


Network,
Broadcast and Default Gateway Addresses

Notes
-

OSI Layer 3

37

/
108

Gnall

NETWORK ADDRESS
,

BROADCAST ADDRESS
, DEFAULT GATEWAY ADDRESS


Every subnet has a range of IP addresses which are valid for that subnet.

For example, the class C network


192.168.0.
--------


has the following range of IP addresses:


192.168.0.00000000 = 192.168.0.0



Network Address

192.168.0.0000000
1

= 192.168.0.
1



D
efault
G
ateway
A
ddress

(usual)

192.168.0.000000
1
0 = 192.168.0.
2

19
2.168.0.000000
11

= 192.168.0.
3

192.168.0.00000
100

= 192.168.0.
4

.

.

.

192.168.0.
11111
0
11

= 192.168.0.
251

192.168.0.
111111
00 = 192.168.0.
252

192.168.0.
11111101

= 192.168.0.
253

192.168.0.
1111111
0 = 192.168.0.
254



D
efault
G
ateway
A
ddress

(alterna
tive)

192.168.0.
11111111

= 192.168.0.
255


Broadcast Address


All but
two
of these addresses

(broadcast and network)

can be assigned to a host.


Broadcast Address


The last address,
192.168.0.255, in which
all of the host bits have been assigned a value o
f "1"
, is the
broadcast address

for the subnet
.


If a computer wishes to send a packet and have it read by all other computers belonging to the same subnet
in the same network segment (same side of a router), then both the MAC address and the IP address mu
st
be broadcast addresses:


MAC

FF:FF:FF:FF:FF:FF


IP


NetworkID.11111111

= NetworkID.255


Network Address


The first address,
192.168.0.
0,

in which
all of the host bits have been assigned a value of "
0
"
, is the
network address

for the subnet
.


Routers ma
intain routing tables which list which networks can be reached via which ports. For each port
listed in the table, there may be one or more networks assigned to the port. The networks are referred to by
their network address.


NetworkID.
00000000


Default G
ateway Address


By convention, the Default Gateway Address is usually the Network Address + 1 (second lowest IP address),
but not always. Sometimes the Default Gateway Address is the Broadcast Address
-

1 (second highest IP
address). It can even be any of
the other valid IP addresses in the subnet. For example, for a class C
network:


DGA

NetworkID.00000001

= NetworkID.1


OR


DGA

NetworkID.1111111
0

= NetworkID.254


Network,
Broadcast and Default Gateway Addresses

Notes
-

OSI Layer 3

38

/
108

Gnall

We can use any
Subnet Mask /
IP Address comb
ination to derive the Network Address

and Broadca
st
Address for the subnet

to which the IP Address belongs
.


EXAMPLE

1


IP Address:

10.2.3.6


Subnet Mask:

255.255.255.0


Convert both to binary
.


Highlight

the
network

portion and host portion of the IP address.


IP Address:

00001010.00000010.00000011
.
000
00110

Subnet Mask:

11111111.11111111.11111111.00000000

Network
ID
:

00001010.00000010.00000011

10.2.3

Host ID
:


00000110



6


Network Address:

00001010.00000010.00000011
.00000000

10.2.3.0


Broadcas
t Address:

00001010.00000010.00000011
.11111111

10.2.3.255



If we consider the IP address 10.2.3.6 to belong to either a Class C, Class B or Class A network, we can
derive the following network and broadcast address:


Class C


IP Address:

00001010.00000010
.00000011
.
00000110


10.

2.

3.6

Subnet Mask:

11111111.11111111.11111111.00000000

255.255.255.0

Network Address:

00001010.00000010.00000011
.00000000


10.

2.

3.0

Broadcast

Address
:

00001010.00000010.00000011
.11111111


10.

2.

3.255


Class B


IP Address:

00001010.00000010
.
00000011.00000110


10.

2.

3.6

Subnet Mask:

11111111.11111111.00000000.00000000

255.255.

0.0

Network Address:

00001010.00000010
.00000000.00000000


10.

2.

0.0

Broadcast

Address
:

00001010.00000010
.11111111.11111111


10.

2.255.255


Clas
s A


IP Address:

00001010
.
00000010.00000011.00000110


10.

2.

3.6

Subnet Mask:

11111111.00000000.00000000.00000000

255.

0.

0.0

Network Address:

00001010
.00000000.00000000.00000000


10.

0.

0.0

Broadcast

Address
:

00001010
.11111111.11111111.11111111


10.
255.255.255



NOTE: The
network and
broadcast addresses given in these examples are
network and
broa
dcast addresses
for their particular subnet.


A network address for the whole internet would be:

0.0.0.0


A broadcast address for the whole internet would
be:

255.255.255.255

CIDR Notation

Notes
-

OSI Layer 3

39

/
108

Gnall

CIDR NOTATION


Writing out subnet masks in either dotted decimal or dotted binary format can be tedious.

CIDR notation is
an easier and shorter way of indicating which bits/octets in an IP address belong to the Network ID and
which bel
ong to the Host ID.


The CIDR equivalent of an IP address is determined by counting the number of bits in the subnet mask
which have a value of 1. In other words, the number of bits in the IP address which belong to the Network
ID.


The following subnet ma
sk:


255.255.255.0


has a binary representation of:


11111111.11111111.11111111.00000000


Since 24 of the bits have a value of 1, the equivalent CIDR notation is:


/24


Similarly,


255.255.0.0

is

/16


255.0.0.0

is

/8


We will see in the next section on com
plex subnetting that the number of network bits doesn't have to be an
integral multiple of 8 such as 0, 8, 16, 24 or 32. The number of network bits can be any number, such as
10, 22, or 26. In such a case, the easiest way to represent the subnet mask is wi
th CIDR notation.
ARP Packet/Datagram Structure

Notes
-

OSI Layer 3

40

/
108

Gnall

ARP PACKET
/DATAGRAM

STRUCTURE

(DATA FIELD)

-

DETAILED


Recall that an ARP packet has the following basic structure and asks the question: "Who has this IP address and what is your
MAC address?".


D
-
MAC

S
-
MAC

Data


Taking a closer look
at the Data field of an ARP packet shows how ARP asks and answers this question and also reveals that there is some additiona
l
information contained within the field. Note that the total length of the data field depends on how long the Data Link and Ne
twor
k layer addresses are.


Internet Protocol (IPv4) over Ethernet ARP packet

bit offset

0


7

8


15

0

Hardware type (HTYPE)

16

Protocol type (PTYPE)

32

Hardware address length (HLEN)

Protocol address length (PLEN)

48

Operation (OPER)

64


Sender hardwa
re address (SHA)

(first

16 bits)

80



(next

16 bits)

96



(last

16 bits)

112


Sender protocol address (SPA)

(first

16 bits)

128



(last

16 bits)

144


Target hardware address (THA)

(first

16 bits)

160



(next

16 bits)

176



(last

16 bits)

192


Targe
t protocol address (TPA)

(first

16 bits)

208



(last

16 bits)


http://en.wikipedia.org/wiki/Address_Resolution_Protocol

Hardware type (HTYPE)

This field specifies
the Data Link layer protocol being used
.
For Eth
ernet,
this field has a value of 1
.


Protocol type (PTYPE)

This field specifies the
Network Layer
protocol
being used
. For IPv4, this
field has a

value

of

0x0800.
(
The permitted PTYPE values share a
numbering space with those for EtherType.
)


Hardware leng
th (HLEN)

Length (in octets) of
the

Data Link layer

address.
This value should agree
with the Data Link layer protocol specified in the HTYPE field. For
Ethernet
, the

address size is 6.


Protocol length (PLEN)

Length (in octets) of
the Network layer
addres
s
.

This value should agree
with the Network layer protocol specified in the PTYPE field. For
IPv4
, the

address size is 4.


Operation
(OPER)

Specifies the operation

that the sender is performing:

1 for request

2 for reply


Sender hardware address (SHA)

Data

Link layer

address of the sender.


Sender protocol address (SPA)

Network layer

address of the sender.


Target hardware address (THA)

Data Link layer

address of the intended receiver. This field is ignored in
requests.


Target protocol address (TPA)

Networ
k layer

address of the intended receiver.


ARP protocol parameter values have been standardized and are
maintained by the Internet Assigned Numbers Authority (IANA).

The EtherType for ARP is 0x0806
. This EtherType value instructs the
receiving computer th
at the packet does not contain IP address fields and
that the next field is a data field.

Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

41

/
108

Gnall

REVIEW COLLISION AND BROADCAST DOMAINS


Question:


How many

coll
i
sion domains?



How many broadcast domains?


If 1A issues an ARP request packet, who sees the packet?


If 1A pings 3H, who else sees the ping request packet?






Fig.
5
1



Answer:


Move the blue box out of the way to rev
eal the answer

(m
ay require Microsoft Word)
.



How many coll
i
sion domains?

1


How many broadcast domains?

1


If 1A issues an ARP request packet, who sees the packet?

Everyone


If 1A pings 3H, who else sees the ping request packet?

Everyone


Hubs will send

all incoming packets out all ports. Hubs do not read MAC
or IP
addresses and do not filter
packets.



Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

42

/
108

Gnall

Replace center hubs with switches.


Question:


How many coll
i
sion domains

(assume full duplex connections between the switches)
?



How many broadcast do
mains?



If 1A issues an ARP request packet, who sees the packet?


If 1A pings 3H, who else sees the ping request packet?






Fig.
5
2



Answer:


Move the blue box out of the way to reveal the answer (may require Microsoft Word
).



How many collision domains?

6


How many broadcast domains?

1


If 1A issues an ARP request packet, who sees the packet?

Everyone


If 1A pings 3H, who else sees the ping request packet?

1B, 1C, 1D, H1A, S1, S2, S3, H3B, 3E, 3F, 3G


Hubs will send all i
ncoming packets out all ports. Hubs do not read MAC or IP addresses and do not filter
packets.


Switches will filter packets with unicast MAC addresses but will always pass packets with broadcast MAC
addresses.

Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

43

/
108

Gnall

Replace remaining hubs with switches.


Quest
ion:


How many coll
i
sion domains

(assume full duplex connections for all switches)
?



How many broadcast domains?



If 1A issues an ARP request packet, who sees the packet?


If 1A pings 3H, who else sees the ping request packet?






Fig.
5
3



Answer:


Move the blue box out of the way to reveal the answer (may require Microsoft Word).



How many collision domains?

0


How many broadcast domains?

1


If 1A issues an ARP request packet, who sees the packet?

Everyone


If 1A pings 3H
, who else sees the ping request packet?

S1A, S1, S2, S3, S3B


Switches will filter packets with unicast MAC addresses but will always pass packets with broadcast MAC
addresses.



Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

44

/
108

Gnall

Replace center switch with a router.


Question:


How many collision domains

(assume full duplex connections for all switches and routers)
?


How many broadcast domains?



If 1A issues an ARP request packet, who sees the packet?


If 1A pings 3H, who else sees the ping request packet?







Fig.
5
4



An
swer:


Move the blue box out of the way to reveal the answer (may require Microsoft Word).



How many collision domains?

0


How many broadcast domains?

4


If 1A issues an ARP request packet, who sees the packet?

1B, 1C, 1D, S1A, S1, S1B, 1E, 1F, 1G, 1H, R
2


If 1A pings 3H, who else sees the ping request packet?

S1A, S1, R2, S3, S3B


Switches will filter packets with unicast MAC addresses but will always pass packets with broadcast MAC
addresses.


Routers will not pass packets with broadcast MAC addresses.



Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

45

/
108

Gnall

Replace left and right switches with routers.


Question:


How many collision domains

(assume full duplex connections for all switches and routers)
?


How many broadcast domains?



If 1A issues an ARP request packet, who sees the packet?


If 1A pings 3H,

who else sees the ping request packet?






Fig.
5
5



Answer:


Move the blue box out of the way to reveal the answer (may require Microsoft Word).



How many collision domains?

0


How many broadcast domains?

8


If 1A issues a
n ARP request packet, who sees the packet?

1B, 1C, 1D, S1A, R1


If 1A pings 3H, who else sees the ping request packet?

S1A, R1, R2, R3, S3B


Switches will filter packets with unicast MAC addresses but will always pass packets with broadcast MAC
addresses.


Routers will not pass packets with broadcast MAC addresses.

Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

46

/
108

Gnall

PowerPoint
Slide 7








Fig.
56


A

pings
B

OR
A

pings
X


What decision must be made? Forget for the moment how networks are identified and trust that A is
able to
determine which network
B or X

is in.


A

pings
B


Who sees the ARP packet? Why?


Who sees the ping packet? Why?


A

pings
X


Who sees the ARP packet? Why?


Who sees the ping packet? Why?


Review Collision and Broadcast Domains

Notes
-

OSI Layer 3

47

/
108

Gnall

PowerPoint
Slide 8


































Fig.
5
7



A

pin
gs
B


Who sees the ARP packet? Why?


Who sees the ping packet? Why?


A

pings
D


Who sees the ARP packet? Why?


Who sees the ping packet? Why?


A

pings
X


Who sees the ARP packet? Why?


Who sees the ping packet? Why?


Identify the collision domains and the
broadcast domains in the above diagram.


What happens if all the hubs are replaced with switches?


what happens if all the hubs are replaced with routers?


What subnet masks will work with the above configuration?

Origin of Cl
ass Based Networks

Notes
-

OSI Layer 3

48

/
108

Gnall

ORIGIN OF CLASS BASED NETWORKS












































Fig.
5
8
--------
.X.Y.Z

0
-------
.
X
.
Y
.
Z

1
-------
.X.Y.Z

10
------
.
X
.
Y
.
Z

11
------
.X.Y.Z

110
-----
.X.Y
.
Z

111
-----
.X.Y.Z

1110
----
.
X
.
Y
.
Z

1111
----
.X.Y.Z

Class A

Class B

Class C

Class D

Class E

Origin of Cl
ass Based Networks

Notes
-

OSI Layer 3

49

/
108

Gnall













































Fig.
59
--------
.X.Y.Z

0
-------
.
X
.
Y
.
Z

1
-------
.X.Y.Z

10
------
.X
.
Y
.
Z

11
------
.X.Y.Z

110
-----
.X.Y
.
Z

111
-----
.X.Y.Z

1110
----
.
X
.
Y
.
Z

1111
----
.X.Y.Z

Class A

Class B

Class C

Class D (Multicast)

Class E

(Reserved)

Network ID

4B