Chapter 5: The Data Link Layer

1
Chapter 5 The Data Link Layer

• Application
• Transport
• Network
• data link layer service
• Moving data between nearby network elements
• Move data between end-host and router
• Move data between end-hosts
• Move data between routers
• error detection, correction
• Encryption
• sharing a broadcast channel multiple access
• link layer addressing and routing
• reliable data transfer, flow control
• Interact/act as a bridge between the network
  layer and the physical layer
• There are many types of physical layer
• Which services does the link layer provide that
  other layers also provide?

2
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3Multiple access protocols
• 5.4 Link-layer Addressing and routing (ARP)
• 5.5 Ethernet

• 5.6 Link-layer switches
• 5.7 PPP
• 5.8 Link virtualization ATM, MPLS

3
Link Layer Introduction

• Some terminology
• hosts and routers are nodes
• communication channels that connect adjacent
  nodes along communication path are links
• wired links
• wireless links
• LANs
• layer-2 packet is a frame, encapsulates datagram

4
Link layer context

• transportation analogy
• trip from Newark to San Jose
• limo Newark to PHL
• plane PHL to SFO
• BART SFO to SF
• train SF to San Jose
• tourist datagram
• transport segment communication link
• transportation mode link layer protocol
• Note that a bus or plane trip might contain many
  changes of the bus or plane, but this seems like
  a single hop
• travel agent routing algorithm

• datagram transferred by different link protocols
  over different links
• e.g., Ethernet on first link, frame relay on
  intermediate links, 802.11 on last link
• each link protocol provides different services
• e.g., may provide reliability over link

5
Link Layer Services

• framing, link access
• encapsulate datagram into frame, adding header,
  trailer
• channel access if shared medium
• MAC addresses used in frame headers to identify
  source, dest
• different from IP address!
• Routing
• reliable delivery between adjacent nodes
• we learned how to do this already (chapter 3)!
• seldom used on low bit-error link (fiber, some
  twisted pair)
• wireless links high error rates
• Q why both link-level and end-end reliability?

6
Link Layer Services (more)

• flow control
• pacing between adjacent sending and receiving
  nodes
• Encryption
• Some links can easily be tapped, so encryption is
  needed for privacy
• error detection
• errors caused by signal attenuation, noise.
• receiver detects presence of errors
• signals sender for retransmission or drops frame
• error correction
• receiver identifies and corrects bit error(s)
  without resorting to retransmission
• half-duplex and full-duplex
• with half duplex, nodes at both ends of link can
  transmit, but not at same time

7
Where is the link layer implemented?

• in each and every host in the network
• Which other layers are implemented in every host?
• link layer implemented in adaptor (aka network
  interface card NIC)
• Ethernet card, PCMCI card, 802.11 card
• implements link, physical layer
• attaches into hosts system buses
• combination of hardware, software, firmware

host schematic
cpu
memory
host bus (e.g., PCI)
controller
physical transmission
network adapter card
8
Adaptors Communicating
datagram
datagram
controller
controller
sending host
receiving host
datagram
frame

• receiving side
• looks for errors, rdt, flow control, etc
• extracts datagram
• passes to upper layer at receiving side
• Moves frame to another link

• sending side
• encapsulates datagram in frame
• adds error checking bits, rdt, flow control, etc.

9
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3Multiple access protocols
• 5.4 Link-layer Addressing
• 5.5 Ethernet

• 5.6 Link-layer switches
• 5.7 PPP
• 5.8 Link Virtualization ATM. MPLS

10
Error Detection

• EDC Error Detection and Correction bits
  (redundancy)
• D Data protected by error checking, may
  include header fields
• Error detection not 100 reliable!
• protocol may miss some errors, but rarely
• larger EDC field yields better detection and
  correction

otherwise
11
Parity Checking
Two Dimensional Bit Parity Detect and correct
single bit errors
Single Bit Parity Detect single bit errors
0
0
12
Internet checksum (review)

• Goal detect errors (e.g., flipped bits) in
  transmitted packet (note used at transport layer
  only)

• Receiver
• compute checksum of received segment
• check if computed checksum equals checksum field
  value
• NO - error detected
• YES - no error detected. But maybe errors
  nonetheless?

• Sender
• treat segment contents as sequence of 16-bit
  integers
• checksum addition (1s complement sum) of
  segment contents
• sender puts checksum value into UDP checksum
  field

13
Checksumming Cyclic Redundancy Check

• view data bits, D, as a binary number
• choose r1 bit pattern (generator), G
• goal choose r CRC bits, R, such that
• ltD,Rgt exactly divisible by G (modulo 2)
• receiver knows G, divides ltD,Rgt by G. If
  non-zero remainder error detected!
• can detect all burst errors less than r1 bits
• widely used in practice (Ethernet, 802.11 WiFi,
  ATM)

14
CRC Example

• Want
• D.2r XOR R nG
• equivalently
• D.2r nG XOR R
• equivalently
• if we divide D.2r by G, want remainder R

D.2r G
R remainder
15
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3Multiple access protocols
• 5.4 Link-layer Addressing
• 5.5 Ethernet

• 5.6 Link-layer switches
• 5.7 PPP
• 5.8 Link Virtualization ATM, MPLS

16
Multiple Access Links and Protocols

• Two types of links
• point-to-point
• PPP for dial-up access
• point-to-point link between Ethernet switch and
  host
• broadcast (shared wire or medium)
• old-fashioned Ethernet
• 802.11 wireless LAN

humans at a cocktail party (shared air,
acoustical)
shared wire (e.g., cabled Ethernet)
shared RF (e.g., 802.11 WiFi)
shared RF (satellite)
17
Multiple Access Control (MAC) protocols

• single shared broadcast channel
• two or more simultaneous transmissions by nodes
  interference
• collision if node receives two or more signals at
  the same time
• multiple access protocol
• An algorithm that determines how nodes share
  channel, i.e., determine when node can transmit
• communication about channel sharing must use
  channel itself!
• out-of-band channel for coordination is difficult

18
Ideal Multiple Access Protocol

• Broadcast channel of rate R bps
• 1. when one node wants to transmit, it can send
  at rate R.
• 2. when M nodes want to transmit, each can send
  at average rate R/M
• 3. fully decentralized
• no special node to coordinate transmissions
• no synchronization of clocks, slots
• Generally, centralized MAC are much more
  efficient
• 4. simple

19
MAC Protocols a taxonomy

• Three broad classes
• Channel Partitioning
• divide channel into smaller pieces (time slots,
  frequency, code)
• allocate piece to node for exclusive use
• this approach is difficult since we know that
  statistical multiplexing can support more users
• Random Access
• channel not divided, allow collisions
• Detect and recover from collisions
• Detection and recovery (e.g., retransmission) can
  be inefficient
• Predictable/guaranteed performance is difficult
  to achieve
• Centralized/taking turns

20
Channel Partitioning MAC protocols TDMA

• TDMA time division multiple access
• access to channel in "rounds"
• each station gets fixed length slot (length pkt
  trans time) in each round
• unused slots go idle
• GSM (some cell phones) uses TDMA
• Why?
• So service is predictable and calls can be
  rejected if there is not enough bandwidth
• example 6-station LAN, 1,3,4 have pkt, slots
  2,5,6 idle

6-slot frame
3
3
4
1
4
1
21
Channel Partitioning MAC protocols FDMA

• FDMA frequency division multiple access
• channel spectrum divided into frequency bands
• each station assigned fixed frequency band
• unused transmission time in frequency bands go
  idle
• GSM also uses FDMA
• example 6-station LAN, 1,3,4 have pkt, frequency
  bands 2,5,6 idle

time
frequency bands
FDM cable
22
Random Access Protocols

• When node has packet to send
• transmit at full channel data rate R.
• no a priori coordination among nodes
• Some approaches use limited coordination
• two or more transmitting nodes ? collision,
• random access MAC protocol specifies
• how to detect collisions
• how to recover from collisions (e.g., via delayed
  retransmissions)
• Examples of random access MAC protocols
• slotted ALOHA
• ALOHA
• CSMA, CSMA/CD, CSMA/CA

23
The ALOHA Protocol

• Developed _at_ U of Hawaii in early 70s.
• Packet radio networks.
• Free for all whenever station has a frame to
  send, it does so.
• Aloha is the simplest of MAC protocols
• Aloha is old but still widely used
• As will be seen, many protocols have a period of
  time where nodes transmits when they want.
• During such periods of time, the MAC essentially
  Aloha

24
Collisions

• Invalid frames may be caused by channel noise or
• Because other station(s) transmitted at the same
  time collision.
• Collisions and other link layer losses must be
  detected and corrected
• Question 1. Where are all the places that losses
  can occur?
• Question 2 where can errors be detected and
  corrected
• Roughly speaking, a collision happens even when
  the last bit of a frame overlaps with the first
  bit of the next frame.

25
ALOHAs Performance 1
t0t
t03t
t0
t02t
Time
26
ALOHAs Performance

• Assume that users try to send frames at random
  times (Poisson events).
• Let G be the average rate that users try to send
  frames per frame time
• G is the utilization
• Why?
• Model the moment transmission start as points
  along the time line.
• Next slide
• The probability of trying to send k frames during
  the vulnerable period (which is TWO frame times
  long) is

The probability zero other frames are sent is
P(0)e-2G. The throughput is the rate that frames
are sent multiplied by the probability that the
transmission is successful G e-2G
27
Poisson process
events
Events are distributed according to a Poisson
process with parameter ?if
P(k events in period of length T) exp(-?T)(?T)k
/ k!
? is the rate that events occur number of
events in period W/W (when W is large)
28
Aloha performance
P(k events in period of length T) exp(-?T)(?T)k
/ k!
vulnerability period
The probability of no collision is probability of
no event in the vulnerability period 2T

• Let T 1 (i.e., our time is measured in packet
  transmission times, not seconds)
• Then what is ??
• average number of transmission attempts per
  transmission time.
• So ? utilization. I.e., ? G.
• And the probability of no collision is
  exp(-2G)(2G)0/0!exp(-2G)

29
ALOHAs Performance
The best throughput occurs for what value of
G? What is this best throughput?
30
Slotted Aloha frames are only transmitted
during slots, they cannot cross slot boundaries
Time
t0t
t03t
t0
t02t
The vulnerable period is half the size of
unslotted aloha
31
Slotted Aloha

• Vulnerable period is halved.
• Doubles performance of ALOHA.
• ThroughputS G e-G.
• S Smax 1/e 0.368 for G 1.
• G1 means typically a node tries to transmit each
  slot
• However, the throughput is well below 1 there
  any many collisions

32
Slotted Aloha Performance
33
Slotted Aloha Performance
How long does it take to send a frame?
34
Slotted Aloha Performance
How long does it take to send a frame?
35
Slotted Aloha Performance
How long does it take to send a frame?
one success
k-1 failures
Expected number of transmissions
36
Slotted Aloha Performance
How long does it take to send a frame?
one success
k-1 failures
Expected number of transmissions
37
Slotted Aloha Performance
How long does it take to send a frame?
one success
k-1 failures
Expected number of transmissions
This analysis is funny because it does not
account for the fact that if packets are not
successfully transmitted, then the rate at which
transmissions are attempted increases.
38
ALOHA and Slotted ALOHA

• Pros
• single active node can continuously transmit at
  full rate of channel
• decentralized
• simple

• Cons
• Collisions
• wasting slots
• Inefficient
• idle slots
• nodes may be able to detect collision in less
  than time to transmit packet
• Slotted aloha requires clock synchronization
• Lose synchronization requires guard times, which
  reduces efficiency

39
CSMA (Carrier Sense Multiple Access)

• CSMA listen before transmit
• If channel sensed idle transmit entire frame
• If channel sensed busy, defer transmission
• human analogy dont interrupt others!

40
Question

• For 10 Mbps ethernet, the maximum cable length is
  2000m
• For 100Mbps ethernet, the maximum cable length is
  200m
• Why is the maximum length for 100Mbps 10 times
  shorter than 10Mbps?

41
CSMA collisions
spatial layout of nodes
collisions can still occur propagation delay
means two nodes may not hear each others
transmission
collision entire packet transmission time wasted
note role of distance propagation delay in
determining collision probability
42
CSMA/CD collision detection
Transmitter 1
Position on wire
Receiver 1
Receiver 1 receives garbled signal
Transmission time
time
Collision detected by transmitter 1. When is it
detected?
43
CSMA/CD collision detection
Transmitter 2
Transmitter 1
Position on wire
Receiver 1
Propagation delay
Transmission time
Receiver 1 receives garbled signal
time
Collision NOT detected by transmitter 1
Collision detected by transmitter 2
What are the requirements to ensure that
collisions are detected?
The transmitter must transmit for 2Tpropagation
epsilon The transmit time is frame length / bit
rate Therefore
2CableLength/speed of propagation epsilon lt
FrameLength/bit-rate
44
CSMA/CD
What are the requirements to ensure that
collisions are detected?
The transmitter must transmit for 2Tpropagation
epsilon The transmit time is frame length / bit
rate Therefore
2CableLength/speed of propagation epsilon lt
FrameLength/bit-rate
If frame length can be arbitrarily small, then
the cable length must be very short Thus, frames
cannot be arbitrarily small. Minimum frame length
in Ethernet is 64B.
The minimum frame length in Ethernet is
independent of bit-rate.
Why is the maximum cable length of a 10Mbps
ethernet cable 10 times longer than the maximum
cable length of a 100Mbps ethernet?
45
CSMA/CD (Collision Detection)

• CSMA/CD carrier sensing with collision detection
• collisions detected within short time
• colliding transmissions aborted, reducing channel
  wastage
• collision detection
• easy in wired LANs measure signal strengths,
  compare transmitted, received signals
• Difficult/impossible in wireless LANs received
  signal strength overwhelmed by local transmission
  strength
• human analogy the polite conversationalist

46
persistent
What to do when the link is found to be busy?

• 1-persistent
• If medium is idle, then transmit.
• If medium is not idle, then wait until it is and
  then transmit.
• In this case, all nodes that desire to transmit
  during the period when a node is transmitting
  will collide!
• p-persistent
• If medium is idle, then transmit.
• If medium is not idle, then wait until it is idle
• Once idle then transmit with probability p. And
  wait for the next slot with probability 1-p and
  repeat.
• Here slot does not have to be the time to send a
  full frame, but just enough time to let other
  hosts start sending.
• Exponential Backoff
• Next slide

47
Exponential Backoff

• Upon desiring to transmit a frame, set BackOff
  BO (some starting value, 4 and 8 are common)
• If medium is idle, then transmit.
• If medium is not idle, then wait until it is idle
• Once idle,
• pick an integer, r, between 0 and BO-1
• Wait r time slots
• A time slot is long enough so that if a node
  begins to trasnmit at the beginning of the time
  slot, then all nodes will hear the transmission
  before the time slot end
• Give an equation for the length of a time slot
• If no other transmission begins before the r time
  slots, then transmit
• If a collision is detected,
• Continue to transmit so that all nodes will know
  that a collision occurred, then stop
• Set BO min( 2 BO , BO_Max )
• In ethernet BO_max 1024
• Go to step 4

Question discuss the different ways in which
backoff is used in network protocols
48
Taking Turns MAC protocols

• channel partitioning MAC protocols
• share channel efficiently and fairly at high load
• inefficient at low load delay in channel access,
  1/N bandwidth allocated even if only 1 active
  node!
• Random access MAC protocols
• efficient at low load single node can fully
  utilize channel
• high load collision overhead
• Be careful. Here we say that high load is when
  the number of users increases. If the number of
  users is fixed (and small), then the efficiency
  under high load is not as bad
• taking turns protocols
• look for best of both worlds!
• Use in mobile phones data access
• 802.16 aka WiMax partly uses this approach
• 802.11 specifies this capability, but it is not
  widely deployed YET

49
Taking Turns MAC protocols

• Polling
• master node invites slave nodes to transmit in
  turn

master
slaves
50
Taking Turns MAC protocols

• Polling
• master node invites slave nodes to transmit in
  turn
• After each node is given a chance, the pattern
  repeats
• If a slave has no data to send, then it does
  nothing, and the master quickly polls the next
  node

master
slaves
51
Taking Turns MAC protocols

• Polling
• master node invites slave nodes to transmit in
  turn
• After each node is given a chance, the pattern
  repeats
• If a slave has no data to send, then it does
  nothing, and the master quickly polls the next
  node
• concerns
• polling overhead
• latency
• single point of failure (master)

master
slaves
52
Taking Turns MAC protocols

• Polling
• master node invites slave nodes to transmit in
  turn
• After each node is given a chance, the pattern
  repeats
• If a slave has no data to send, then it does
  nothing, and the master quickly polls the next
  node
• concerns
• polling overhead
• latency
• single point of failure (master)
• QoS guarantees can be made
• If a VoIP call requires 12bps. The master can
  determine if the call will receive the desire
  quality and ensure that it does.
• When congested, new calls are rejected, but
  existing call continue to receive good
  performance
• Consider the difference between the demands by
  VoIP and services provided by TCP
• Guarantees are worth much more money than
  non-guarantees

master
slaves
53
Taking Turns MAC protocols

• Token passing
• control token passed from one node to next
  sequentially.
• token message
• concerns
• token overhead
• Latency
• single point of failure (token)

T
(nothing to send)
T
data
54
Summary of MAC protocols

• channel partitioning, by time, frequency or code
• Time Division, Frequency Division
• random access (dynamic),
• ALOHA, S-ALOHA, CSMA, CSMA/CD
• carrier sensing easy in some technologies
  (wire), hard in others (wireless)
• CSMA/CD used in Ethernet
• CSMA/CA used in 802.11 (Well study it when we
  talk about wireless)
• taking turns
• polling from central site, token passing
• Bluetooth, FDDI, IBM Token Ring

55
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3Multiple access protocols
• 5.4 Link-Layer Addressing
• 5.5 Ethernet

• 5.6 Link-layer switches
• 5.7 PPP
• 5.8 Link Virtualization ATM, MPLS

56
MAC Addresses and ARP

• 32-bit IP address
• network-layer address
• used to get datagram to destination IP subnet
• MAC (or LAN or physical or Ethernet) address
• function get frame from one interface to another
  physically-connected interface (same network)
• The textbook is wrong about this. Today, hosts
  are almost never physically connected
• 48 bit MAC address (for most LANs)
• burned in NIC ROM, also sometimes software
  settable

57
LAN Addresses and ARP
Each adapter on LAN has unique LAN address
Broadcast address FF-FF-FF-FF-FF-FF
1A-2F-BB-76-09-AD
LAN (wired or wireless)
adapter
71-65-F7-2B-08-53
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
58
LAN Address (more)

• MAC address allocation administered by IEEE
• manufacturer buys portion of MAC address space
  (to assure uniqueness)
• Check OUI lookup
• Google OUI lookup
• Enter MAC address
• See manufacture
• analogy
• (a) MAC address like Social Security
  Number
• (b) IP address like postal address
• MAC flat address ? portability
• can move LAN card from one LAN to another
• IP hierarchical address NOT portable
• address depends on IP subnet to which node is
  attached
• If a NIC is changed, then the MAC is changed
• Whereas, the IP address can stay the same

59
ARP Address Resolution Protocol

• Each IP node (host, router) on LAN has ARP table
• At prompt, gtgt arp -a
• ARP table IP/MAC address mappings for some LAN
  nodes
• lt IP address MAC address TTLgt
• TTL (Time To Live) time after which address
  mapping will be forgotten (typically 20 min)

137.196.7.78
1A-2F-BB-76-09-AD
137.196.7.23
137.196.7.14
LAN
71-65-F7-2B-08-53
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
137.196.7.88
60
ARP protocol Same LAN (network)

• A wants to send datagram to C
• Check if Cs IP address is in the same subnet
• Use subnet mask and compare this nodes IP to Cs
  IP
• E.g.,
• my IP128.4.35.67
• Bs IP128.5.19.12
• Subnet mask is 255.255.0.0 gt the first 8 bytes
  define the subnet
• So in this case, A and B are in different subnets
• Thus, the datagram is sent to the gateway, which
  must be in the same subnet.
• Suppose that the B is the gateway, but only the
  IP address of B is known

61
ARP protocol Same LAN (network)

• A wants to send datagram to C
• Check if Cs IP address is in the same subnet
• Use subnet mask and compare this nodes IP to Cs
  IP
• E.g.,
• my IP128.4.35.67
• Bs IP128.5.19.12
• Subnet mask is 255.255.0.0 gt the first 8 bytes
  define the subnet
• So in this case, A and B are in different subnets
• Thus, the datagram is sent to the gateway, which
  must be in the same subnet.
• Suppose that the B is the gateway, but only the
  IP address of B is known

• Suppose a host wants to send to B and only Bs IP
  address is know and B is in the same subnet
• and Bs MAC address not in As ARP table.
• A broadcasts ARP query packet, containing B's IP
  address
• dest MAC address FF-FF-FF-FF-FF-FF
• Ethernet frame type ARP query
• Other types include datagram
• all machines on LAN receive ARP query
• B receives ARP packet, replies to A with its
  (B's) MAC address
• frame sent to As MAC address (unicast)
• A caches (saves) IP-to-MAC address pair in its
  ARP table until information becomes old (times
  out)
• soft state information that times out (goes
  away) unless refreshed
• ARP is plug-and-play
• nodes create their ARP tables without
  intervention from net administrator

Who has IP 1.1.1.4 Tell 1.1.1.2
Who has IP 1.1.1.4 Tell 1.1.1.2
Who has IP 1.1.1.4 Tell 1.1.1.2
I have 1.1.1.4
62
Addressing routing to another LAN

• walkthrough send datagram from A to B via R
• assume A knows Bs IP
  address
• two ARP tables in router R, one for each IP
  network (LAN)

63

• A creates IP datagram with source A, destination
  B
• A uses ARP to get Rs MAC address for
  111.111.111.110
• A creates link-layer frame with R's MAC address
  as dest, frame contains A-to-B IP datagram
• As NIC sends frame
• Rs NIC receives frame
• R removes IP datagram from Ethernet frame, sees
  its destined to B
• R uses ARP to get Bs MAC address
• R creates frame containing A-to-B IP datagram
  sends to B

This is a really important example make sure
you understand!
64
ARP

• Watch wireshark without any connections
• What happens if I set an entry in the ARP table
  with the IP address of my gateway, but my MAC
  address?
• E.g., take two machines A and B on the same LAN
  (what does this mean? How can you tell if two
  machines are on the same LAN).
• Let P be a nonexistent IP address in the LAN.
• On machine A ping P.
• Use wireshark on B to see no evidence of the
  ping.
• On A, set an arp entry on A with IP P and MAC
  Bs MAC
• Then ping P
• Watch ping messages appear in wireshark on B
• But still, no response.

65
ARP spoofing man-in-the-middle attack

• If the medium is shared, then a node can
  eavesdrop on transmissions
• Wireless uses link layer encryption
• These days, wired ethernet used a dedicate wires
  from the switch (link layer router) to each host
• But ARP attack still works
• Goal intercept messages between the victim and
  anyone else
• I record the real MAC address of the victim
• When an ARP query request is made for the victim,
  I respond with my MAC

66
ARP spoofing man-in-the-middle attack
Victim MAC001212121212 IP 1.2.3.4
switch
Who has IP address 1.2.3.4
Who has IP address 1.2.3.4
Some other host
Who has IP address 1.2.3.4
attacker MAC001111111111 IP 5.6.7.8
67
ARP spoofing man-in-the-middle attack
Victim MAC001212121212 IP 1.2.3.4
MAC 0012121212 has IP address 1.2.3.4
switch
Some other host
MAC 0012121212 has IP address 1.2.3.4
Save MAC/IP mapping in cache for 20 minutes
attacker MAC001111111111 IP 5.6.7.8
Attacker knows the MAC of victim
68
ARP spoofing man-in-the-middle attack
Later (when all caches have been cleared), the
attacker floods ARP queries. The attacker
continues to flood ARP queries.
Victim MAC001212121212 IP 1.2.3.4
Confused but ignores it
switch
Source MAC 0011111111 Who has ip
bla.bla.bla.bla Tell IP address 1.2.3.4
Source MAC 0011111111 Who has ip
bla.bla.bla.bla Tell IP address 1.2.3.4
Some other host
Source MAC 0011111111 Who has ip
bla.bla.bla.bla Tell IP address 1.2.3.4
attacker MAC001111111111 IP 5.6.7.8
Save IP/ARP mapping in cache
Attacker knows the MAC of victim
69
ARP spoofing man-in-the-middle attack
Later (when all caches have been cleared), the
attacker floods ARP queries. The attacker
continues to flood ARP queries.
Victim MAC001212121212 IP 1.2.3.4
Ahh, I got the secret plan I was expecting
switch
Some other host
MAC 0011111111 IP1.2.3.4 The secret plan
is ..
attacker MAC001111111111 IP 5.6.7.8
MAC 0012121212 IP1.2.3.4 The secret plan
is ..
Attacker knows the secret plan
70
ARP spoofing man-in-the-middle attack

• Some new switches can protect against these
  attacks
• How can these attacks be detected and stopped?
• One way is to detect a attacker is to look at ARP
  tables and see is a single IP has two MACs
• Is real IP and the victims IP
• But if a machine has wired and wireless NICs and
  is running microsoft OS, the OS will sometimes
  send a frame with the wireless IP as source
  address over the wired LAN and hence with the
  wired MAC address
• Then tables will record the mapping between the
  MAC and IP, and there will be two IPs for a
  single MAC

71
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3Multiple access protocols
• 5.4 Link-Layer Addressing
• 5.5 Ethernet

• 5.6 Link-layer switches
• 5.7 PPP
• 5.8 Link Virtualization ATM and MPLS

72
Ethernet

• dominant wired LAN technology
• cheap 20 for NIC
• first widely used LAN technology
• simpler, cheaper than token LANs and ATM
• kept up with speed race 10 Mbps 10 Gbps

Metcalfes Ethernet sketch
73
Star topology

• bus topology popular through mid 90s
• all nodes in same collision domain (can collide
  with each other)
• star topology
• active switch in center
• each spoke runs a (separate) Ethernet protocol
  (nodes do not collide with each other)
• LAN
• Multiple stars connected (well see later)

switch
bus coaxial cable
star
74
Ethernet Frame Structure

• Sending adapter encapsulates IP datagram (or
  other network layer protocol packet) in Ethernet
  frame
• Preamble
• 7 bytes with pattern 10101010 followed by one
  byte with pattern 10101011
• used to synchronize receiver, sender clock rates

75
Ethernet Frame Structure (more)

• Addresses 6 bytes
• if adapter receives frame with matching
  destination address, or with broadcast address
  (eg ARP packet), it passes data in frame to
  network layer protocol
• otherwise, adapter discards frame (unless in
  promiscuous modes)
• Type
• ARP query/response
• LAN routing
• higher layer protocol (mostly IP but others
  possible, e.g., Novell IPX, AppleTalk)
• CRC checked at receiver, if error is detected,
  frame is dropped

76
Ethernet Unreliable, connectionless

• connectionless No handshaking between sending
  and receiving NICs
• unreliable receiving NIC doesnt send acks or
  nacks to sending NIC
• stream of datagrams passed to network layer can
  have gaps (missing datagrams)
• gaps will be filled if app is using TCP
• otherwise, app will see gaps
• Ethernets MAC protocol unslotted CSMA/CD

77
Ethernet CSMA/CD algorithm

• NIC receives datagram from network layer, creates
  frame
• If NIC senses channel idle, starts frame
  transmission
• If NIC senses channel busy, waits until channel
  idle, then transmits
• 1-persistant!
• If NIC transmits entire frame without detecting
  another transmission, NIC is done with frame !

• 4. If NIC detects another transmission while
  transmitting, aborts and sends jam signal
• 5. After aborting, NIC enters exponential
  backoff after mth collision, NIC chooses K at
  random from 0,1,2,,2m-1. NIC waits K slots
  where one slot is 512 bit times, returns to Step
  2

78
Ethernets CSMA/CD (more)

• Jam Signal make sure all other transmitters are
  aware of collision 48 bits
• Bit time .1 microsec for 10 Mbps Ethernet for
  K1023, wait time is about 50 msec

• Exponential Backoff
• Goal adapt retransmission attempts to estimated
  current load
• heavy load random wait will be longer
• first collision choose K from 0,1 delay is K?
  512 bit transmission times
• after second collision choose K from 0,1,2,3
• after ten or more collisions, choose K from
  0,1,2,3,4,,1023

79
CSMA/CD efficiency

• Tprop max prop delay between 2 nodes in LAN
• ttrans time to transmit max-size frame
• efficiency goes to 1
• as tprop goes to 0
• as ttrans goes to infinity
• larger frame size is better, higher bit-rate is
  worst
• better performance than ALOHA and simple, cheap,
  decentralized!
• Most ethernet is used with switches. So collision
  never occur

80
802.3 Ethernet Standards Link Physical Layers

• many different Ethernet standards
• common MAC protocol and frame format
• different speeds 2 Mbps, 10 Mbps, 100 Mbps,
  1Gbps, 10G bps
• different physical layer media fiber, cable
• Very large ethernets are possible
• QoS
• MPLS runs over ethernet (so traffic engineering
  is possible)

MAC protocol and frame format
100BASE-TX
100BASE-FX
100BASE-T2
100BASE-T4
100BASE-SX
100BASE-BX
81
Manchester encoding

• used in 10BaseT
• each bit has a transition
• allows clocks in sending and receiving nodes to
  synchronize to each other
• no need for a centralized, global clock among
  nodes!

82
Link Layer

• 5.1 Introduction and services
• 5.2 Error detection and correction
• 5.3 Multiple access protocols
• 5.4 Link-layer Addressing
• 5.5 Ethernet

• 5.6 Link-layer switches

83
Hubs

• physical-layer (dumb) repeaters
• bits coming in one link go out all other links at
  same rate
• all nodes connected to hub can collide with one
  another
• no frame buffering
• no CSMA/CD at hub host NICs detect collisions

84
Interconnecting with hubs

• Backbone hub interconnects LAN segments
• But individual segment collision domains become
  one large collision domain
• Cant interconnect 10BaseT 100BaseT

hub
hub
hub
hub
85
Switch

• link-layer device smarter than hubs, take active
  role
• Store and forward Ethernet frames
• Question do switches in circuit switching
  networks store and forward?
• examine incoming frames MAC address, selectively
  forward frame to one-or-more outgoing links when
  frame is to be forwarded on segment, uses CSMA/CD
  to access segment
• transparent
• hosts are unaware of presence of switches
• plug-and-play, self-learning
• switches do not need to be configured

86
Switch allows multiple simultaneous
transmissions
A

• hosts have dedicated, direct connection to switch
• switches buffer packets
• Ethernet protocol used on each incoming link, but
  no collisions full duplex
• each link is its own collision domain
• switching A-to-A and B-to-B simultaneously,
  without collisions
• not possible with dumb hub

C
B
1
2
3
6
4
5
C
B
A
switch with six interfaces (1,2,3,4,5,6)
87
Switch Table
A

• Q how does switch know that A reachable via
  interface 4, B reachable via interface 5?
• A each switch has a switch table, each entry
• (MAC address of host, interface to reach host,
  time stamp)
• looks like a routing table!
• Q how are entries created, maintained in switch
  table?
• something like a routing protocol?

C
B
1
2
3
6
4
5
C
B
A
switch with six interfaces (1,2,3,4,5,6)
88
Switch self-learning
A

• switch learns which hosts can be reached through
  which interfaces
• Some interfaces are configured. But in other
  cases
• when frame received, switch learns location of
  sender incoming LAN segment
• records sender/location pair in switch table

C
B
1
2
3
6
4
5
C
B
A
Switch table (initially empty)
89
Switch frame filtering/forwarding

• When frame received
• 1. record link/interface associated with sending
  host.
• 3. if entry found for destination then
• if dest on segment from which frame arrived
  then drop the frame
• else forward the frame on interface
  indicated
• else flood
• 3. periodically, purge all old table entries

forward on all but the interface on which the
frame arrived
90
Self-Learning
MAC Interface



MAC Interface



MAC Interface



A
1
1
2
1
3
2
3
2
3
1
MAC Interface



2
3
B
91
Self-Learning
MAC Interface



MAC Interface



MAC Interface



A
DestB SourceA
1
1
2
1
3
2
3
2
3
1
MAC Interface



2
3
B
92
Self-Learning
MAC Interface
A 1


MAC Interface



MAC Interface



A
DestB SourceA
DestB SourceA
1
1
2
1
3
2
3
2
3
Make table entry for A No table entry for B, so
flood
1
MAC Interface



2
3
B
Note if the switch has ports that are manually
configured, then the frame is not flooded to a
host. But they are only flooded to other switches
93
Self-Learning
Make table entry for A No table entry for B, so
flood
MAC Interface
A 1


MAC Interface
A 1


MAC Interface



A
1
DestB SourceA
DestB SourceA
1
2
1
3
2
3
2
3
1
MAC Interface



2
3
B
94
Self-Learning
Make table entry for A No table entry for B, so
flood
MAC Interface
A 1


MAC Interface
A 1


MAC Interface
A 2


A
1
1
2
DestB SourceA
DestB SourceA
1
3
2
3
2
3
1
DestB SourceA
DestB SourceA
MAC Interface
A 1


2
3
B
Make table entry for A No table entry for B, so
flood
95
Self-Learning
MAC Interface
A 1


MAC Interface
A 1


MAC Interface
A 2


A
1
1
2
1
3
2
3
2
3
1
MAC Interface
A 1


2
3
DestA SourceB
B
96
Self-Learning
MAC Interface
A 1


MAC Interface
A 1


MAC Interface
A 2


A
1
1
2
1
3
2
3
2
3
1
DestA SourceB
MAC Interface
A 1
B 2

2
3
B
Make table entry for B Have a table entry for A,
so forward
97
Self-Learning
Make table entry for B Have a table entry for A,
so forward
MAC Interface
A 1


MAC Interface
A 1
B 3

MAC Interface
A 2


A
1
1
2
1
3
2
3
2
3
DestA SourceB
1
MAC Interface
A 1
B 2

2
3
B
98
Self-Learning
MAC Interface
A 1
B 3

MAC Interface
A 1
B 3

MAC Interface
A 2


Make table entry for B Have a table entry for A,
so forward
A
1
1
2
1
3
2
3
2
3
DestA SourceB
1
MAC Interface
A 1
B 2

2
3
B
99
Self-Learning
20 minutes later, all table entries are deleted
MAC Interface



MAC Interface



MAC Interface



A
1
1
2
1
3
2
3
2
3
1
MAC Interface



2
3
B
100
Poorly Designed Institutional network. Why?
101
Institutional network without a single point of
failure
A
Explain self learning on this network Suppose
that A sends a frame to the mail server and all
tables are empty? Due to the loops, the frames
will loop and overwhelm the network. Loops
provide robustness, but have to be eliminated.
102
Institutional network without a single point of
failure
mail server
to external network
web server
router
IP subnet
A
Edge in spanning tree
disconnected interface, i.e., do not forward
or flood frames through this interface
103
Loop Resolution

• Goal remove extra paths by removing extra
  bridges.
• Spanning tree
• Consider the network as a graph G(V,E),
• LANs are represented by vertices and
  bridges/switches are represented by edges.
• This is backwards from what you might expect,
  i.e., switches as vertices and LANs as edges
• On any graph there exists a tree that spans all
  nodes where there is only one path between any
  pair of nodes, i.e., NO loops.
• If a LAN As next hop toward the root is LAN B,
  then the switch between LAN A and B uses the
  interfaces to A and B
• This tree is formed by disconnecting switches
  from some LANs
• The switches are not physically disconnected.
  Instead, when disconnected from a LAN they
  simply never flood packets over to the LAN.
• Of course, the spanning tree is recomputed often
  and if something breaks, then the LAN might be
  reconnected to the switch

LAN A
B3
LAN B
B2
104
Spanning Tree Algorithm (1)

• LANs are represented by vertices and
  bridges/switches are represented by edges.
• This is backwards from what you might expect,
  i.e., switches as vertices and LANs as edges
• When manufactured, each bridge is given a unique
  ID. The root is the node with the smallest ID.
• Approach Compute paths to the node with smallest
  ID
• Paths indicate which of a bridges/switchs
  interface leads to the switch with smallest ID
• If LAN As next hop toward the root is LAN B,
  then the switch between LAN A and B uses the
  interfaces to A and B
• If
• LAN Bs next hop to the switch with lowest ID is
  LAN A, and
• LAN Cs next hop to the switch with lowest ID is
  LAN D
• then switch B2 will disconnect from LAN B and C

LAN A
B3
LAN B
B2
LAN C
B1
LAN D
B0
105
Spanning Tree Algorithm (2)

• Bridges exchange messages with the following
  information
• 1. The ID of the bridge that is sending the
  message.
• 2. The ID for what the sending bridge believes to
  be the root bridge.
• 3. The distance (hops) from the sending bridge to
  the root bridge.

106
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
B5
D
F
E
B2
B1
G
H
B4
Note, we find these paths not for forwarding, but
only to decide which interfaces to turn
off. Of course, if a frame is headed to the
root, then it will follow the shortest path.
Unfortunately, the root might not be the gateway
B6
J
I
107
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
Each switch computes distance to root in terms of
LAN hops.
1
B2
B1
0
G
H
1
B4
1
B6
J
I
108
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
Each of the roots interfaces is ON
1
B2
B1
0
G
H
1
B4
1
B6
J
I
109
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
LAN As next hop is LAN E.
1
B2
B1
0
G
H
1
B4
1
B6
J
I
110
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
LAN As next hop is LAN E. Turn on the two
interfaces
1
B2
B1
0
G
H
1
B4
1
B6
J
I
111
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
LAN Bs next hop is LAN E or F. But B5 has a
lower ID than B7, so LAN E is used as the next
hop.
1
B2
B1
0
G
H
1
B4
1
B6
J
I
112
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
LAN Bs next hop is LAN E or F. But B5 has a
lower ID than B7, so LAN E is used as the next
hop. Turn on the interface
1
B2
B1
0
G
H
1
B4
1
B6
J
I
113
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
LAN Ds next hop is LAN G. Turn on the two
interfaces
F
E
1
B2
B1
0
G
H
Note that B3 will not have any interfaces on
1
B4
1
B6
J
I
114
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the route switch that
visits the smallest number of switches

• A switch will keep an interface active if
• the interface is along a LANs shortest path to
  the root
• If a LAN has more than one shortest path, then
  switch with the smallest ID is used.
• Take a distance vector approach, so we only
  consider neighbors

B
A
B3
B7
C
2
1
B5
1
D
F
E
LAN Cs next hop is LAN F. Turn on the interfaces
1
B2
B1
0
G
H
1
B4
1
B6
J
I
115
Which interfaces to keep and which to
ignore. Pretend that the objective is to find
shortest paths from each LAN to root switch (the
one with smallest ID) and use least cost with
minimum ID to break ties. By shortest path, we
mean paths from a LAN to the ro