Ethernet Switching

Ethernet Frames

-Ethernet is one of two LAN technologies used today, with the other being wireless LANs (WLANs).
Ethernet uses wired communications, including twisted pair, fiber-optic links, and coaxial cables.

-Ethernet operates in the data link layer and the physical layer. It is a family of networking technologies
defined in the IEEE 802.2 and 802.3 standards.

-Ethernet supports data bandwidths of

the following: 10 Mbps / 100 Mbps /
1000 Mbps (1 Gbps) / 10,000 Mbps (10
Gbps) / 40,000 Mbps (40 Gbps) / 100,000
Mbps (100 Gbps).

-As shown in the figure, Ethernet

standards define both the Layer 2
protocols and the Layer 1 technologies.

- IEEE 802 LAN/MAN protocols, including Ethernet, use the following two separate sublayers of the data
link layer to operate. They are the Logical Link Control (LLC) and the Media Access Control (MAC), as
shown in the figure.

- Recall LLC and MAC roles in the

data link layer in 6 unit.

The MAC sublayer

The MAC sublayer is responsible for

data encapsulation and accessing
the media.

-Data Encapsulation : IEEE 802.3

data encapsulation includes the
following:

 Ethernet frame - This is the

internal structure of the
Ethernet frame.

 Ethernet Addressing - The Ethernet frame includes both a source and destination MAC address
to deliver the Ethernet frame from Ethernet NIC to Ethernet NIC on the same LAN.

 Ethernet Error detection - The Ethernet frame includes a frame check sequence (FCS) trailer
used for error detection.

-Accessing the Media : As shown in the figure, the IEEE 802.3 MAC sublayer includes the specifications
for different Ethernet communications standards over various types of media including copper and
fiber.
-Ethernet LANs of today use switches that operate in full-duplex. Full-duplex communications with
Ethernet switches do not require access control through CSMA/CD.

Ethernet Frame Fields

-The minimum Ethernet frame size is 64 bytes and the expected maximum is 1518 bytes. This includes
all bytes from the destination MAC address field through the frame check sequence (FCS) field. The
preamble field is not included when describing the size of the frame.

-Note: The frame size may be larger if additional requirements are included, such as VLAN tagging.

-Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame” and is
automatically discarded by receiving stations. Frames with more than 1500 bytes of data are considered
“jumbo” or “baby giant frames”.

-If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving
device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted
signals. They are considered invalid. Jumbo frames are usually supported by most Fast Ethernet and
Gigabit Ethernet switches and NICs.

- Ethernet
Frame Fields
Detail:

Field Description

The Preamble (7 bytes) and Start Frame Delimiter (SFD), also called the Start of
Preamble and Start Frame (1 byte), fields are used for synchronization between the sending and
Frame Delimiter receiving devices. These first eight bytes of the frame are used to get the
Fields attention of the receiving nodes. Essentially, the first few bytes tell the receivers
to get ready to receive a new frame.

This 6-byte field is the identifier for the intended recipient. As you will recall,
this address is used by Layer 2 to assist devices in determining if a frame is
Destination MAC
addressed to them. The address in the frame is compared to the MAC address
Address Field
in the device. If there is a match, the device accepts the frame. Can be a
unicast, multicast or broadcast address.

Source MAC Address

This 6-byte field identifies the originating NIC or interface of the frame.
Field

This 2-byte field identifies the upper layer protocol encapsulated in the
Ethernet frame. Common values are, in hexadecimal, 0x800 for IPv4, 0x86DD
Type / Length
for IPv6 and 0x806 for ARP.
Note: You may also see this field referred to as EtherType, Type, or Length.
 This field (46 - 1500 bytes) contains the encapsulated data from a higher layer,
which is a generic Layer 3 PDU, or more commonly, an IPv4 packet. All frames
Data Field
must be at least 64 bytes long. If a small packet is encapsulated, additional bits
called a pad are used to increase the size of the frame to this minimum size.

The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a
frame. It uses a cyclic redundancy check (CRC). The sending device includes the
results of a CRC in the FCS field of the frame. The receiving device receives the
Frame Check
frame and generates a CRC to look for errors. If the calculations match, no error
Sequence Field
occurred. Calculations that do not match are an indication that the data has
changed; therefore, the frame is dropped. A change in the data could be the
result of a disruption of the electrical signals that represent the bits.

Ethernet MAC Address

- IPv6 addresses and Ethernet addresses are represented using the hexadecimal base sixteen number
system.

-An Ethernet MAC address consists of a 48-bit binary value. Hexadecimal is used to identify an Ethernet
address because a single hexadecimal digit represents four binary bits. Therefore, a 48-bit Ethernet
MAC address can be expressed using only 12 hexadecimal values. we can also say that a MAC address is
6 bytes in length.

-for exemple: to convert a mac address from hexadecimal to binary numbers:

Mac address : 5A-3B-04-53-DF-F2

Binary Address: 0101 1010 – 0011 1011 – 0000 0100 – 0101 0011 – 1101 1111 – 1111 0010 .

You should recall the table of Decimal/Binary/Hexadecimal

-Hexadecimal numbers are often represented by the value preceded by 0x (e.g., 0x73) to distinguish
between decimal and hexadecimal values in documentation.

- The MAC address is used to identify the physical source and destination devices (NICs) on the local
network segment. MAC addressing provides a method for device identification at the data link layer of
the OSI model.

-All MAC addresses must be unique to the Ethernet device or Ethernet interface. To ensure this, all
vendors that sell Ethernet devices must register with the IEEE to obtain a unique 6 hexadecimal (i.e., 24-
bit or 3-byte) code called the organizationally unique identifier (OUI).

-When a vendor assigns a MAC address to a device or Ethernet interface,

the vendor must do as follows:

 Use its assigned OUI as the first 6 hexadecimal digits.

 Assign a unique value in the last 6 hexadecimal digits.

-However, it is possible for duplicate MAC addresses to exist because of mistakes made during
manufacturing, mistakes made in some virtual machine implementation methods, or modifications
made using one of several software tools. In any case, it will be necessary to modify the MAC address
with a new NIC or make modifications via software.

Frame Processing

Sometimes the MAC address is referred to as a burned-in address (BIA) because the address is hard
coded into read-only memory (ROM) on the NIC.

When the computer boots up, the NIC copies its MAC address from ROM into RAM. When a device is
forwarding a message to an Ethernet network, the Ethernet header includes these:

 Source MAC address - This is the MAC address of the source device NIC.

 Destination MAC address - This is the MAC address of the destination device NIC.

When a NIC receives an Ethernet frame, it examines the destination MAC address to see if it matches
the physical MAC address that is stored in RAM. If there is no match, the device discards the frame. If
there is a match, it passes the frame up the OSI layers, where the de-encapsulation process takes place.

Note: Ethernet NICs will also accept frames if the destination MAC address is a broadcast or a multicast
group of which the host is a member.

1- Unicast MAC Address

A unicast MAC address is the unique address that is used when a frame is sent from a single
transmitting device to a single destination device.

For a unicast packet to be sent and received, a destination IP address must be in the IP packet header. A
corresponding destination MAC address must also be present in the Ethernet frame header. The IP
address and MAC address combine to deliver data to one specific destination host.

The process that a source host uses to determine the destination MAC address associated with an IPv4
address is known as Address Resolution Protocol (ARP). The process that a source host uses to
determine the destination MAC address associated with an IPv6 address is known as Neighbor
Discovery (ND).

Note: The source MAC address must always be a unicast.

2- Broadcast MAC Address

An Ethernet broadcast frame is received and processed by every device on the Ethernet LAN.

The features of an Ethernet broadcast are as follows:

 It has a destination MAC address of FF-FF-FF-FF-FF-FF in hexadecimal (48 ones in binary).

 It is flooded out all Ethernet switch ports except the incoming port.

 It is not forwarded by a router.

If the encapsulated data is an IPv4 broadcast packet, this means the packet contains a destination IPv4
address that has all ones (1s) in the host portion (broadcast IP Address) . This numbering in the address
means that all hosts on that local network (broadcast domain) will receive and process the packet.

DHCP for IPv4 is an example of a protocol that uses Ethernet and IPv4 broadcast addresses.

However, not all Ethernet broadcasts carry an IPv4 broadcast packet. For example, ARP Requests do not
use IPv4, but the ARP message is sent as an Ethernet broadcast.
 3- Multicast MAC Address

An Ethernet multicast frame is received and processed by a group of devices on the Ethernet LAN that
belong to the same multicast group. The features of an Ethernet multicast are as follows:

- There is a destination MAC address of 01-00-5E when the encapsulated data is an IPv4 multicast
packet and a destination MAC address of 33-33 when the encapsulated data is an IPv6 multicast
packet.
- There are other reserved multicast destination MAC addresses for when the encapsulated data
is not IP, such as Spanning Tree Protocol (STP) and Link Layer Discovery Protocol (LLDP).
- It is flooded out all Ethernet switch ports except the incoming port, unless the switch is
configured for multicast snooping.
- It is not forwarded by a router, unless the router is configured to route multicast packets.

If the encapsulated data is an IP multicast packet, the devices that belong to a multicast group are
assigned a multicast group IP address. The range of IPv4 multicast addresses is 224.0.0.0 to
239.255.255.255.

The range of IPv6 multicast addresses begins with ff00::/8. Because multicast addresses represent a
group of addresses (sometimes called a host group), they can only be used as the destination of a
packet. The source will always be a unicast address.

Routing protocols and other network protocols use multicast addressing. Applications such as video and
imaging software may also use multicast addressing, although multicast applications are not as
common.

The MAC Address Table

-A Layer 2 Ethernet switch uses Layer 2 MAC addresses to make forwarding decisions. It is completely
unaware of the data (protocol) being carried in the data portion of the frame, such as an IPv4 packet, an
ARP message, or an IPv6 ND packet. The switch makes its forwarding decisions based solely on the
Layer 2 Ethernet MAC addresses.

-An Ethernet switch examines its MAC address table to make a forwarding decision for each frame

-The switch dynamically builds the MAC address table by examining the source MAC address of the
frames received on a port. The switch forwards frames by searching for a match between the
destination MAC address in the frame and an entry in the MAC address table.

So the Switch learn and forward

- Examine the Source MAC Address (Learn) : Every frame that enters a switch is checked for new
information to learn. It does this by examining the source MAC address of the frame and the port
number where the frame entered the switch. If the source MAC address does not exist, it is added to
the table along with the incoming port number. If the source MAC address does exist, the switch
updates the refresh timer for that entry in the table. By default, most Ethernet switches keep an entry
in the table for 5 minutes.

-Note: If the source MAC address does exist in the table but on a different port, the switch treats this as
a new entry. The entry is replaced using the same MAC address but with the more current port number.

- Find the Destination MAC Address ( Forward ): If the destination MAC address is a unicast address,
the switch will look for a match between the destination MAC address of the frame and an entry in its
MAC address table. If the destination MAC address is in the table, it will forward the frame out the
specified port. If the destination MAC address is not in the table, the switch will forward the frame out
all ports except the incoming port. This is called an unknown unicast.
Note: If the destination MAC address is a broadcast or a multicast, the frame is also flooded out all
ports except the incoming port

-As a switch receives frames from different devices, it is able to populate its MAC address table by
examining the source MAC address of every frame. When the MAC address table of the switch contains
the destination MAC address, it is able to filter the frame and forward out a single port.

-A switch can have multiple MAC addresses associated with a single port. This is common when the
switch is connected to another switch. The switch will have a separate MAC address table entry for each
frame received with a different source MAC address.

-When a device has an IP address that is on a remote network, the Ethernet frame cannot be sent
directly to the destination device. Instead, the Ethernet frame is sent to the MAC address of the default
gateway, the router.

Frame Forwarding Methods on Cisco Switches

With Cisco switches, there are actually two frame forwarding methods and there are good reasons to
use one instead of the other, depending on the situation.

Switches use one of the following forwarding methods for switching data between network ports:

 Store-and-forward switching - This frame forwarding method receives the entire frame and
computes the CRC. CRC uses a mathematical formula, based on the number of bits (1s) in the
frame, to determine whether the received frame has an error. If the CRC is valid, the switch
looks up the destination address, which determines the outgoing interface. Then the frame is
forwarded out of the correct port.

 Cut-through switching - This frame forwarding method forwards the frame before it is entirely
received. At a minimum, the destination address of the frame must be read before the frame
can be forwarded.

-A big advantage of store-and-forward switching is that it determines if a frame has errors before
propagating the frame. When an error is detected in a frame, the switch discards the frame. Discarding
frames with errors reduces the amount of bandwidth consumed by corrupt data. Store-and-forward
switching is required for quality of service (QoS) analysis on converged networks where frame
classification for traffic prioritization is necessary. For example, voice over IP (VoIP) data streams need
to have priority over web-browsing traffic.

-There are two variants of cut-through switching:

 Fast-forward switching - Fast-forward switching offers the lowest level of latency. Fast-forward
switching immediately forwards a packet after reading the destination address. Because fast-
forward switching starts forwarding before the entire packet has been received, there may be
times when packets are relayed with errors. This occurs infrequently, and the destination NIC
discards the faulty packet upon receipt. In fast-forward mode, latency is measured from the first
bit received to the first bit transmitted. Fast-forward switching is the typical cut-through
method of switching.

 Fragment-free switching - In fragment-free switching, the switch stores the first 64 bytes of the
frame before forwarding. Fragment-free switching can be viewed as a compromise between
store-and-forward switching and fast-forward switching. The reason fragment-free switching
stores only the first 64 bytes of the frame is that most network errors and collisions occur
during the first 64 bytes. Fragment-free switching tries to enhance fast-forward switching by
performing a small error check on the first 64 bytes of the frame to ensure that a collision has
not occurred before forwarding the frame. Fragment-free switching is a compromise between
 the high latency and high integrity of store-and-forward switching, and the low latency and
reduced integrity of fast-forward switching.

-An Ethernet switch may use a buffering technique to store frames before forwarding them. Buffering
may also be used when the destination port is busy because of congestion. The switch stores the frame
until it can be transmitted. there are two methods of memory buffering:

Method Description

 Frames are stored in queues that are linked to specific incoming

and outgoing ports.

 A frame is transmitted to the outgoing port only when all the

frames ahead in the queue have been successfully transmitted.
Port-based memory
 It is possible for a single frame to delay the transmission of all
the frames in memory because of a busy destination port.

 This delay occurs even if the other frames could be transmitted

to open destination ports.

 Deposits all frames into a common memory buffer shared by all

switch ports and the amount of buffer memory required by a
port is dynamically allocated.
Shared memory  The frames in the buffer are dynamically linked to the
destination port enabling a packet to be received on one port
and then transmitted on another port, without moving it to a
different queue.

-hared memory buffering also results in the ability to store larger frames with potentially fewer dropped
frames. This is important with asymmetric switching which allows for different data rates on different
ports such as when connecting a server to a 10 Gbps switch port and PCs to 1 Gbps ports.

Duplex and Speed Settings

-Two of the most basic settings on a switch are the bandwidth (sometimes referred to as “speed”) and
duplex settings for each individual switch port.

-It is critical that the duplex and bandwidth settings match between the switch port and the connected
devices, such as a computer or another switch.

There are two types of duplex settings used for communications on an Ethernet network:

 Full-duplex - Both ends of the connection can send and receive simultaneously.

 Half-duplex - Only one end of the connection can send at a time.

-Autonegotiation is an optional
function found on most
Ethernet switches and NICs. It
enables two devices to
automatically negotiate the
best speed and duplex
capabilities. Full-duplex is
chosen if both devices have the
capability along with their
highest common bandwidth.

-Note: Most Cisco switches and

Ethernet NICs default to
autonegotiation for speed and
duplex. Gigabit Ethernet ports
only operate in full-duplex.

-Duplex mismatch occurs when

one or both ports on a link are reset, and the autonegotiation process does not result in both link
partners having the same configuration. It also can occur when users reconfigure one side of a link and
forget to reconfigure the other. Both sides of a link should have autonegotiation on, or both sides
should have it off. Best practice is to configure both Ethernet switch ports as full-duplex.

Auto-MDIX

-Connections between devices once required the use of either a crossover or straight-through cable.
The type of cable required depended on the type of interconnecting devices.

-Most switch devices now support the automatic medium-dependent interface crossover (auto-MDIX)
feature. When enabled, the switch automatically detects the type of cable attached to the port and
configures the interfaces accordingly. Therefore, you can use either a crossover or a straight-through
cable for connections to a copper 10/100/1000 port on the switch, regardless of the type of device on
the other end of the connection.

-The auto-MDIX feature is enabled by default on switches running Cisco IOS Release 12.2(18)SE or later.
However, the feature could be disabled. For this reason, you should always use the correct cable type
and not rely on the auto-MDIX feature. Auto-MDIX can be re-enabled using the mdix auto interface
configuration command.

- Auto-MDIX is a feature that is enabled on the latest Cisco switches and that allows the switch to detect
and use whatever type of cable is attached to a specific port.

Topic 7.1.0 - In an attempt to conserve bandwidth and not forward useless frames, Ethernet devices
drop frames that are considered to be runt (less than 64 bytes) or jumbo (greater than 1500 bytes)
frames.