MAC Addresses, ARP, and Ethernet - Network Link Layer | Computer Networks Ep. 6.4.1 | Kurose & Ross

in this video we begin looking at local access networks in particular we look at link layer mac addresses and arp the address resolution protocol as well as different versions of the ethernet protocol let's get started all right continuing on in chapter six we have talked about the problems of multiple access to shared channels and now we're going to get down to some more details of link layer protocols starting with how they handle addressing mac addressing works significantly differently than ip addressing but just as a reminder the ip address is 32 bits and it's used for

layer 3 forwarding and layer 3 forwarding is based on longest prefix matching the mac addresses which are the layer 2 addresses are used locally in the context of ip a mac address is only significant within one subnet and at this point almost all layer 2 technologies use a 48-bit mac address and these addresses are embedded in the network interface card and there may or may not be some way to change them via the software if we need to write out a mac address we do in the following format with pairs of hexadecimal digits the hyphens

in between the pairs of digits are just for convenience and in some cases are replaced with colons one digit in hex represents four bits in binary so these 12 characters represent the 48 bits of the mac address all right so here we have an example land and we're looking at the mac addresses of the interfaces connected to that lan now we note that in the ip addresses shown they all share the same prefix which is a requirement for longest prefix matching to work however the mac addresses share no such constraint in fact they look pretty

much random and have nothing in common with one another in fact the first few bits of the mac address identify its manufacturer and the rest of the bits are set either serially or randomly by the device manufacturer so we can't require that the mac addresses on a lan have any particular relationship to one another and what this implies is that when we need to forward frames to a particular mac address we can't do any form of longest prefix matching because we don't have that type of relationship between the addresses instead we must do exact matching

only when forwarding frames to a particular mac address so where do we get mac addresses all the manufacturers get them from the ieee so the ieee assigns them in blocks which is why the first 12 bits of the mac address identified the manufacturer although large manufacturers will have multiple of these prefixes known as ouis and then that manufacturer can use all of the addresses within that block so just like there's nothing in your social security number that would tell someone how to find directions to your house there's nothing in the structure of the mac address

that would help us find out how to get a packet to that host the advantage to this is portability the mac address goes with the device it doesn't have to change when it connects to a new network this is in contrast to ip addresses which stay with the network and when a device leaves one network and connects to another one its ip address changes so our next problem is how do we find out what mac address to use as a destination to a frame the device knows its own mac address to use in the source

field and we've talked about how a host can use dns to find out the ip address that it needs to send the ip packet to but how does it find the mac address using the destination field of the layer 2 frame that relies on a protocol called arp the address resolution protocol and this is another distributed database lookup type function but instead of mapping from a host name to an ip address it maps from an ip address to a mac address so every node on a network has to maintain an arp table or a mapping

of the ip address mac address pairs that it's aware of and like most other mappings we've seen there's a ttl after which this entry is considered stale and removed from the table a common default for this ttl is 20 minutes now let's see how we populate this table so we have host a and they want to send a datagram to host b we assume that host a has already found out the ip address for host b and now it needs the mac address when it looks in its arp table it doesn't have a mapping for

that ip address so it will send out a broadcast arp message and just like the broadcast address in ip is the all ones address the broadcast address in layer 2 is the all ones address so all f's in hexadecimal so this layer two message says who has this destination ip address that a is looking for and every node on the local network will get this broadcast message and whichever one has that address should reply using its own mac address so the frame has a source mac address and inside it has a source ip address and

a target ip address now view receives this message and says oh that's my ip address so it responds back using an arp response that includes its mac address it knows what mac address to send this back to due to the contents of the original message and so it has the mapping between its ip address and mac address a can then update its arp table with the contents of this message and then it can send out all the frames that it needs to to that destination mac address so that process is fine if a and b

are on the same subnet however these broadcast frames the all ones mac address don't get forwarded by routers so it's only devices that are on the same subnet that would hear this query so if we have a topology like this one with a router in between a and b if a were to send out an arp request for b's ip address it would never reach b because the router will not forward the arp request this is a good thing because it allows the network to scale if arp requests were forwarded by routers there would be

so many of them propagating around networks that they would consume too much bandwidth so instead when a looks at b's address it can compare it to its own and its subnet mask and understand that b is in a different subnet so a will not send out an arp request for b's address so here's our scenario a is on the subnet with all ones in the prefix and b is on the subnet with all twos in the prefix a is already found b's address through dns a also knows the address of the first hop router this

is a's gateway which is either programmed in by the administrator or learned through dhcp a also knows r's mac address now how does that happen well because a knows the ip address of its gateway it can send an arp request for that ip address and get the gateway router's mac address so with all that information in hand how does a get b's mac address a is able to go ahead and create a datagram with b's destination ip address but when it gets to layer 2 it's going to use the mac address of the gateway router

as the destination remember we said layer 2 addresses only have significance within the local subnet even if a new b's mac address if it used it as the destination here no one on a's subnet would know how to get that frame over to b so from a layer 2 perspective the router is the destination for the frame and not just any mac address on the router it is specifically the mac address of the router's interface on a's subnet so this frame is sent over the router which as we know is a layer 3 device and

it passes up the stack there and it's passed all the way up to the ip layer meaning the layer 2 frame is completely removed from this packet before forwarding happens then when the ip iplayer is going to send this out the other interface it's creating a whole new frame so the fields in this frame need to have no relation to the fields in the layer 2 frame that a send out in fact this could be a completely different layer to technology altogether the new frame header now has the router's interface on b's subnet as the

source mac address and it has a b's mac address as the destination for the layer 2 frame header how did it get that well the router can issue an arp request for b any layer 3 device can issue arp requests but it is highly likely that the gateway router would have b's mac address cached because b probably has sent traffic to the gateway router already so the router is all set to transmit the frame onto b when b's network interface receives the frame it's able to extract the ip datagram and pass it on up the

stack all right now that you know just enough about mac addressing and arp to be dangerous let's explore ethernet in a little more detail ethernet is the dominant land technology today certainly there have been others in the past but at this point there are a few if any real competitors to ethernet in this space its success is largely due to the simplicity of the design using the csma based protocol and this has also helped to keep up with the speed race with up to 400 gigabits per second possible today ethernet interfaces also tend to support

multiple speeds so if you have two devices with different speed capabilities they're still able to talk just at the speed of the lower device the early versions of ethernet were literally a bus meaning one long coaxial cable with multiple computer interfaces tapped into it so this bus architecture might run the length of a hallway in a building or something like that when we draw this architecture we typically do something like this with a shared line and multiple lines coming off of it as time progressed the long bus cable running down hallways was replaced with a

device called a hub but the function was the same it was still a shared medium however by the end of the 90s switches were becoming more and more common and switches were an active device in the middle of a layer 2 network which was able to break up the collision domain and create point-to-point links between the switch and every individual host so by the time ethernet reached one gigabit speeds the shared bus model was no longer in use for switch networks when we're drawing the layer 2 architecture we put the switch in the middle and

draw the point point links to each host these point to point links are full duplex and so there's no collisions in a fully switched layer 2 network as we saw before our collisions are the source of significant inefficiency in these networks and so eliminating them greatly increases the possible utilization even on busy layer 2 networks here we have the ethernet frame which includes an eight byte preamble this is because the clocks of devices on an ethernet network are not synchronized with one another so as it receives the frame it's able to read the known pattern

and synchronize its clock to the bit timings and then successfully read the rest of the frame we then have it the destination and source address these are the mac addresses followed by the type the ethernet type commonly referred to as the ether type provides the demultiplexing function this is analogous to an ip protocol number or a transport layer port number the type tells us what's in the payload so there's one type for an ipv4 packet and another type for an ipv6 packet and other types for routing protocols that run directly on top of layer 2

and another type for arp and for any other message that runs directly over layer 2 instead of inside of ip so we have 12 bytes of addressing for the two mac addresses combined and every time the adapter receives a message it looks to see if it matches its mac address and destination address in which case it will pass it up based on the type field or it looks for the broadcast address in which case it will also pass it up based on the type field any frame that doesn't meet one of those criteria is discarded

this is known as a broadcast and select model the interface may see many frames that it doesn't actually need to process some other types that have run over ethernet in the past include the novell ipx protocol and the apple talk protocol both of which have since become obsolete and replaced with ip at the end of the frame we have a trailer containing the crc bits for the cyclic redundancy check again this is just an error check and so if an error is detected the frame must be dropped similar to ip ethernet is unreliable and connectionless

there's no handshaking or congestion establishment between nics that communicate with one another and there's no acknowledgments or negative acknowledgments sent so if any frame does get dropped whether due to a collision or a failed error check it's up to the higher layers to handle any type of re-transmission ethernet's mac protocol is the csma cd with binary back-off that we described in a previous video there have been many different ethernet standards over time because not only has ethernet supported many different speeds over the years it has also supported different physical media and the ethernet standard covers

not only the framing and the protocol but the parameters of the physical interfaces support it so some of these have been the coaxial cables that we talked about before with physical taps today it's commonly the rj45 ports containing four copper twisted pairs but ethernet also runs over fiber optics and these may be single mode or multi-mode fiber optics so we can differentiate to standards by speed and by medium and all the ones listed here are just for 100 megabits per second so you can imagine that there are similar versions for one gigabit 10 gigabit 40

gigabit etc that wraps up our discussion of addressing ethernet in the next video we'll move on to talking about layer 2 switches as well as vlans see you then we hope you enjoyed this video if you found it to be useful please click the like button to be notified when more videos are posted for this class please subscribe to our channel and click the bell [Music] you