Gigabit Ethernet

Gigabit Ethernet (also referred to as GigE) is a site-to-site and Internet access service that when used by enterprises is intended to increase network access speeds so that they more closely match speeds in LANs. GigE operates mainly over fiber-optic cabling. A key advantage is that it uses the same protocol used in LANs, making it less complex to connect to customers' networks and simpler to upgrade to higher speeds.

GigE is used in enterprises' internal networks, carriers' metropolitan area networks (MANs), and by enterprises to access the Internet or connect to other sites. As an Internet access service for enterprises, GigE is generally offered at speeds ranging from 10 Mbps to 1000 Mbps. Enterprises also use it for point-to-point communications between LANs in metro areas and for access to national VPNs for site-to-site communications. Customers use either a router with an Ethernet port or an Ethernet switch to connect to carriers' Ethernet offerings. Cisco, Extreme Networks, Foundry Networks and Nortel manufacture GigE service switches. GigE does not require a CSU/DSU (Channel Service Unit/Data Service Unit) (used for T-1 type services), a T-1 multiplexer, or a FRAD.

Ethernet Frame Type Wrap-Up

The 802.2 variants of Ethernet are not in widespread use on common networks currently, with the exception of large corporate Netware installations that have not yet migrated to Netware over IP. In the past, many corporate networks supported 802.2 Ethernet to support transparent translating bridges between Ethernet and IEEE 802.5 Token Ring or FDDI networks. The most common framing type used today is Ethernet Version 2, as it is used by most IP -based networks, with its EtherType set to 0x0800 for IPv4 and 0x86DD for IPv6.
There exists an Internet standard for encapsulating IP version 4 traffic in IEEE 802.2 frames with LLC/SNAP headers. It is almost never implemented on Ethernet (although it is used on FDDI and on token ring, IEEE 802.11, and other IEEE 802 networks). IP traffic cannot be encapsulated in IEEE 802.2 LLC frames without SNAP because, although there is an LLC protocol type for IP, there is no LLC protocol type for ARP. IP Version 6 can also be transmitted over Ethernet using IEEE 802.2 with LLC/SNAP, but, again, that's almost never used (although LLC/SNAP encapsulation of IPv6 is used on IEEE 802 networks).

The IEEE 802.1Q tag, if present, is placed between the Source Address and the EtherType or Length fields. The first two bytes of the tag are the Tag Protocol Identifier (TPID) value of 0x8100. This is located in the same place as the EtherType/Length field in untagged frames, so an EtherType value of 0x8100 means the frame is tagged, and the true EtherType/Length is located after the Q-tag. The TPID is followed by two bytes containing the Tag Control Information (TCI) (the IEEE 802.1p priority (QoS) and VLAN id). The Q-tag is followed by the rest of the frame, using one of the types previously described in the prior "Word of the Day" (see below).

Summary of the Major Ethernet Frame Types
• The Ethernet Version 2 or Ethernet II frame, the so-called DIX frame (named after DEC, Intel, and Xerox); this is the most common today, as it is often used directly by the Internet Protocol

IEEE 802.2 LLC/SNAP frame

• Novell's non-standard variation of IEEE 802.3 ("raw 802.3 frame") without an IEEE 802.2 LLC header.

• IEEE 802.2 LLC frame

There are several types of Ethernet frames:
• The Ethernet Version 2 or Ethernet II frame, the so-called DIX frame (named after DEC, Intel, and Xerox); this is the most common today, as it is often used directly by the Internet Protocol
IEEE 802.2 LLC/SNAP frame
• Novell's non-standard variation of IEEE 802.3 ("raw 802.3 frame") without an IEEE 802.2 LLC header.
• IEEE 802.2 LLC frame

Today we will describe the Novell's non-standard variation of IEEE 802.3 ("raw 802.3 frame") without an IEEE 802.2 LLC header (which also touches on LLC frame)

Novell's "raw" 802.3 frame (no LLC header)
Novell’s "raw" 802.3 frame format was based on early IEEE 802.3 work. Novell used this as a starting point to create the first implementation of its own IPX Network Protocol over Ethernet. They did not use any LLC header but started the IPX packet directly after the length field. This does not conform to the IEEE 802.3 standard, but since IPX has always FF at the first two bytes (while in IEEE 802.2 LLC that pattern is theoretically possible but extremely unlikely), in practice this mostly coexists on the wire with other Ethernet implementations, with the notable exception of some early forms of DECnet which got confused by this.

Novell NetWare used this frame type by default until the mid nineties, and since Netware was very widespread back then, while IP was not, at some point in time most of the world's Ethernet traffic ran over "raw" 802.3 carrying IPX. Since Netware 4.10, Netware now defaults to IEEE 802.2 with LLC (Netware Frame Type Ethernet_802.2) when using IPX. (See "Ethernet Framing" in References for details.)

There are several types of Ethernet frames:



• The Ethernet Version 2 or Ethernet II frame, the so-called DIX frame (named after DEC, Intel, and Xerox); this is the most common today, as it is often used directly by the Internet Protocol

• IEEE 802.2 LLC/SNAP frame

• Novell's non-standard variation of IEEE 802.3 ("raw 802.3 frame") without an IEEE 802.2 LLC header.

• IEEE 802.2 LLC frame

Ethernet frames may optionally contain a IEEE 802.1Q tag to identify what VLAN it belongs to and its IEEE 802.1p priority (quality of service). This encapsulation is defined in the IEEE 802.3ac specification and increases the maximum frame by 4 bytes to 1522 bytes. The different frame types have different formats and MTU (maximum transmission unit) values, but can coexist on the same physical medium.



Today we will describe the Ethernet Version 2 (Ethernet II Frame) or the so-called "DIX frame" and the IEEE 802.2 LLC/SNAP frame

Ethernet Version 2 (Ethernet II Frame) or the so-called "DIX frame"
Versions 1.0 and 2.0 of the DIX Ethernet specification have a 16-bit sub-protocol label field called the EtherType. The original IEEE 802.3 Ethernet specification replaced that with a 16-bit length field, with the MAC header followed by an IEEE 802.2 logical link control (LLC) header; the maximum length of a packet was 1500 bytes. The two formats were eventually unified by the convention that values of that field between 0 and 1500 indicated the use of the original 802.3 Ethernet format with a length field, while values of 1536 decimal (0600 hexadecimal) and greater indicated the use of the DIX frame format with an EtherType sub-protocol identifier. This convention allows software to determine whether a frame is an Ethernet II frame or an IEEE 802.3 frame, allowing the coexistence of both standards on the same physical medium.

Source: http://internetworkexpert.s3.amazonaws.com/2007/11/ethernet-headers.png

IEEE 802.2 LLC/SNAP frame
By examining the 802.2 LLC header, it is possible to determine whether it is followed by a SNAP (subnetwork access protocol) header. Some protocols, particularly those designed for the OSI networking stack, operate directly on top of 802.2 LLC, which provides both datagram and connection-oriented network services. The LLC header includes two additional eight-bit address fields, called service access points or SAPs in OSI terminology; when both source (SSAP) and destination SAP (DSAP) are set to the value 0xAA, the SNAP service is requested. The SNAP header allows EtherType values to be used with all IEEE 802 protocols, as well as supporting private protocol ID spaces. In IEEE 802.3x-1997, the IEEE Ethernet standard was changed to explicitly allow the use of the 16-bit field after the MAC addresses to be used as a length field or a type field.


*Note: Mac OS uses 802.2/SNAP framing for the AppleTalk V2 protocol suite on Ethernet ("EtherTalk") and Ethernet II framing for TCP/IP.

Vampire Tap

A vampire tap (also called a piercing tap) is a device for physically connecting a station (i.e. a PC, a printer, or another device) to a network that uses 10BASE5 cabling. This device clamps onto the cable, forcing a spike through a hole drilled through the outer shielding to contact the inner conductor while other spikes bite into the outer conductor. From the vampire tap, a short cable called an AUI (Attachment Unit Interface) is connected directly from the tap to the network card in the PC. Vampire taps allow new connections to be made on a given physical cable while the cable is in use. This allows administrators to expand bus-topology network sections without interrupting communications. Without a vampire tap, the cable has to be cut and connectors have to be attached to both ends.

Source: http://www.blackbox.com/resource/files/applicationdiagrams/athickethvampconnc.GIF

Ethernet Physical Layer

The first Ethernet networks, 10BASE5, used thick yellow cable with vampire taps (which we will learn about tomorrow) as a shared medium (using CSMA/CD). Later, 10BASE2 Ethernet used thinner coaxial cable as the shared CSMA/CD (Carrier Sense Multiple Access with Collision Detection) medium. The later StarLAN 1BASE5 and 10-BASE-T used twisted pair connected to Ethernet hubs with 8P8C modular connectors.

Currently Ethernet has many varieties that vary both in speed and physical medium used. Perhaps the most common forms used are 10BASE-T, 100BASE-TX and 1000BASE-T. All three utilize twisted pair cables and 8P8C modular connectors (often called RJ45). They run at 10 Mbit/s, 100 Mbit/s, and 1 Gbit/s, respectively. However each version has become steadily more selective about the cable it runs on and some installers have avoided 1000BASE-T for everything except short connections to servers.

Fiber optic variants of Ethernet are commonly used in structured cabling applications. These variants have also seen substantial penetration in enterprise data center applications, but are rarely seen connected to end user systems for cost/convenience reasons. Their advantages lie in performance, electrical isolation and distance, up to tens of kilometers with some versions. Fiber versions of a new higher speed almost invariably come out before copper. 10 gigabit Ethernet is becoming more popular in both enterprise and carrier networks, with development starting on 40 Gbit/s and 100 Gbps Ethernet. Metcalfe now believes commercial applications using terabit Ethernet may occur by 2015 though he says existing Ethernet standards may have to be overthrown to reach terabit Ethernet.

A data packet on the wire is called a frame. A frame viewed on the actual physical wire would show Preamble and Start Frame Delimiter, in addition to the other data. These are required by all physical hardware. They are not displayed by packet sniffing software because these bits are removed by the Ethernet adapter before being passed on to the host (in contrast, it is often the device driver which removes the CRC32 (FCS) from the packets seen by the user).

More advanced networks

Simple switched Ethernet networks, while an improvement over hub based Ethernet, suffer from a number of issues:

· They suffer from single points of failure. If any link fails some devices will be unable to communicate with other devices and if the link that fails is in a central location lots of users can be cut off from the resources they require.
· It is possible to trick switches or hosts into sending data to your machine even if it's not intended for it, as indicated above.
· Large amounts of broadcast traffic, whether malicious, accidental, or simply a side effect of network size can flood slower links and/or systems.
· It is possible for any host to flood the network with broadcast traffic forming a denial of service attack against any hosts that run at the same or lower speed as the attacking device.
· As the network grows, normal broadcast traffic takes up an ever greater amount of bandwidth.
· If switches are not multicast aware, multicast traffic will end up treated like broadcast traffic due to being directed at a MAC with no associated port.
· If switches discover more MAC addresses than they can store (either through network size or through an attack) some addresses must inevitably be dropped and traffic to those addresses will be treated the same way as traffic to unknown addresses, that is essentially the same as broadcast traffic (this issue is known as failopen).
· They suffer from bandwidth choke points where a lot of traffic is forced down a single link.

Some switches offer a variety of tools to combat these issues including:

· Spanning-tree protocol to maintain the active links of the network as a tree while allowing physical loops for redundancy.
· Various port protection features, as it is far more likely an attacker will be on an end system port than on a switch-switch link.
· VLANs to keep different classes of users separate while using the same physical infrastructure.
· Fast routing at higher levels to route between those VLANs.
· Link aggregation to add bandwidth to overloaded links and to provide some measure of redundancy, although the links won't protect against switch failure because they connect the same pair of switches.