IP Tec for Mobile Networks

IP for mobile networks - Page 1

All Rights Reserved Alcatel-Lucent 2009


TechnologyIP for Mobile Networks

STUDENT GUIDE

TTP18031 D0 SG DEN I1.0

All rights reserved Alcatel-Lucent 2008 Passing on and copying of this document, use and communication of its contents

not permitted without written authorization from Alcatel-Lucent



All Rights Reserved Alcatel-Lucent @@YEAR

IP for mobile networksTechnology

2

Terms of Use and Legal Notices

Switch to notes view!1. Safety WarningBoth lethal and dangerous voltages may be present within the products used herein. The user is strongly advised not to wear

conductive jewelry while working on the products. Always observe all safety precautions and do not work on the equipment

alone.

The equipment used during this course may be electrostatic sensitive. Please observe correct anti-static precautions.

2. Trade Marks

Alcatel-Lucent and MainStreet are trademarks of Alcatel-Lucent.

All other trademarks, service marks and logos (Marks) are the property of their respective holders, including Alcatel-Lucent.

Users are not permitted to use these Marks without the prior consent of Alcatel-Lucent or such third party owning the Mark. The

absence of a Mark identifier is not a representation that a particular product or service name is not a Mark.

Alcatel-Lucent assumes no responsibility for the accuracy of the information presented herein, which may be subject to change

without notice.

3. Copyright

This document contains information that is proprietary to Alcatel-Lucent and may be used for training purposes only. No other

use or transmission of all or any part of this document is permitted without Alcatel-Lucents written permission, and must

include all copyright and other proprietary notices. No other use or transmission of all or any part of its contents may be used,

copied, disclosed or conveyed to any party in any manner whatsoever without prior written permission from Alcatel-Lucent.

Use or transmission of all or any part of this document in violation of any applicable legislation is hereby expressly prohibited.

User obtains no rights in the information or in any product, process, technology or trademark which it includes or describes, and

is expressly prohibited from modifying the information or creating derivative works without the express written consent of

Alcatel-Lucent.

All rights reserved Alcatel-Lucent 2008

4. Disclaimer

In no event will Alcatel-Lucent be liable for any direct, indirect, special, incidental or consequential damages, including lost

profits, lost business or lost data, resulting from the use of or reliance upon the information, whether or not Alcatel-Lucent has

been advised of the possibility of such damages.

Mention of non-Alcatel-Lucent products or services is for information purposes only and constitutes neither an endorsement, nor

a recommendation.

This course is intended to train the student about the overall look, feel, and use of Alcatel-Lucent products. The information

contained herein is representational only. In the interest of file size, simplicity, and compatibility and, in some cases, due to

contractual limitations, certain compromises have been made and therefore some features are not entirely accurate.

Please refer to technical practices supplied by Alcatel-Lucent for current information concerning Alcatel-Lucent equipment and

its operation, or contact your nearest Alcatel-Lucent representative for more information.

The Alcatel-Lucent products described or used herein are presented for demonstration and training purposes only. Alcatel-

Lucent disclaims any warranties in connection with the products as used and described in the courses or the related

documentation, whether express, implied, or statutory. Alcatel-Lucent specifically disclaims all implied warranties, including

warranties of merchantability, non-infringement and fitness for a particular purpose, or arising from a course of dealing, usage

or trade practice.

Alcatel-Lucent is not responsible for any failures caused by: server errors, misdirected or redirected transmissions, failed

internet connections, interruptions, any computer virus or any other technical defect, whether human or technical in nature

5. Governing Law

The products, documentation and information contained herein, as well as these Terms of Use and Legal Notices are governed by

the laws of France, excluding its conflict of law rules. If any provision of these Terms of Use and Legal Notices, or the

application thereof to any person or circumstances, is held invalid for any reason, unenforceable including, but not limited to,

the warranty disclaimers and liability limitations, then such provision shall be deemed superseded by a valid, enforceable

provision that matches, as closely as possible, the original provision, and the other provisions of these Terms of Use and Legal

Notices shall remain in full force and effect.





3

Course Outline

1.1. TCP/IP BasicsTCP/IP Basics

2.2. Ethernet technologyEthernet technology

3.3. Point to Point transportPoint to Point transport

4.4. IP LayerIP Layer

5.5. Transport LayerTransport Layer

6.6. Application Services Application Services

7.7. Quality of ServiceQuality of Service

8.8. MPLS ServicesMPLS Services

9.9. Introduction to IPSECIntroduction to IPSEC

1. TCP/IP

1. Basic Concepts

2. Ethernet technology

1. Bridges and Switches

2. Virtual LANs

3. Point to Point transport

1. PPP/ML-PPT

4. IP Layer

1. IP addressing

2. Routing principles

3. Redundancy (HSRP/VRRP)

5. Transport Layer

1. User Datagram protocol (UDP)

2. Transmission Control Protocol (TCP)

3. SIGTRAN

6. Application Services

1. Synchronization (NTP)

2. FTP/ SFTP

3. Voice over IP (VoIP)

7. Quality of Service

1. QoS problems

2. Mechanisms of the QoS

8. MPLS overview

1. Label switching

2. Traffic engineering

3. MPLS services

9. IPSEC Introduction

1. Security association

2. Tunnel setup

3. IKE





4

About this Student Guide

Switch to notes view!Conventions used in this guide

Where you can get further information

If you want further information you can refer to the following:

Technical Practices for the specific product

Technical support page on the Alcatel website: http://www.alcatel-lucent.com

Note

Provides you with additional information about the topic being discussed.

Although this information is not required knowledge, you might find it useful or

interesting.

Technical Reference (1) 24.348.98 Points you to the exact section of Alcatel-Lucent Technical

Practices where you can find more information on the topic being discussed.

WarningAlerts you to instances where non-compliance could result in equipment damage or

personal injury.

Section 1 Page 1


Do not delete this graphic elements in here:

1All Rights Reserved Alcatel-Lucent 2009

Section 1TCP/IP Overview



Section 1 Page 2



Technology IP for Mobile NetworksTCP/IP Overview

Module Objectives

Upon completion of this module, you should be able to:

Describe the basic concepts of communication over an IP network

Describe the role of the first four layers of the TCP/IP stack list

Explain the operating principle of the main protocols that make up the TCP/IP stack

Section 1 Page 3




1.1 Basic Concepts

Section 1 Page 4




1 Basic Concepts

Network Categories

LANLAN MANMAN

WANWAN

Networks generally fall into three categories, depending on their size and geographical coverage:

Local Area Network (LAN): coverage is limited to a university campus, company premises, etc.

Metropolitan Area Network (MAN): coverage extends to a geographical area, the size of a town. MANsprovide high-speed links between several LANs in the same geographical area (less than one hundred

kilometers).

Wide Area Network (WAN): coverage extends to wide geographical areas.

Section 1 Page 5




1 Basic Concepts

Network Topologies

RingRing Central

StarStarBusBus

An IT system is made up of computers connected to each other by communication links (network cables, etc.)

and hardware devices (network boards and other equipment that enables data to circulate properly). The

physical layout of the network (the spatial configuration) is known as the physical topology. Topologies generally fall into the following categories:

bus topology: in a bus topology, all the computers are connected to the same transmission link.

star topology: in a star topology, the computers in the network are connected to a central equipment system.

ring topology: in a network with ring topology, the computers are connected to each other in a ring and communicate in turn.

Section 1 Page 6




1 Basic Concepts

Connectionless Communication Mode

Connectionless networkConnectionless network

P1

P2

P3

P1

P2

P3

P1P2P3P1

P2

P3

P1

P2

P3

In a connectionless network:

All packets must know the destination address.

No connection is established: flows to the same destination can travel along different routes.

Data can arrive at the destination in any order.

Section 1 Page 7




1 Basic Concepts

Connection-Oriented Communication Mode

Connectionless networkConnectionless network

P1

P2

P3

P1

P2

P3

P1P2P3P1

P2

P3

ConnectionConnection--oriented networkoriented network

P1P2

P3

P1

P2

P3

P1P2P3P1

P2P3

Path establishment

Path release

Data transfer

P1

P2

P3

In a connection-oriented network, a connection must be established when two devices wish to communicate.

The intermediate nodes must preserve the context of this connection.

Connection-oriented communication is characterized by:

the setting up of a virtual circuit.

the identification of data by a path identifier.

the delivery of data in the order it is sent.

the need to release the connection after communication.

Section 1 Page 8




1 Basic Concepts

Network Interconnection

LANLAN

LANLAN

WANWAN

TCP/IPTCP/IPnetworknetwork

interconnectioninterconnection

LANLAN

The main role of TCP/IP is the interconnection of networks.

The main difficulty lies in the fact that networks can fall into very diverse categories.

Indeed, connecting networks can involve local business networks based on the following types of topology:

bus

ring

star

Connecting networks can also involves long-haul mesh networks such as:

ATM

Frame Relay

Public Switched Telephone Networks

The role of TCP/IP is therefore to provide universal communication services over diverse physical networks.

Section 1 Page 9




1 Basic Concepts

Communication Needs

- Point-to-Point (leased lines, PSTN, etc.)

- Point-to-multipoint (Local Area Networks),

- Virtual connections (Wide Area Networks),

Some rSome rules areules are

essential foressential for

communications communications

Protocols

Some additionalsoftware are

offered

Services

Many kinds of connections:Many kinds of connections:

DOS, UNIX, LINUX, etc.

Various Operating SystemsVarious Operating Systems

To facilitate the user tasks: file transfer ,

mail exchanges ,

surf the Net , .

Network interconnection brings into play different types of links:

point-to-point links.

multipoint links (deployed mainly in local networks).

virtual-circuit links used in WAN networks (e.g. ATM, Frame Relay, X25).

Network interconnection also brings into play different operating systems, the main ones being:

DOS

Unix

Linux

These operating systems function on machines built by different equipment manufacturers.

Rules therefore had to be defined to enable dialog. These communication rules are known as protocols.

Additional software also had to be developed and integrated in the TCP/IP protocol stack to make it easier for

users wishing to:

transfer files,

exchange e-mails,

surf the internet,

perform many other tasks.

These types of software are known as services.

Section 1 Page 10




1 Basic Concepts

TCP/IP Model

Physical1

Link2

Network3

Transport4

Session5

Application

7

Presentation6

HTTP TELNET FTP SMTP DNS TFTP SNMP

TCP UDP

ARPARPIP ICMPICMP

IEEE 802.2 (LLC)/802.1 (Bridging)

IEEE 802.3 (CSMA/CD)

ATM,

PPP/ML PPP, HDLC...

1000Base-SX1000Base-LX1000Base-CX 100BaseT 1000Base-T

When people refer to communication software, they generally mean the Open Systems Interconnection (OSI) architecture,

which was developed by International Standards Organization (ISO) between 1977 and 1984. The OSI model is broken down

into 7 layers. Each layer plays a specific role: the physical layer is responsible for the transmission of bits over the

transmission medium; the data link layer is responsible for the transmission of frames between devices that are

interconnected physically; the network layer is responsible for routing packets within the network; the transport layer is

responsible for end-to-end message transmission; the session layer is responsible for dialog synchronization; the

presentation layer is responsible for data representation and format conversion; and the application layer is responsible

for hosting network-oriented utilities and applications.

TCP/IP does not follow exactly the same pattern as OSI. The lower-level TCP/IP protocols do not fulfill the role defined by

OSI for the physical and data link layers. At level 3, IP complies with the OSI model. You will discover other very

important network-layer protocols such ARP and ICMP. At level 4, two transport protocols are used: TCP and UDP. Finally,

services are integrated in the three upper layers of the OSI model.

Here are a few examples: HTTP for surfing the internet; Telnet for remote control of a device; FTP for file transfer; SMTP

for e-mail exchange; DNS for internet addressing; TFTP for file transfer, SNMP for network administration.

When people refer to TCP/IP layers or protocols, they are referring not only to these two protocols but to all the

protocols in the stack, which includes TCP and IP.

The TCP/IP sources are available free of charge and were developed independently of any particular architecture,

operating system, or proprietary structure. They can therefore be transported over any type of platform. They form an

open system that is continually evolving and therefore highly popular.

TCP/IP operates over a diverse range of media and technologies such as serial links, coaxial cables, optical fiber, radio

links, ADSL, ATM networks, etc.

The addressing mode is shared by all TCP/IP users regardless of the platform they use. If the address is unique,

communication can take place even if the hosts are on different sides of the world.

The higher protocols are standardized to allow for wide-ranging developments over all types of machines.

Section 1 Page 11




1 Basic Concepts

Standardization

ISOCISOC

RFC editorRFC editor

IABInternet Architecture Board

Internet Engineering Task Force

IESGIESGInternet Engineering Steering Group

Area 1

WGWorking Group

WGWorking Group

Area 7

WGWorking Group

WGWorking Group

http://www.rfchttp://www.rfc--editor.org/rfcsearch.htmleditor.org/rfcsearch.html

IANA IANA www.iana.orgInternet Assigned Numbers

Authority

IANA IANA www.iana.orgInternet Assigned Numbers

Authority

Internet Internet

CorporationCorporation

for for

Assigned Assigned

Names and Names and

NumbersNumbers

www.icann.org

TCP/IP Standardization

The organization responsible for standardization is the "Internet Society". It is made up of individual members

as well as organizations and industrial companies.

The Internet Society is headed by the IAB, which comprises twelve members elected for 2 years.

The IAB is supported by the IETF for studies into new standards and the IANA, which is mainly charged with

assigning official values to certain fields of various protocols and allocating Internet IP addresses.

The IETF is managed by the IESG.

The IETF is divided into Areas. Working Groups are set up within the Areas.

Each Area specializes in a particular Internet field:

one Area is responsible for applications.

another for the Internet.

another for routing.

another for security issues.

another for transport protocols.

the final Area for performance.

It should be noted that the IANA, which was originally formed under the auspices of the American

government, now answers to the ICANN, a non-governmental organization. The new organization has not

affected the responsibilities of the IANA, which continues performing the same functions.

The standards are issued in the form of Request For Comments (RFCs) and are free of charge and available

online.

Section 1 Page 12




1 Basic Concepts

Use of Layers in a TCP/IP Communication

IPIP

NetworkNetwork

HostHost

HostHost

Port s21

IP@ ab

Phys@ 12

Phys@ s8d7

IP@ ab

Phys@ s4d15Phys@ s1d2

Phys@ s4d15

dataPort s21

IP@ ab

data

Network

Transport

Link

Network

Transport

Link

datadata FTP21

www80

Mail25

@IPb@IPb@IPa@IPa

IP@ ab

Phys@ 87 Phys@415

Phys@2

Phys@6

Phys@8

Phys@7

Phys@: 1

Phys@3

Phys@4 Phys@: 15

Phys@12

Phys@9

Phys@34

Phys@ 18

hosthost serverserver

When two users wish to communicate, one is the Client because in the IP world the client is defined as the

user requesting the service while the other is the Server because that user provides the service.

Here, the Server is capable of providing various services but the Client wishes to request one service only.

The transport layer is charged with targeting the required service. For this, each application is allocated an

official number known as a "port number". (N.B. the IANA is responsible for allocating a port number to every

new service.) The transport layer sends the datagram to the lower-layer IP. This IP packet must be sent to the

remote server. For this reason, every machine connected to the IP network is therefore assigned a logical

address called an IP address. One of IP jobs is to insert a header. The main fields in this header are the packet

source and destination addresses. The packet is then sent to the data link layer, which encapsulates it in a

frame with a header containing the physical source and destination addresses. Finally, the frame is

transferred to the transmission medium.

All the machines connected to this transmission medium analyze the frame header but because only the

router interface recognizes its physical address it extracts the contents of the frame and transmits them to

the upper-layer IP. The routers network layer analyzes the packet header, especially its destination IP

address. Its routing table indicates the outgoing interface and the next physically connected device the

packet must pass through to reach its final destination. The IP packet is transferred to the data link layer,

which encapsulates it in a frame. This time, the physical source address is the source router interface address

and the physical destination address is the address of the next router interface. Once again, only the router

recognizes its physical address in the frame transported by the transmission medium. It therefore extracts the

packet from the frame and sends its contents to its network layer. The network layer routes the packet to the

outgoing interface using its routing table.

Finally, the frame is transferred to the last link. The destination machine recognizes its physical address in

the header and sends the contents to its IP. The IP of the final destination machine recognizes its own IP

address in the destination IP field of the packet received. The contents of the packet are then sent to the

transport layer, which examines the header. Thanks to the destination port number contained in the layer-4

protocol header, the data is routed to the service chosen by the Client.

Section 1 Page 13




Answer the Questions

The OSI reference model is quite similar to TCP/IP, with one major exception. Where does the difference come from?

Layer 3

The top of the stack

Layer 1

The top of the stack

Section 1 Page 14




Answer the Questions [cont.]

What are the attributes of protocol layering that are used by TCP/IP?

Independent of data link (layer 2) protocol

Independent of network (layer 3) protocol

Independent of physical facilities used

Application layer runs only at endpoints

Section 1 Page 15




Blank page

Section 1 Page 16




End of Section

Section 2 Page 1



2All Rights Reserved Alcatel-Lucent 2009

Section 2Ethernet technology



Section 2 Page 2



Technology IP for Mobile NetworksEthernet Technology

Module Objectives

Upon completion of this module, you should be able to explain:

the principle of CDMA/CD operation

the Ethernet 802.3 frame format

the interest of VLAN

the VLAN tagging process

the 802.1x authentication mechanisms

Section 2 Page 3




1. Ethernet principles

Section 2 Page 4




1 Ethernet principles

CSMA/CD mechanism

HUB = multiport repeater

T

RR

T

RR

T

RR

T

RR

RJ45 connector

4-port HUB

132

Section 2 Page 5





10/100Base-T: Link Status

hub

T

RR

T

RR

T

RR

12

T

R

RR TT

16.8ms

LinkLED

LinkLED

16.8msLink Test Pulse

Normal Link Pulse

Link broken 4

TransmissionTransmission

Listening?

Transmission

(busy)

(free)

5

6

CollisionCollision7

A machine that does not realize it has a faulty transceiver may start transmitting despite CSMA and cause

collisions. To prevent such a situation from arising, a signal is emitted (when the segment is inactive) to

validate the link. This signal is known as the "Link Test Pulse" or "Normal Link Pulse" and is a 5MHz pulse

emitted every 16.8ms.

In general, a LED is associated with the signal. If the "Link" LEDs on the two interconnected devices are on,

the segment is functioning correctly.

When there are no frames to transmit, each device emits a series of test signals (link test pulses),

interspersed with silences, over the transmit pair. The receive pair of the transceiver at the other end of the

link waits for this signal in order to check the integrity of the line or rather of its receive pair (pair 2).

Section 2 Page 6





10/100/1000 Base T: Cables

UTP category 5STP category 5

RJ45

100 B100 Base ase TXTX

Base band

Twisted

pair

10 B10 Base ase TT10Mb/s

UTP: Unshielded Twisted Pair

STP: Shielded Twisted Pair

Fast Ethernet

1000 B1000 Base ase TXTX100 Mb/s

1000 Mb/s Gigabit Ethernet

Ethernet

10Base-T refers to the Ethernet cabling standard based on twisted pairs.

100 Base T comes in several flavors (T2, T4, TX). Today, it is mainly 100 Base TX that is used.

1000 Base TX is a Gigabit Ethernet technology using twisted pairs. (802.3 ab).

Various cables can be used. They generally comprise 4 copper-wire pairs. The most common are:

UTP cables: category-5 unshielded twisted pairs,

STP cables: category-5 shielded twisted pairs.

The connections are made using 8-pin RJ45 connectors.

Category 5 E cables are adapted for Gigabit Ethernet (up to 100 m)

Section 2 Page 7





10Base-T: Hub Connection

HUB10Base-T

HUB10Base-T

100m100

m

100m

100m

HUB10Base-T

100m

HUB10Base-T

100m

100m

100m

100m

100m

HUB10Base-T

100m

100m

500m 4 repeaters

Characteristics of a 10Base-T LAN

The maximum distance between the Host or router and the Hub is 100 meters.

The number of ports on the Hub is variable.

To increase the number of ports on a 10Base-T LAN, several Hubs can be cascaded. The distance between 2

Hubs is also limited to 100 meters.

The maximum distance between 2 stations is limited to 500m and there can be no more than 4 Hubs between

2 stations.

Section 2 Page 8





Fast Ethernet 100Base-T: Hub Connection

HUB100Base-T

100m

100m

220m 2 repeaters

100m

100m

100m

100m

100m

100m

HUB100Base-T

20m

Fast Ethernet Cabling

100Base-T (also known as "Fast Ethernet") is subject to certain restrictions:

Although the maximum distance between the stations and the Hub is still 100 meters, the maximum distance

between Hubs has fallen to around 20 meters.

The number of Hubs between 2 stations must not exceed 2, which means that the maximum distance

between 2 stations falls to 220 meters.

Section 2 Page 9





Logical Address and Physical Address

IP: Internet Protocol

MAC: Medium Access Control

IP@ = logical addressIP@ = logical address

xz

Alice Bob

MAC@ = physical addressMAC@ = physical address

The Medium Access Control (MAC) is part of the data link layer and is responsible for transmitting blocks of

bits (i.e. frames) between devices that are connected to each other physically.

Before looking in detail at the format of a MAC frame, lets consider the different addressing methods in

TCP/IP.

Two types of address are used in TCP/IP:

The logical address or IP address

The physical address or MAC address

To understand why 2 types of address are used, an analogy can be drawn with the traditional telephone

network.

The logical address could be compared to the peoples names, and the physical address to the telephone

numbers.

When a person, lets say Alice, wishes to communicate with Bob, her first thought is:

"Im going to call Bob." However, when she actually makes the call, she will probably have to look in a phone

directory and dial Bobs telephone number.

The principle is the same in TCP/IP. A station wishes to send a data packet to another station. It indicates the

logical IP address of the remote station. But, in practice, this IP packet will be transported in a frame using

physical addresses. Later on, you will see that the routing tables in TCP/IP are generated automatically by

means of the Address Resolution Protocol (ARP).

Section 2 Page 10





Unicast MAC Address

MACMAC

MAC MAC MAC

00.6f.66.32.0b.0800.6f.66.32.0b.08

00.80.9f.00.02.0300.80.9f.00.02.03 00.53.27.32.02.c800.53.27.32.02.c800.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.cb.0a00.35.d6.39.cb.0a

Dest:Dest: 00.53.27.32.02.c8 ..00.53.27.32.02.c8 ..

Lets first look at physical Ethernet addressing.

There are different types of MAC addresses. First of all, the unicast address: this type of address is assigned to each Ethernet card and is globally unique.

It should be noted that a station with n interfaces will have n MAC addresses.

Unicast addressing is used when a frame needs to be sent to a single, specific station.

The frame placed on the transmission medium can be read by all the stations connected to the LAN.

All of the station interface cards decode the destination MAC address field.

But only the station whose address matches with the MAC address interrupts its processor to deliver it the

contents of the frame. The other stations ignore the frame.

Section 2 Page 11





Broadcast MAC Address

MAC

00.6f.66.32.0b.0800.6f.66.32.0b.08

MAC

00.53.27.32.02.c800.53.27.32.02.c8MAC MAC

00.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.cb.0a00.35.d6.39.cb.0a

Dest:Dest: ff.ff.ff.ff.ff.ffff.ff.ff.ff.ff.ff

00.80.9f.00.02.0300.80.9f.00.02.03MAC

The second type of MAC address is the Broadcast address.

This time, a station wishes to send data to all the stations connected to the LAN. Rather than sending n

frames in unicast mode, the transmit station (egress station) uses broadcast addressing. This means that the

destination MAC address field contains only 1s.

Once again, the frame is placed on the transmission medium.

All the interfaces connected read the destination MAC address and see that it is a broadcast.

All the interfaces interrupt their processors to deliver them the contents of the frame.

Section 2 Page 12





Multicast MAC Address

MAC

00.6f.66.32.0b.0800.6f.66.32.0b.08

MAC

00.53.27.32.02.c800.53.27.32.02.c8MAC MAC

00.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.cb.0a00.35.d6.39.cb.0a

Dest:Dest: 01.00.5e.00.00.09 ..01.00.5e.00.00.09 ..

00.80.9f.00.02.0300.80.9f.00.02.03MAC 01.00.5e.00.00.0901.00.5e.00.00.09

01.00.5e.00.00.0901.00.5e.00.00.09

The last type of MAC address is the Multicast address.

Certain stations can join a group and receive a second address, known as a multicast address, that is shared

by all stations in the group.

A station wishing to send a frame solely to the stations in the group puts the multicast address in the

destination address field of the frame.

All interfaces connected to the link decode the frame but only stations with the multicast address interrupt

their processors to deliver them the frame data.

Section 2 Page 13





MAC Address - Details

Serial number (24 bits)

6 bytes (48 bits)

Hexadecimal representation (12 digits)

Examples:Examples:CISCO: CISCO: 0 0 .1 0 .7 B0 0 .1 0 .7 B . . x x . x x . x x x x . x x . x x ALU: ALU: 0 0 .8 0 . 9 F .0 0 .8 0 . 9 F . x x . x x . x x x x . x x . x x

managed by manufacturermanaged by manufacturer

I/G: Bit0: Individual (or Unicast), associated to only one equipment

1: Group (or Multicast), associated to a group of equipment

U/L: BitU/L: Bit0: 0: UniversalUniversal, unique address, unique address

1: Local, local meaning1: Local, local meaning

vendor code (22 bits)

O.U.I.: Organizational Unit Identifier (Assigned by IEEE)

What is the format of a MAC address?

MAC addresses comprise 48 bits or 6 bytes.

How can you ensure that a unicast address is unique?

The IEEE standardization body assigns each Ethernet card manufacturer a 22-bit number.

It is then up to the manufacturer to allocate serial numbers as the cards come off the assembly line and

ensure that the numbers are unique.

MAC addresses generally comprise 12 hexadecimal digits. The codes assigned to manufacturers CISCO and

Alcatel-Lucent, for example, begin with:

00.10.7b for CISCO,

00.80.9f for Alcatel-Lucent.

Certain manufacturers are assigned several codes.

The 2 most significant bits play a special role:

The "Universal / local" bit is not used in Ethernet but rather in Token Ring technology.

The most significant bit is, however, very important since it determines whether the address is unicast (if

the bit is set to 0) or multicast (if the bit is set to 1).

Some people may wonder whether, with the explosion of Internet, 48 bits is enough to cover current, and

indeed future, requirements.

In fact, 48 bits is well over enough since it offers a capacity of around 281 thousand billion combinations.

Even if the first 2 bits have special functions, there is still enough capacity to provide every man, woman and

child on the planet 12,000 Ethernet cards.

Lets look at it from another angle: if industry produced 100 million interface cards a day, every day of the

year (i.e. 500 times more than is currently produced), it would take 2,000 years to use up the address space

available.

Section 2 Page 14





Ethernet frame format

Ethernet frameEthernet frameMAC @ dest.

6

MAC @ src.

6

Ethertype>5DC

2

Indicate the higher-level protocol Value > 5DCH or 1500D.Examples: IP: 0800H

ARP: 0806HIPv6:86DDH

FCS

4

Control

SFD

1

Start Frame Delimiter10101011

Data Padding

46 to 1500

Max Trans. Unit (MTU): 1500Mini. size: 46 (possibly padding)

MTU: Maximum Transmission Unit

IP: Internet Protocol

ARP: Address Resolution Protocol

FCS: Frame Check Sequence

1518 length 64

Preamble7 x AA

Bytes 7

Synchronization

1980: Beginnings of 10Mbps Ethernet

In Ethernet Version 2, frames begin with a preamble comprising 7 bytes, each of which has the hexadecimal

value "AA". The aim of this preamble is to enable stations currently listening to synchronize with the transmit

(egress) station. "A" in hexadecimal corresponds to 1.0.1.0 in binary. So, the preamble is a long string of 1s

and 0s that generate a clock signal on the transmission medium.

Next, a Start Frame Delimiter (SFD) byte enables stations to detect the end of the preamble and the

beginning of the actual frame itself.

Then there are the destination and source MAC-address fields.

This frame is transporting data intended for higher-level protocols. So the transmit station also uses the

"Ether type" byte to specify which protocol located just above Ethernet is the destination for the data: for

example, 800 if IP is the destination layer, 806 if it is ARP, etc.

These are official values assigned by the IANA. They are always above 5DC in hexadecimal or 1500 in decimal.

Next is the data field. To ensure a minimum of 64 bytes for compliance with the collision-detection

requirements, the data field must contain at least 46 bytes. The transmit station may therefore need to use

padding.

To prevent the transmit station from monopolizing the medium for too long, the data in the frame must not

exceed 1500 bytes.

Finally, frame integrity is checked via a 4-byte Frame Check Sequence (FCS) field.

Frame size is measured after the SFD field, i.e. from the destination MAC address to the FCS field inclusive.

Section 2 Page 15





Other Ethernet frame formats

IP packet IP packet

O. U. I0 0 . 0 0 . 0 0

Bytes 3

PID0800

2

SNAPSNAP

Data

1492

DSAP(AA)

SSAP(AA)

Control(03)

Bytes 1 1 1

LLC 802.2LLC 802.2

Data

1497

data

46 to 1500

802.3 frame802.3 frame

MAC@ dest. MAC@ src.Long.1500 FCS

6 6 2 4Bytes

Padding

Bytes

Ethertype0800

MAC @dest.

MAC @src.

Data Padding FCS

6 6 4

Eth II frameEth II frame

2 46 to 1500

In Ethernet II, an IP packet is directly encapsulated in the MAC frame. The maximum packet length is 1500

bytes. Encapsulation is described in RFC 894.

In 1983, IEEE decided to standardize this protocol. In IEEE, the packet first goes through the Subnetwork

Access Protocol (SNAP) where 5 bytes are added. The main one is the Protocol Identification (PID) byte, which

indicates the encapsulated protocol.

Next, it goes through a Logical Link Control (LLC) where:

the DSAP and LSAP fields contain the value "AA", which indicates that LLC encapsulates SNAP,

the Control field contains the value "03", which signifies "Unnumbered Information".

And finally, IEEE 802.3 formats the frame. The format of the IEEE 802.3 frames for Ethernet is identical to the

Ethernet II format except for one field: the Ethertype field from Ethernet II has been replaced by a payload

length field, which necessarily takes a value less than or equal to 1500 in decimal or 5DC in hexadecimal.

Encapsulation is described in RFC 1042.

N.B. When using SNAP encapsulation, the maximum size for IP packets is 1492 bytes.

Section 2 Page 16





In Ethernet, when a transmitter detects a collision, it:

Waits a random period of time before retrying

Puts a jam indication on the line

Stops the frame transmission

Signals to upper layer that the network is out of service

Waits a random period of time before retrying

Puts a jam indication on the line

Stops the frame transmission

Section 2 Page 17





Associate each protocol to its defining characteristic.

802.2

802.3

MAC

IP Network Address

Contention Resolution

Logical Link Control (LLC)

Ethernet

Section 2 Page 18





Section 2 Page 19





Repeaters

RepeaterRepeater

Segment Segment

Signal AmplifierSignal AmplifierMedia adaptationMedia adaptation

AUI (10Base5)10Base210Base-T

You saw earlier that the length of Ethernet segments is limited and that to extend a LAN, repeaters are

needed to regenerate the signals.

Certain repeaters can also work as adapters enabling transfer from 10Base2 to 10Base5 or 10Base-T.

Repeaters are just signal amplifier devices. They are not intelligent devices.

So, when a station transmits a frame to another station located on the same segment, the repeater

propagates the signals over the other segments. This means that any station located on another segment is

prevented from accessing the transmission medium until the operation is complete.

Lining stations up on the same LAN is the first simple, low-cost step for a local area network. The downside

with this type of architecture is that the number of collisions increases rapidly as traffic increases, which

means a significant reduction in the speed at which data is exchanged.

It would be useful to have devices capable of filtering. An initial solution could be the use of bridges.

Section 2 Page 20





Bridges _ Frame Forwarding

LAN 1

LAN 2

aabb

cc

dd

ee

ff

PortMAC@

aa eth0bbcc

eth0eth0

ddeeff

eth1eth1

eth1eth1

eth1eth1

bridge

Eth0Eth0 Eth 1Eth 1

cc ff

cc aa

The filtering configuration can be defined manually by storing in the bridge memory the MAC addresses of the

stations associated with each of these ports.

When a frame is moving along a segment, the bridge analyzes the destination MAC address. If the address is

on the same port as the one that detected the frame, the bridge blocks the frame.

If this is not the case, the bridge propagates the frame to the port that corresponds to the destination MAC

address.

It should be noted that bridges do not filter broadcasts and multicasts.

On a large LAN, manual configuration can be time-consuming and maintenance complicated.

Section 2 Page 21





Self-Learning Bridge

!!!

!!!

PortMAC@filter

PortMAC@filter

PortMAC@filter

a 1

1 2

1

MAC@: a

MAC@:b

a b

a2/1?

a b

"a" sends a frame to "b"

PortMAC@filter

a2/1?

PortMAC@filter

a 2

a 2

a b

2

2 1

a b

a b

a b

a b

1

12

2

Lets now consider the limits of the "Self-Learning Bridge" mechanism.

The network cabling has changed and certain destinations can now be reached via several routes.

"a" sends a frame to "b".

Bridge 1 learns the location of "a".

It doesnt know where "b" is located and therefore broadcasts the frame. Bridges 2 and 3 then learn the

location of "a".

Bridges 2 and 3 in turn broadcast the frame.

Bridges 4 and 5 are now faced with a dilemma. Both their ports receive a frame with the source MAC address

"a". This means that "a" is located on port 1 and port 2.

This implies that frames will be broadcast over the links and will very soon take up all the available

bandwidth.

As you have seen, the "Self-Learning Bridge" mechanism has its limits: it can only function if there are no

loops in the network.

Section 2 Page 22





Spanning Tree Protocol

Tree representationTree representation

234234175175

447447

109109

492492

562562

114114

TopologyTopologyRootRoot

109109

234234

175175 447447

114114

562562492492

LoopLoopsuppressionsuppression

LoopLoop

LoopLoop

To overcome this problem but still maintain the automatic mechanism, a special protocol known as the

Spanning Tree Protocol (STP) is implemented in the bridges.

This relatively complex protocol uses Bridge Protocol Data Unit (BPDU) messages to establish specific dialog

between the bridges.

The bridges represent the network topology in the form of a tree. They select a bridge to be the root bridge

and then draw in the connections to form a tree structure. The nodes represent the bridges and the leaves on

the tree are the stations.

The bridges detect loops and remove them. This means there is only one path for getting from one station to

another station, as with a tree for getting from one leaf to another.

Section 2 Page 23





Switch: Principle

T

RR

T

RRT

RR

T

RR

4 x 10Mb/s-port switch

Switching fabric

11

44--port switch => the traffic could reach 2 x 10Mb/sport switch => the traffic could reach 2 x 10Mb/s

Simultaneous

communications

In the past, bridges generally only had 2 ports.

During the 90s, the introduction of 10Base-T links, as well as progress in the field of microprocessors,

Application-Specific Integrated Circuits (ASICs), and memories, made it possible to design bridges with more

ports, which were capable of routing frames simultaneously to several ports at the transmission rate of the

medium.

For marketing reasons, the Switch was born.

But the switch is nevertheless just a bridge equipped with numerous ports.

When a station transmits a frame, the Switch, just like a bridge, analyzes the destination MAC address and,

based on the information in its filter memory, sends the frame to the appropriate link(s).

At the same time, another station can also transmit a frame that will be routed by the Switch to the right

output port(s).

So, unlike the Hub, the Switch makes it possible to increase transmission-medium bandwidth by performing

several operations simultaneously.

Section 2 Page 24





Switch: Full and Half Duplex

Half duplex

Full duplexSwitch

Transmit

Receive Transmit

Receive Buffer

Buffer

Transmit

Receive

Collision detection

Loopback

Transmit

Receive Buffer

Collision detection

Loopback

Buffer

Transmit

Receive

Collision detection

Loopback

HUB

CollisionCollision

Segmentation

On a segment with several stations, various mechanisms must be implemented:

A mechanism for accessing the transmission medium i.e. listening to the link to determine whether it is

available or unavailable,

A mechanism for detecting collisions.

Correct communication is always in half-duplex mode. Indeed, at any given time, a single station transmits

while the others listen.

Collisions can occur in cases where frames transmitted by several stations are mixed up on the receive pair.

Generally, therefore, both the station side and the switch side can be configured to function in half-duplex or

full-duplex mode.

Micro-segmentation

In the case of micro-segmentation, where a single station is connected to a switch port, collisions cannot

occur. Indeed, there is only one transmitter on a pair.

Consequently, the station wishing to transmit does not need to use the collision-detection mechanism.

Moreover, the station should function in full-duplex mode if it has that capability.

By default, the NICs of stations wishing to transmit listen to the transmission medium beforehand. If they

detect traffic, they postpone transmission to avoid causing a collision.

So, if on a micro segment this mechanism is not disabled, the station (or the port of the Switch in the other

direction) will continue to function in half-duplex mode and delay transmission for fear of causing a collision.

The NIC internal loopback mechanism must therefore be disabled. This can be configured manually or via the

auto-negotiation mechanism.

Section 2 Page 25





Switch: Auto-Negotiation

16.8msNormal Link Pulse

Link state detectionLink state detection

100BASE-TX Full Duplex

100BASE-T4

100BASE-TX,

10BASE-T Full Duplex

10BASE-T

17..33 pulses

Fast Link Pulse 2msAutoAuto--negotiationnegotiation

Auto-Negotiation

Most Ethernet interfaces, such as adapters (NICs) for PCs or workstations and Switches, are capable of

adapting their transmission speed (10/100) and mode (Half or Full Duplex).

This is done at start-up by exchanging the Fast Link Pulse (FLP), which is the equivalent of the Normal Link

Pulse (NLP) used for the 10Base-T integrity test.

This means that two devices with auto-negotiation capability can define the best method for working

together from the options specified below (in order of preference):

1. Full-duplex 100Base-TX

2. 100Base-T4

3. 100Base-TX

4. Full-duplex 10Base-T

5. 10Base-T

Section 2 Page 26





Switch: Full-Duplex Mode Advantage

SegmentationSegmentation

hub

Switch

MicroMicro--segmentationsegmentation

10Mb/s

Shared bandwidthShared bandwidth

Full Bw Full Bw

100 Mb/s

100 Mb/s10 Mb/s

10 Mb/s

Independent rate for each stationIndependent rate for each station

free medium

?

No need forNo need foraccess contentionaccess contention

Transmission=

reception

Collision detection Collision detection

no

delay

Extended lengthExtended lengthAccess contentionAccess contention

free medium

?

no

No need forNo need forcollision detection collision detection

Transmission=

receptionno

delay

Switch

Half duplexHalf duplex

Full duplexFull duplex

To conclude, lets compare the characteristics of segmentation and micro-segmentation:

With segmentation, transmission speed is the same for all stations; with micro-segmentation, transmission

speed is independent between stations.

With segmentation, the bandwidth is shared between all the stations; with micro-segmentation, each

station uses the full bandwidth.

With segmentation, the medium-control mechanism must be implemented, implying operation in half-

duplex mode; with micro-segmentation, this mechanism isnt required and full-duplex mode is therefore

possible.

With segmentation, the collision-detection mechanism must be implemented; with micro-segmentation, collision detection isnt required.

Finally, with segmentation, the maximum distance between 2 stations is limited to enable collision

detection; with micro segmentation, there is no limit since collisions are no longer possible. The limit is solely

dependent on the signal transmission technique. Repeaters can always be installed.

1997: Full Duplex Ethernet

The arrival of standard 802.3x enabled communication simultaneously in both directions.

In full-duplex mode, both stations can communicate at 200Mbps over a point-to-point link.

Section 2 Page 27





Network design (1) _ Hubs

Export

departm

ent

Import

departm

ent

Finances

Finances

R&D

R&D

Sales

Sales

HUB

HUB

WiringWiring1

CommunicationCommunication2

2

Lets now consider a scenario in which a building is cabled using Hubs and how communication takes place

between two stations.

The frames exchanged are broadcast over the whole LAN, preventing other exchanges from taking place

simultaneously and also bothering stations that are not concerned by the transaction.

Section 2 Page 28





Network design (2) _ Bridge and hubs

Export

departm

ent

Import

departm

ent

Finances

Finances

R&D

R&D

Sales

Sales

HUB

HUB

BridgeBridgeFilteringFiltering

Compared with a cable set-up based on segmentation, you can see that communication is more effective

when the stations are on the same segment.

Section 2 Page 29





Network design (2) _ Bridge and hubs

Export

departm

ent

Import

departm

ent

Finances

Finances

R&D

R&D

Sales

Sales

HUB

HUB

BridgeBridge

But the same drawbacks exist for communications between stations located on different segments.

Section 2 Page 30





Network design (3) _ Switches

Finances

Finances

R&D

R&D

Sales

Sales

Switch

WiringWiring1Import

departm

ent

Export

departm

ent

CommunicationCommunication2

2

MicroMicro--segmentationsegmentation

Installing a switch can bring numerous advantages in terms of:

cabling, since the connections are centralized in a single technical location. A switch usually has a large number of ports. Some of them can be stacked and interconnected using special links.

communication, thanks to micro-segmentation.

Section 2 Page 31





What is the advantage of Full-Duplex Ethernet over Half-Duplex Ethernet?

Simpler Management

Support of Voice

Effective doubling of the link bandwidthEffective doubling of the link bandwidth

Section 2 Page 32





What Ethernet operation mode allows a device to either transmit or receive?

Full duplex

Half duplex

Auto-negotiation

Spanning Tree

Half duplex

Section 2 Page 33





Match each Ethernet technology to its appropriate function.

Half duplex

Full duplex

Auto-negotiation

Spanning tree 200Mbits/s on Fast Ethernet

One simultaneous transmitter

Finds a backup after failure

Matches speed

Section 2 Page 34





Imagine that you are an Ethernet switch, examining a frame header to determine what to do. Match each situation to the appropriate action.

Match address of ingress port

Match entry for one egress port

No matches

All ones Flood

Filter

Forward

Broadcast

Section 2 Page 35





Match each protocol to the appropriate layer.

Ethernet

UDP

Auto-negotiation

IP Transport

Network

Data link

Physical

Section 2 Page 36




3. Virtual LAN

Section 2 Page 37




3. Virtual LANs

Problem

ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff

SW

F _ FinancesM Marketing

F M FF MM

Physical and logical topology : a single networks

Broadcast traffic is seen and processed by all the users connected to the switch, independently of the

fact that they might not be concerned by the content of the message. Security is also weak in this

environment, a user with a packet sniffer will be able to see the content of many messages.

Section 2 Page 38




3. Virtual LANs

Solution

ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff


SW

F M FF MM

Logical topology: two isolated networks

Ports 2, 5, 610 (Marketing)

Ports 1, 3, 420 (Finances)

MembersVLAN id

Physical topology

The best solution available for simple broadcast contention is the use of VLAN. Even though users are still

physically connected to the same device, they will be isolated in different logical networks and no traffic

from a VLAN can be seen by a user of another VLAN.

The simplest way to create a VLAN in a switch is per port. Each port is explicitly assigned to a VLAN. The

association port VLAN is stored by the switch in VLAN table. Each VLAN is identified with VLAN id.,

which is a number between 0 and 4095. Usually, VLANs are also given a label that is easier to remember

than a number. By default all ports in the switch are members of VLAN 1. Configuring a VLAN for a port

means removing the port from VLAN 1 and assigning it to a new VLAN.

After VLANs have been implemented, instead of forwarding broadcast traffic to every port, the switch

will forward a broadcast frame only to the ports that are members of the same VLAN as the port

originating it. Unicast traffic will be forwarded to the destination port only if it is a member of the same

VLAN as the source.

InterVLAN communication is not possible at layer 2. A layer 2 switch cannot switch frames between two

different VLANs

Other methods to implement VLAN: by MAC address, by protocol, LANE (LAN emulation for ATM

transport)

Section 2 Page 39




3. Virtual LANs

Access links

Port 1 Port 2 Port 4Port 3 Port 5 Port 6

Ethernet Switch

DestDest

F

SrcSrc EthertypeEthertype DataData FCSFCS

F F

Ports 2, 5, 610 (Marketing)

Ports 1, 3, 420 (Finances)

MembersVLAN

ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff

ff:ff:ff:ff:ff:ff

Untagged Ethernet Frame

An access port is a switch port that is connected to a terminal device eg. A PC or printer. It is a member

of a single VLAN.

As all the traffic originated on or destined for this port is for the same VLAN, no particular mechanism is

needed to mark the frames (the VLAN membership of the port is already known to the switch). In this

case, the port will be untagged. The untagged VLAN is also called the native VLAN.

Section 2 Page 40




3. Virtual LANs

VLAN spanning multiple switches _ Problem

Port 1 Port 2 Port 4Port 3 Port 5 Port 6SW1

F M FF MM

Port 1 Port 2 Port 4Port 3 Port 5 Port 6SW2

F E FM ME

Ports 1, 3, 4, 7

Ports 2, 5, 6, 7

Members

10 Marketing

20 Finances

VLAN id

Ports 2,511 Engineering

Ports 3, 6, 710 Marketing

Ports 1, 4, 720 Finances

MembersVLAN


ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff


?Port 7Port 7

Port 7

Section 2 Page 41




3. Virtual LANs

VLAN tagging


SW1

F M FF MM


SW2

F E FM ME

Ports 1, 3, 4, 7

Ports 2, 5, 6, 7

Members VLAN tag

Marketing

Finances

VLAN id

Ports 1, 4, 7

Ports 2,5

Ports 3, 6, 7

Members VLAN tag

Engineering

Marketing

Finances

VLAN id


ff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ffff:ff:ff:ff:ff:ff

Port 7


Port 7


To extend a VLAN to span several switches, the switches will be interconnected using trunks.

Unlike the access links, trunks can carry the traffic of multiple VLANs. To identify the VLAN a frame

Belongs to, a label or tag is added to the frame. It contains information about the VLAN originating the

frame. A frame carrying a VLAN tag is called a tagged frame.

In a trunk, only one VLAN can be untagged (the native VLAN). Frames originated in all the other VLANs

must be labelled before transport.

Section 2 Page 42




3. Virtual LANs

Trunking

SW1 SW2

Trunks must carry traffic for multiple VLANs

1020

DestDest SrcSrc EthertypeEthertype DataData FCSFCS802.1q tag802.1q tag

Port 7 Port 7

untagged

Port 7 is member of:VLAN 10 -> tag = 10VLAN 20 -> tag = 20VLAN 1 -> untagged

Port 7 is member of:VLAN 10 -> tag = 10VLAN 20 -> tag = 20VLAN 1 -> untagged

In a trunk, only one VLAN can be untagged (the native VLAN). Frames originated in all the other VLANs

must be labelled before transport.

By default, a trunk carries all the VLANs configured in the switch. The process of removing unused VLANs

from the trunk is called VLAN pruning

Section 2 Page 43




3. Virtual LANs

802.1Q tagging

User Priority (3 bits) _ used for Class of Service(CoS) marking in 802.1p

CFI (1 bit) _ Canonical Format IdentifierSet to 0 for Ethernet networks

VLAN id (12 bits) _ VLAN identifier. It cantake values in the range between 0 and 4095 Value 1 is usually assigned to the Default VLAN

User Priority (3 bits) _ used for Class of Service(CoS) marking in 802.1p

CFI (1 bit) _ Canonical Format IdentifierSet to 0 for Ethernet networks

VLAN id (12 bits) _ VLAN identifier. It cantake values in the range between 0 and 4095 Value 1 is usually assigned to the Default VLAN

Length/Type

Data

PAD

FCS

Destination Address

Source Address

User Priority (802.1p)

CFI

VID (VLAN ID) 12 bits

Ethertype = 0x8100

Tag Control Information

The next field contains a VLAN tagThe next field contains a VLAN tag

Length/Type

Data

PAD

FCS

4 bytes

The tagging scheme proposed by the 802.3ac standard recommends the addition of the four octets after

the source MAC address. Their presence is indicated by a particular value of the EtherType field (called

TPID), which has been fixed to be equal to 0x8100. When a frame has the EtherType equal to 0x8100,

this frame carries the tag IEEE 802.1Q/802.1p. The tag is stored in the following two octets and it

contains 3 bits of user priority, 1 bit of Canonical Format Identifier (CFI), and 12 bits of VLAN ID (VID).

The 3 bits of user priority are used by the 802.1p standard; the CFI is used for compatibility reasons

between Ethernet-type networks and Token Ring-type networks. The VID is the identification of the

VLAN, which is basically used by the 802.1Q standard; being on 12 bits, it allows the identification of

4096 VLANs.

After the two octets of TPID and the two octets of the Tag Control Information field there are two octets

that originally would have been located after the Source Address field where there is the TPID. They

contain either the MAC length in the case of IEEE 802.3 or the EtherType in the case of Ethernet II.

Note _ Adding a tag in a frames implies that the FCS field has to be recomputed by the switch

Section 2 Page 44




3. Virtual LANs

Aggregation layer problem

Service Provider Network

Customer 1VLAN 40

Customer 1 VLAN 41

Customer 1VLAN 42

Customer 2VLAN 30

Customer 2VLAN 40

?

A single VLAN space to share among all clients = No overlapping allowed

40

DestDest SrcSrc EthertypeEthertype DataData FCSFCS802.1q tag802.1q tag

40

A Service Provider that offers transport services to the clients must support the client VLANs e.g.

transparently transport the VLAN tag across the network. It means that all the provider customers are

sharing the VLAN space e.g. VLAN id range 1 to 4095.

Two customers configuring their networks independently might choose VLAN identifiers that are identical. In

that case, the provider egress switch cannot which customer network is the actual destination of the frame.

In this case, no overlapping can be allowed. Besides the maximum limit of 4095 VLAN is usually sufficient for

enterprise networks but might not be enough for a Provider network

Section 2 Page 45




3. Virtual LANs

Q in Q tagging

Service Provider Network

Customer 1 VLAN 41

Customer 1VLAN 40

Customer 2VLAN 30

The CPE adds a tag to identify the customer. Overlapping VLAN idindifferent customers are not a problem

4010

DestDest SrcSrc EthertypeEthertype PacketPacket FCSFCSCustomer IDCustomer ID Site ID Site ID

4010Customer 1VLAN 40

Customer 2VLAN 40

40

VLAN ID 10 -> Customer1->port 2VLAN ID 20 -> Customer2->port 5

A solution to the problem in the previous slide might be the use of an additional VLAN tag. This tag could be

inserted by the provider or the remote CPE and it will identify the customer or service. This method of

encapsulation is called Q in Q.

With Q in Q encapsulation, every customer can potentially use the whole VLAN ids space.

Section 2 Page 46




4. LAN Authentication

Section 2 Page 47





Who are you ?

Authorized User

Unauthorized User

Protected resources

IEEE 802.1x _2001 _ Port-based network access control

802.1aa _ Revision of the 802.1x, work in progress

Section 2 Page 48





802.1x components

Supplicants Authenticators

Authentication Server

(RADIUS)

Protected Network

Wireless association

Wired connection

(2)

(3)

(1)

1. Authenticator detects the presence of the client and sets port to unauthorized state. The authenticator sends an EAP-Request to the supplicant.

2. Supplicant responds and the authenticator forwards the response to the RADIUS server. The RADIUS will verify the client credentials.

3. If the authentication server accepts the request, the authenticator set the port to authorized state and normal traffic is forwarded

Network Access Server

Access Point

IEEE 802.1X is an IEEE standard for port-based Network Access Control. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or

preventing it if authentication fails. It is used for most wireless 802.11 access points and is based on the

Extensible Authentication Protocol (EAP).

802.1X involves communications between a supplicant, authenticator, and authentication server. The

supplicant is often software on a client device, such as a laptop, the authenticator is a wired Ethernet

switch or wireless access point, and an authentication server is generally a RADIUS database. The

authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not

allowed access through the authenticator to the protected side of the network until the supplicants

identity is authorized.

Upon detection of the new client (supplicant), the port on the switch (authenticator) is enabled and set to

the "unauthorized" state. In this state, only 802.1X traffic is allowed; other traffic, such as dhcp and http, is

blocked at the data link layer. The authenticator sends out the EAP-Request identity to the supplicant, the

supplicant responds with the EAP-response packet that the authenticator forwards to the authenticating

server. If the authenticating server accepts the request, the authenticator sets the port to the "authorized"

mode and normal traffic is allowed. When the supplicant logs off, it sends an EAP-logoff message to the

authenticator. The authenticator then sets the port to the "unauthorized" state, once again blocking all non-

EAP traffic.

Note_ In wireless environments, instead of a physical link, the supplicant creates an association with an

access point.

Section 2 Page 49





EAP message format

CodeCode IdentifierIdentifier

1 Request

2 Response

3 Success

4 Failure

1 byte 1 byte 2 byte

CodeCode CodeCode Total packet lengthTotal packet length DataData

1 byte 1 byte 2 byte

CodeCode LengthLength Authentication Prot. (0xC227)Authentication Prot. (0xC227)EAP Configuration Negotiation Packet

1 = Identify2 = Notification3 = Nak (response only)4 = MD5-Challenge5 = OTP (One Time Password)9 = RSA Public Key Authentication13 = EAP-TLS17 = EAP-Cisco Wireless (LEAP)21 = EAP-TTLS22 = Remote Access Service23 = UTMS Authentication and Key Agreement25 = PEAP26 = MS-EAP Authentication.

EAP Request/Response Packet

DataDataType Length Type-Data

Total packet lengthTotal packet length

Section 2 Page 50





802.1x authentication

EAPOL

EAPOL

Presence detected

Supplicant Authenticator(NAS or Access Point

Authentication Server(RADIUS)

RADIUS Access-Req

EAP-Response (Identity)

RADIUS Access-Granted

EAP-Success

or

EAPOL encapsulation RADIUS encapsulation

EAP - Identity Request

EAP-Response (Identity)

EAPOL

EAP - Success

RADIUS Access-Reject

EAP-Failure

EAPOL

EAP- Failure

or

EAP _ Extensible Authentication Protocol (RFC 2284)

RADIUS support for EAP (RFC 3579)

The protocol used to carry the EAP method between in 802.1x is called EAP encapsulation over LANs (EAPOL).

It is currently defined for Ethernet-like LANs including 802.11 wireless, as well as token ring LANs such as

FDDI. A type 0 EAPOL frame carries an EAP message. The type 0 indicates to the receiver (either

supplicant or authenticator) that it should strip off the EAPOL encapsulation and process the EAP data.

EAP messages are encapsulated and transported within Ethernet frames with the Ethertype field set to the

value 0x88FE. EAPOL is an alternative to RADIUS or DIAMETER to carry the messages across the LAN between

the Authenticator and the supplicant.

The standard requires the implementation of the following EAP-methods:

MD5 challenge

One Time passwords (OTP)

Generic Token Card

In addition, there are many proprietary and RFC-based EAP-methods: EAP-TLS, EAP-TTLS, EAP-FAST, EAP-

LEAP, etc.

Section 2 Page 51




Blank page

Section 2 Page 52




End of Section




IP Technology IP for Mobile NetworksPoint to Point Transport

3 2

Blank Page

This page is left blank intentionally

First editionLast name, first nameYYYY-MM-DD01

RemarksAuthorDateEdition

Document History





3 3

1. Point-to-Point protocol (PPP)





3 4

1. Point to Point protocol

What is PPP ?

IP network

Network Access Server

(NAS)

Access Network(PSTN, ISDN, Wifi, GPRS/UMTS)

PPP Connection

Client

PPP Connection

Transport Network(leased line, SDH/PDH, ISDN, PSTN,

L2TP/GRE tunnels, etc)Router Router

Flag 7E

Flag 7E

AddressFF

AddressFF

Control03

Control03

Protocol 2 bytes

Protocol 2 bytes

Payload Maximum 1500 bytes

Payload Maximum 1500 bytes

FCS2 or 4 bytes

FCS2 or 4 bytes

Flag 7E

Flag 7E

PPP is a connection-oriented protocol that enables layer two links over a variety of different physical

layer connections. It is supported on both synchronous and asynchronous lines, and can operate in half-

duplex or full-duplex mode. It was designed to carry IP traffic but is general enough to allow any type of

network layer datagram to be sent over a PPP connection. As its name implies, it is for point-to-point

connections between exactly two devices, and assumes that frames are sent and received in the same

order.

PPP is a complete link layer protocol suite for devices using TCP/IP, which provides framing,

encapsulation, authentication, quality monitoring and other features to enable robust operation of

TCP/IP over a variety of physical layer connections.

Flag: Indicates the start of a PPP frame. Always has the value 01111110 binary (0x7E)

Address: this field has no real meaning. It is thus always set to 11111111 (0xFF or 255 decimal), which

Is equivalent to a broadcast (it means all stations).

Control: in PPP it is set to 00000011 (3 decimal).

Protocol: Identifies the protocol of the datagram encapsulated in the Information field of the frame.

Information: Zero or more bytes of payload that contains either data or control information, depending

on the frame type. For regular PPP data frames the network-layer datagram is encapsulated here. For

control frames, the control information fields are placed here instead.

Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame.

Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against

errors in transmission. This is a CRC code similar to the one used for other layer two protocol error

protection schemes such as the one used in Ethernet. It can be either 16 bits or 32 bits in size (default is

16 bits). The FCS is calculated over the Address, Control, Protocol, Information and Padding fields.

Flag: Indicates the end of a PPP frame. Always has the value 01111110 binary (0x7E)





3 5

IP network

NAS

1. Point to Point protocol

PPP connection setup

LCP negotiationLCP negotiation : compression,

authentication protocol selection, .

Authentication Authentication : PAP, CHAP,

MS-CHAP, EAP..

NCP negotiationNCP negotiation : IP address, .

Data transferData transfer

Access Network

PPP Connection

Client

Even though PPP is called a protocol and even though it is considered part of TCP/IPdepending on

whom you askit is really more a protocol suite than a particular protocol. The operation of PPP is based

on procedures defined in many individual protocols.

The PPP standard itself describes three main components of PPP:

PPP Encapsulation Method: The primary job of PPP is to take higher-layer messages such as IP datagrams

and encapsulate them for transmission over the underlying physical layer link. To this end, PPP defines a

special frame format for encapsulating data for transmission, based on the framing used in the HDLC

protocol. The PPP frame has been specially designed to be small in size and contain only simple fields, to

maximize bandwidth efficiency and speed in processing.

Link Control Protocol (LCP): The PPP Link Control Protocol (LCP) is responsible for setting up,

maintaining and terminating the link between devices. It is a flexible, extensible protocol that allows

many configuration parameters to be exchanged to ensure that both devices agree on how the link will

be used.

Network Control Protocols (NCPs): PPP supports the encapsulation of many different layer three

datagram types. Some of these require additional setup before the link can be activated. After the

general link setup is completed with LCP, control is passed to the PPP Network Control Protocol (NCP)

specific to the layer three protocol being carried on the PPP link. For example, when IP is carried over

PPP the NCP used is the PPP Internet Protocol Control Protocol (IPCP). Other NCPs are defined for

supporting the IPX protocol, the NetBIOS Frames (NBF) protocol, and so forth.





3 6

PPPPPP

NetworkNetwork

LinkLink

PhysicalPhysical

LCPLCP

CHAPCHAP

IPIP IPXIPX AppleTalkAppleTalk

SDH/PDHSDH/PDH ISDNISDNADSL/ATMADSL/ATM ..

HDLCHDLC

1 Overview

PPP standards

NCPNCP

Authentication Protocols Authentication Protocols

PAPPAP

Additional PPP functional groups

LCP Support Protocols: Several protocols are included in the PPP suite that are used during the link

negotiation process, either to manage it or to configure options. Examples include the authentication

protocols CHAP and PAP, which are used by LCP during the optional authentication phase.

LCP Optional Feature Protocols: A number of protocols have been added to the basic PPP suite over the

years to enhance its operation after a link has been set up and datagrams are being passed between

devices. For example, the PPP Compression Control Protocol (CCP) allows compression of PPP data, the

PPP Encryption Control Protocol (ECP) enables datagrams to be encrypted for security, and the PPP

Multilink Protocol (ML/PPP) allows a single PPP link to be operated over multiple physical links. The use

of these features often also requir

IP Tec for Mobile Networks

Documents

Transcript of IP Tec for Mobile Networks