how ethernet works 13
DESCRIPTION
freeTRANSCRIPT
1
How Ethernet Works
In today's business world, reliable and efficient access to information has become an important asset in the quest to achieve a competitive advantage. File cabinets and mountains of papers have given way to computers that store and manage information electronically. Coworkers thousands of miles apart can share information instantaneously, just as hundreds of workers in a single location can simultaneously review research data maintained online.
Computer networking technologies are the glue that binds these elements together. The public Internet allows businesses around the world to share information with each other and their customers. The global computer network known as the World Wide Web provides services that let consumers buy books, clothes, and even cars online, or auction those same items off when no longer wanted.
In this article, we will take a very close look at networking, and in particular the Ethernet networking standard, so you can understand the actual mechanics of how all of these computers connect to one another.
Why Network?
Networking allows one computer to send information to and receive information from another. We may not always be aware of the numerous times we access information on computer networks. Certainly the Internet is the most conspicuous example of computer networking, linking millions of computers around the world, but smaller networks play a role in information access on a daily basis. Many public libraries have replaced their card catalogs with computer terminals that allow patrons to search for books far more quickly and easily. Airports have numerous screens displaying information regarding arriving and departing flights. Many retail stores feature specialized computers that handle point-of-sale transactions. In each of these cases, networking allows many different devices in multiple locations to access a shared repository of data.
Before getting into the details of a networking standard like Ethernet, we must first understand some basic terms and classifications that describe and differentiate network technologies -- so let's get started!
2
Local Area vs. Wide Area
We can classify network technologies as belonging to one of two basic groups. Local area network (LAN) technologies connect many devices that are relatively close to each other, usually in the same building. The library terminals that display book information would connect over a local area network. Wide area network (WAN) technologies connect a smaller number of devices that can be many kilometers apart. For example, if two libraries at the opposite ends of a city wanted to share their book catalog information, they would most likely make use of a wide area network technology, which could be a dedicated line leased from the local telephone company, intended solely to carry their data.
In comparison to WANs, LANs are faster and more reliable, but improvements in technology continue to blur the line of demarcation. Fiber optic cables have allowed LAN technologies to connect devices tens of kilometers apart, while at the same time greatly improving the speed and reliability of WANs.
The Ethernet
In 1973, at Xerox Corporation’s Palo Alto Research Center (more commonly known as PARC), researcher Bob Metcalfe designed and tested the first Ethernet network. While working on a way to link Xerox’s "Alto “computer to a printer, Metcalfe developed the physical method of cabling that connected devices on the Ethernet as well as the standards that governed communication on the cable. Ethernet has since become the most popular and most widely deployed network technology in the world. Many of the issues involved with Ethernet are common to many network technologies, and understanding how Ethernet addressed these issues can provide a foundation that will improve your understanding of networking in general.
The Ethernet standard has grown to encompass new technologies as computer networking has matured, but the mechanics of operation for every Ethernet network today stem from Metcalfe’s original design. The original Ethernet described communication over a single cable shared by all devices on the network. Once a device attached to this cable, it had the ability to communicate with any other attached device. This allows the network to expand to accommodate new devices without requiring any modification to those devices already on the network.
Ethernet Basics
Ethernet is a local area technology, with networks traditionally operating within a single building, connecting devices in close proximity. At most, Ethernet devices could have only a few hundred meters of cable between them, making it impractical to connect geographically dispersed locations. Modern advancements have increased these distances considerably, allowing Ethernet networks to span tens of kilometers.
3
Protocols
In networking, the term protocol refers to a set of rules that govern communications. Protocols are to computers what language is to humans. Since this article is in English, to understand it you must be able to read English. Similarly, for two devices on a network to successfully communicate, they must both Ethernet Terminology
Ethernet follows a simple set of rules that govern its basic operation. To better understand these rules, it is important to understand the basics of Ethernet terminology.
Medium - Ethernet devices attach to a common medium that provides a path along which the electronic signals will travel. Historically, this medium has been coaxial copper cable, but today it is more commonly a twisted pair or fiber optic cabling.
Segment - We refer to a single shared medium as an Ethernet segment.
Node - Devices that attach to that segment are stations or nodes.
Frame - The nodes communicate in short messages called frames, which are variably sized chunks of information.
Frames are analogous to sentences in human language. In English, we have rules for constructing our sentences: We know that each sentence must contain a subject and a predicate. The Ethernet protocol specifies a set of rules for constructing frames. There are explicit minimum and maximum lengths for frames, and a set of required pieces of information that must appear in the frame. Each frame must include, for example, both a destination address and a source address, which identify the recipient and the sender of the message. The address uniquely identifies the node, just as a name identifies a particular person. No two Ethernet devices should ever have the same address.
4
Ethernet Medium
Since a signal on the Ethernet medium reaches every attached node, the destination address is critical to identify the intended recipient of the frame.
For example, in the figure above, when computer B transmits to printer C, computers A and D will still receive and examine the frame. However, when a station first receives a frame, it checks the destination address to see if the frame is intended for itself. If it is not, the station discards the frame without even examining its contents.
One interesting thing about Ethernet addressing is the implementation of a broadcast address. A frame with a destination address equal to the broadcast address (simply called a broadcast, for short) is intended for every node on the network, and every node will both receive and process this type of frame.
CSMA/CD
The acronym CSMA/CD signifies carrier-sense multiple access with collision detection and describes how the Ethernet protocol regulates communication among nodes. While the term may seem intimidating, if we break it apart into its component concepts we will see that it describes rules very similar to those that people use in polite conversation. To help illustrate the operation of Ethernet, we will use an analogy of a dinner table conversation.
Let’s represent our Ethernet segment as a dinner table, and let several people engaged in polite conversation at the table represent the nodes. The term multiple access covers what we already discussed above: When one Ethernet station transmits, all the stations on the medium hear the transmission, just as when one person at the table talks, everyone present is able to hear him or her.
Now let's imagine that you are at the table and you have something you would like to say. At the moment, however, I am talking. Since this is a polite conversation, rather than immediately speak up and interrupt, you would wait until I finished talking before making your statement. This is the same concept described in the Ethernet protocol as carrier sense. Before a station transmits, it "listens" to the medium to determine if another station is transmitting. If the medium is quiet, the station recognizes that this is an appropriate time to transmit.
Collision Detection
Carrier-sense multiple access gives us a good start in regulating our conversation, but there is one scenario we still need to address. Let’s go back to our dinner table analogy and imagine that there is a momentary lull in the conversation. You and I both have something we would like to add, and we both "sense the carrier" based on the silence, so we begin speaking at approximately the same time. In Ethernet terminology, a collision occurs when we both spoke at once.
In our conversation, we can handle this situation gracefully. We both hear the other speak at the same time we are speaking, so we can stop to give the other person a chance to go on. Ethernet nodes also
5
listen to the medium while they transmit to ensure that they are the only station transmitting at that time. If the stations hear their own transmission returning in a garbled form, as would happen if some other station had begun to transmit its own message at the same time, then they know that a collision occurred. A single Ethernet segment is sometimes called a collision domain because no two stations on the segment can transmit at the same time without causing a collision. When stations detect a collision, they cease transmission, wait a random amount of time, and attempt to transmit when they again detect silence on the medium.
The random pause and retry is an important part of the protocol. If two stations collide when transmitting once, then both will need to transmit again. At the next appropriate chance to transmit, both stations involved with the previous collision will have data ready to transmit. If they transmitted again at the first opportunity, they would most likely collide again and again indefinitely. Instead, the random delay makes it unlikely that any two stations will collide more than a few times in a row.
Limitations of Ethernet
A single shared cable can serve as the basis for a complete Ethernet network, which is what we discussed above. However, there are practical limits to the size of our Ethernet network in this case. A primary concern is the length of the shared cable.
Electrical signals propagate along a cable very quickly, but they weaken as they travel, and electrical interference from neighboring devices (fluorescent lights, for example) can scramble the signal. A network cable must be short enough that devices at opposite ends can receive each other's signals clearly and with minimal delay. This places a distance limitation on the maximum separation between two devices (called the network diameter) on an Ethernet network. Additionally, since in CSMA/CD only a single device can transmit at a given time, there are practical limits to the number of devices that can coexist in a single network. Attach too many devices to one shared segment and contention for the medium will increase. Every device may have to wait an inordinately long time before getting a chance to transmit.
Engineers have developed a number of network devices that alleviate these difficulties. Many of these devices are not specific to Ethernet, but play roles in other network technologies as well.
Repeaters
The first popular Ethernet medium was a copper coaxial cable known as "thicknet." The maximum length of a thick net cable was 500 meters. In large building or campus environments, a 500-meter cable could not always reach every network device. A repeater addresses this problem.
Repeaters connect multiple Ethernet segments, listening to each segment and repeating the signal heard on one segment onto every other segment connected to the repeater. By running multiple cables and joining them with repeaters, you can significantly increase your network diameter.
Segmentation In our dinner table analogy, we had only a few people at a table carrying out the conversation, so restricting ourselves to a single speaker at any given time was not a significant barrier
6
to communication. But what if there were many people at the table and only one were allowed to speak at any given time?
In practice, we know that the analogy breaks down in circumstances such as these. With larger groups of people, it is common for several different conversations to occur simultaneously. If only one person in a crowded room or at a banquet dinner were able to speak at any time, many people would get frustrated waiting for a chance to talk. For humans, the problem is self-correcting: Voices only carry so far, and the ear is adept at picking out a particular conversation from the surrounding noise. This makes it easy for us to have many small groups at a party converse in the same room; but network cables carry signals quickly and efficiently over long distances, so this natural segregation of conversations does not occur.
Ethernet networks faced congestion problems as they increased in size. If a large number of stations connected to the same segment and each generated a sizable amount of traffic, many stations may attempt to transmit whenever there was an opportunity. Under these circumstances, collisions would become more frequent and could begin to choke out successful transmissions, which could take inordinately large amounts of time to complete. One way to reduce congestion would be to split a single segment into multiple segments, thus creating multiple collision domains. This solution creates a different problem, as now these now separate segments are not able to share information with each other
Bridges
To alleviate problems with segmentation, Ethernet networks implemented bridges. Bridges connect two or more network segments, increasing the network diameter as a repeater does, but bridges also help regulate traffic. They can send and receive transmissions just like any other node, but they do not function the same as a normal node. The bridge does not originate any traffic of its own; like a repeater, it only echoes what it hears from other stations. (That last statement is not entirely accurate: Bridges do create a special Ethernet frame that allows them to communicate with other bridges, but that is outside the scope of this article.)
7
Remember how the multiple access and shared medium of Ethernet meant that every station on the wire received every transmission, whether it was the intended recipient or not? Bridges make use of this feature to relay traffic between segments. In the figure above, the bridge connects segments 1 and 2. If station A or B were to transmit, the bridge would also receive the transmission on segment 1. How should the bridge respond to this traffic? It could automatically transmit the frame onto segment 2, like a repeater, but that would not relieve congestion, as the network would behave like one long segment.
One goal of the bridge is to reduce unnecessary traffic on both segments. It does this by examining the destination address of the frame before deciding how to handle it. If the destination address is that of station A or B, then there is no need for the frame to appear on segment 2. In this case, the bridge does nothing. We can say that the bridge filters or drops the frame. If the destination address is that of station C or D, or if it is the broadcast address, then the bridge will transmit, or forward the frame on to segment 2. By forwarding packets, the bridge allows any of the four devices in the figure to communicate. Additionally, by filtering packets when appropriate, the bridge makes it possible for station A to transmit to station B at the same time that station C transmits to station D, allowing two conversations to occur simultaneously!
Switches are the modern counterparts of bridges, functionally equivalent but offering a dedicated segment for every node on the network (more on switches later in the article).
Routers: Logical Segmentation
Bridges can reduce congestion by allowing multiple conversations to occur on different segments simultaneously, but they have their limits in segmenting traffic as well.
An important characteristic of bridges is that they forward Ethernet broadcasts to all connected segments. This behavior is necessary, as Ethernet broadcasts are destined for every node on the network, but it can pose problems for bridged networks that grow too large. When a large number of stations broadcast on a bridged network, congestion can be as bad as if all those devices were on a single segment.
Routers are advanced networking components that can divide a single network into two logically separate networks. While Ethernet broadcasts cross bridges in their search to find every node on the network, they do not cross routers, because the router forms a logical boundary for the network.
Routers operate based on protocols that are independent of the specific networking technology, like Ethernet or token ring (we'll discuss token ring later). This allows routers to easily interconnect various network technologies, both local and wide area, and has led to their widespread deployment in connecting devices around the world as part of the global Internet.
8
S
Switched Ethernet
Modern Ethernet implementations often look nothing like their historical counterparts. Where long runs of coaxial cable provided attachments for multiple stations in legacy Ethernet, modern Ethernet networks use twisted pair wiring or fiber optics to connect stations in a radial pattern. Where legacy Ethernet networks transmitted data at 10 megabits per second (Mbps), modern networks can operate at 100 or even 1,000 Mbps!
Perhaps the most striking advancement in contemporary Ethernet networks is the use of switched Ethernet. Switched networks replace the shared medium of legacy Ethernet with a dedicated segment for each station. These segments connect to a switch, which acts much like an Ethernet bridge, but can connect many of these single station segments. Some switches today can support hundreds of dedicated segments. Since the only devices on the segments are the switch and the end station, the switch picks up every transmission before it reaches another node. The switch then forwards the frame over the appropriate segment, just like a bridge, but since any segment contains only a single node, the frame only reaches the intended recipient. This allows many conversations to occur simultaneously on a switched network.
9
Full-duplex Ethernet
Ethernet switching gave rise to advancement, full-duplex Ethernet. Full-duplex is a data communications term that refers to the ability to send and receive data at the same time.
Legacy Ethernet is half-duplex, meaning information can move in only one direction at a time. In a totally switched network, nodes only communicate with the switch and never directly with each other. Switched networks also employ either twisted pair or fiber optic cabling, both of which use separate conductors for sending and receiving data. In this type of environment, Ethernet stations can forgo the collision detection process and transmit at will, since they are the only potential devices that can access the medium. This allows end stations to transmit to the switch at the same time that the switch transmits to them, achieving a collision-free environment.
Ethernet or 802.3?
You may have heard the term 802.3 used in place of or in conjunction with the term Ethernet. "Ethernet" originally referred to a networking implementation standardized by Digital, Intel and Xerox. (For this reason, it is also known as the DIX standard.)
In February 1980, the Institute of Electrical and Electronics Engineers, or IEEE (pronounced "I triple E"), created a committee to standardize network technologies. The IEEE titled this the 802 working group, named after the year and month of its formation. Subcommittees of the 802 working group separately addressed different aspects of networking. The IEEE distinguished each subcommittee by numbering it 802.X, with X representing a unique number for each subcommittee. The 802.3 group standardized the operation of a CSMA/CD network that was functionally equivalent to the DIX Ethernet.
Ethernet and 802.3 differ slightly in their terminology and the data format for their frames, but are in most respects identical. Today, the term Ethernet refers generically to both the DIX Ethernet implementation and the IEEE 802.3 standard.
10
Alternative Network Technologies: Token Ring
The most common local area network alternative to Ethernet is a network technology developed by IBM, called token ring. Where Ethernet relies on the random gaps between transmissions to regulate access to the medium, token ring implements a strict, orderly access method. A token-ring network arranges nodes in a logical ring, as shown below. The nodes forward frames in one direction around the ring, removing a frame when it has circled the ring once.
1. The ring initializes by creating a token, which is a special type of frame that gives a station permission to transmit.
2. The token circles the ring like any frame until it encounters a station that wishes to transmit data.
3. This station then "captures" the token by replacing the token frame with a data-carrying frame, which encircles the network.
4. Once that data frame returns to the transmitting station, that station removes the data frame, creates a new token and forwards that token on to the next node in the ring.
Token-ring nodes do not look for a carrier signal or listen for collisions; the presence of the token frame provides assurance that the station can transmit a data frame without fear of another station interrupting. Because a station transmits only a single data frame before passing the token along, each station on the ring will get a turn to communicate in a deterministic and fair manner. Token-ring networks typically transmit data at either 4 or 16 Mbps.
Fiber-distributed data interface (FDDI) is another token-passing technology that operates over a pair of fiber optic rings, with each ring passing a token in opposite directions. FDDI networks offered transmission speeds of 100 Mbps, which initially made them quite popular for high-speed networking.
11
With the advent of 100-Mbps Ethernet, which is cheaper and easier to administer, FDDI has waned in popularity.
Alternative Network Technologies: Asynchronous transfer mode
A final network technology that bears mentioning is asynchronous transfer mode, or ATM. ATM networks blur the line between local and wide area networking, being able to attach many different devices with high reliability and at high speeds, even across the country. ATM networks are suitable for carrying not only data, but voice and video traffic as well, making them versatile and expandable. While ATM has not gained acceptance as rapidly as originally predicted, it is nonetheless a solid network technology for the future.
Ethernet’s popularity continues to grow. With almost 30 years of industry acceptance, the standard is well known and well understood, which makes configuration and troubleshooting easier. As other technologies advanced, Ethernet has evolved to keep pace, increasing in speed and functionality.
The Internet is one of the 20th century's greatest communications developments. It allows people around the world to send e-mail to one another in a matter of seconds, and it lets you read, among other things, the articles on HowStuffWorks.com.
We're all used to seeing the various parts of the Internet that come into our homes and offices – the Web pages, e-mail messages and downloaded files that make the Internet a dynamic and valuable medium. But none of these parts would ever make it to your computer without a piece of the Internet that you've probably never seen. In fact, most people have never stood "face to machine" with the technology most responsible for allowing the Internet to exist at all: the router.
12
When you send e-mail to a friend on the other side of the country, how does the message know to end up on your friend's computer, rather than on one of the millions of other computers in the world? Much of the work to get a message from one computer to another is done by routers, because they're the crucial devices that let messages flow between networks, rather than within networks.
Let's look at what a very simple router might do. Imagine a small company that makes animated 3-D graphics for local television stations. There are 10 employees of the company, each with a computer. Four of the employees are animators, while the rest are in sales, accounting and management. The animators will need to send lots of very large files back and forth to one another as they work on projects. To do this, they'll use a network.
When one animator sends a file to another, the very large file will use up most of the network's capacity, making the network run very slowly for other users. One of the reasons that a single intensive user can affect the entire network stems from the way that Ethernet works. Each information packet sent from a computer is seen by all the other computers on the local network. Each computer then examines the packet and decides whether it was meant for its address. This keeps the basic plan of the network simple, but has performance consequences as the size of the network or level of network activity increases. To keep the animators' work from interfering with that of the folks in the front office, the company sets up two separate networks, one for the animators and one for the rest of the company. A router links the two networks and connects both networks to the Internet.
Directing Traffic
The router is the only device that sees every message sent by any computer on either of the company's networks. When the animator in our example sends a huge file to another animator, the router looks at the recipient's address and keeps the traffic on the animator's network. When an animator, on the other hand, sends a message to the bookkeeper asking about an expense-account check, then the router sees the recipient's address and forwards the message between the two networks.
One of the tools a router uses to decide where a packet should go is a configuration table. A configuration table is a collection of information, including:
Information on which connections lead to particular groups of addresses
Priorities for connections to be used
Rules for handling both routine and special cases of traffic
A configuration table can be as simple as a half-dozen lines in the smallest routers, but can grow to massive size and complexity in the very large routers that handle the bulk of Internet messages.
A router, then, has two separate but related jobs:
The router ensures that information doesn't go where it's not needed. This is crucial for keeping large volumes of data from clogging the connections of "innocent bystanders."
13
The router makes sure that information does make it to the intended destination.
In performing these two jobs, a router is extremely useful in dealing with two separate computer networks. It joins the two networks, passing information from one to the other and, in some cases, performing translations of various protocols between the two networks. It also protects the networks from one another, preventing the traffic on one from unnecessarily spilling over to the other. As the number of networks attached to one another grows, the configuration table for handling traffic among them grows, and the processing power of the router is increased. Regardless of how many networks are attached, though, the basic operation and function of the router remains the same. Since the Internet is one huge network made up of tens of thousands of smaller networks, its use of routers is an absolute necessity.
Transmitting Packets
When you make a telephone call to someone on the other side of the country, the telephone system establishes a stable circuit between your telephone and the telephone you're calling. The circuit might involve a half dozen or more steps through copper cables, switches, fiber optics, microwaves and satellites, but those steps are established and remain constant for the duration of the call. This circuit approach means that the quality of the line between you and the person you're calling is consistent throughout the call, but a problem with any portion of the circuit -- maybe a tree falls across one of the lines used, or there's a power problem with a switch -- brings your call to an early and abrupt end. When you send an e-mail message with an attachment to the other side of the country, a very different process is used.
Internet data, whether in the form of a Web page, a downloaded file or an e-mail message, travels over a system known as a packet-switching network. In this system, the data in a message or file is broken up into packages about 1,500 bytes long. Each of these packages gets a wrapper that includes information on the sender's address, the receiver's address, the package's place in the entire message, and how the receiving computer can be sure that the package arrived intact. Each data package, called a packet, is then sent off to its destination via the best available route -- a route that might be taken by all the other packets in the message or by none of the other packets in the message. This might seem very complicated compared to the circuit approach used by the telephone system, but in a network designed for data there are two huge advantages to the packet-switching plan.
The network can balance the load across various pieces of equipment on a millisecond-by-millisecond basis.
If there is a problem with one piece of equipment in the network while a message is being transferred, packets can be routed around the problem, ensuring the delivery of the entire message.
14
The Path of a Packet
The routers that make up the main part of the Internet can reconfigure the paths that packets take because they look at the information surrounding the data packet, and they tell each other about line conditions, such as delays in receiving and sending data and traffic on various pieces of the network. Not all routers do so many jobs, however. Routers come in different sizes. For example:
If you have enabled Internet connection sharing between two Windows 98-based computers, you're using one of the computers (the computer with the Internet connection) as a simple router. In this instance, the router does so little -- simply looking at data to see whether it's intended for one computer or the other -- that it can operate in the background of the system without significantly affecting the other programs you might be running.
Slightly larger routers, the sort used to connect a small office network to the Internet, will do a bit more. These routers frequently enforce rules concerning security for the office network (trying to secure the network from certain attacks). They handle enough traffic that they're generally stand-alone devices rather than software running on a server.
The largest routers, those used to handle data at the major traffic points on the Internet, handle millions of data packets every second and work to configure the network most efficiently. These routers are large stand-alone systems that have far more in common with supercomputers than with your office server.
Routing Packets: An Example
Let's take a look at a medium-sized router -- the router we use in the office. In our case, the router only has two networks to worry about: The office network, with about 50 computers and devices, and the Internet. The office network connects to the router through an Ethernet connection, specifically a 100 base-T connection (100 base-T means that the connection is 100 megabits per second, and uses a twisted-pair cable like an 8-wire version of the cable that connects your telephone to the wall jack). There are two connections between the router and our ISP (Internet service provider). One is a T-1 connection that supports 1.5 megabits per second. The other is an ISDN line that supports 128 kilobits per second. The configuration table in the router tells it that all out-bound packets are to use the T-1 line, unless it's unavailable for some reason (perhaps a backhoe digs up the cable). If it can't be used, then outbound traffic goes on the ISDN line. This way, the ISDN line is held as "insurance" against a problem with the faster T-1 connection, and no action by a staff member is required to make the switch in case of trouble. The router's configuration table knows what to do.
In addition to routing packets from one point to another, the router has rules limiting how computers from outside the network can connect to computers inside the network, how the network appears to the outside world, and other security functions. While most companies also have a special piece of hardware or software called a firewall to enforce security, the rules in a router's configuration table are important to keeping a company's (or family's) network secure.
15
One of the crucial tasks for any router is knowing when a packet of information stays on its local network. For this, it uses a mechanism called a subnet mask. The subnet mask looks like an IP address and usually reads "255.255.255.0." This tells the router that all messages with the sender and receiver having an address sharing the first three groups of numbers are on the same network, and shouldn't be sent out to another network. Here's an example: The computer at address 15.57.31.40 sends a request to the computer at 15.57.31.52. The router, which sees all the packets, matches the first three groups in the address of both sender and receiver (15.57.31), and keeps the packet on the local network. (You'll learn more about how the addresses work in the next section.)
Between the time these words left the Howstuffworks.com server and the time they showed up on your monitor, they passed through several routers (it's impossible to know ahead of time exactly how many "several" might be) that helped them along the way. It's very similar to the process that gets a postal letter from your mailbox to the mailbox of a friend, with routers taking the place of the mail sorters and handlers along the way.Knowing Where to Send Data
Routers are one of several types of devices that make up the "plumbing" of a computer network. Hubs, switches and routers all take signals from computers or networks and pass them along to other computers and networks, but a router is the only one of these devices that examines each bundle of data as it passes and makes a decision about exactly where it should go. To make these decisions, routers must first know about two kinds of information: addresses and network structure.
When a friend mails a birthday card to be delivered to you at your house, he probably uses an address that looks something like this:
The address has several pieces, each of which helps the people in the postal service move the letter along to your house. The ZIP code can speed the process up; but even without the ZIP code, the card will get to your house as long as your friend includes your state, city and street address. You can think of this address as a logical address because it describes a way someone can get a message to you. This logical address is connected to a physical address that you generally only see when you're buying or selling a piece of property. The survey plot of the land and house, with latitude, longitude or section bearings, gives the legal description, or address, of the property.
Logical Addresses
Every piece of equipment that connects to a network, whether an office network or the Internet, has a physical address. This is an address that's unique to the piece of equipment that's actually attached to the network cable. For example, if your desktop computer has a network interface card (NIC) in it, the NIC has a physical address permanently stored in a special memory location. This physical address, which is also called the MAC address (for Media Access Control) has two parts, each 3 bytes long. The first 3 bytes identify the company that made the NIC. The second 3 bytes are the serial number of the NIC itself.
16
The interesting thing is that your computer can have several logical addresses at the same time. Of course, you're used to having several "logical addresses" bring messages to one physical address. Your mailing address, telephone number (or numbers) and home e-mail address all work to bring messages to you when you're in your house. They are simply used for different types of messages -- different networks, so to speak.
Logical addresses for computer networks work in exactly the same way. You may be using the addressing schemes, or protocols, from several different types of networks simultaneously. If you're connected to the Internet (and if you're reading this, you probably are), then you have an address that's part of the TCP/IP network protocol. If you also have a small network set up to exchange files between several family computers, then you may also be using the Microsoft NetBEUI protocol. If you connect to your company's network from home, then your computer may have an address that follows Novell's IPX/SPX protocol. All of these can coexist on your computer. Since the driver software that allows your computer to communicate with each network uses resources like memory and CPU time, you don't want to load protocols you won't need, but there's no problem with having all the protocols your work requires running at the same time.
MAC Addresses
The chances are very good that you'll never see the MAC address for any of your equipment because the software that helps your computer communicate with a network takes care of matching the MAC address to a logical address. The logical address is what the network uses to pass information along to your computer.
If you'd like to see the MAC address and logical address used by the Internet Protocol (IP) for your Windows computer, you can run a small program that Microsoft provides. Go to the "Start" menu, click on "Run," and in the window that appears, type WINIPCFG (IPCONFIG/ALL for Windows 2000/XP). When the gray window appears, click on "More Info" and you'll get this sort of information:
Windows 98 IP Configuration:
Host Name: NAMEHOWSTUFFWORKS
DNS Servers: 208.153.64.20
 208.153.0.5
Node Type: Broadcast
NetBIOS Scope ID:
IP Routing Enabled: Yes
WINS Proxy Enabled: No
NetBIOS Resolution Uses DNS: No
17
Ethernet adapter:
Description: PPP Adapter
Physical Address: 44-45-53-54-12-34
DHCP Enabled: Yes
IP Address: 227.78.86.288
Subnet Mask: 255.255.255.0
Default Gateway: 227.78.86.288
DHCP Server: 255.255.255.255
Primary WINS Server:
Secondary WINS Server: Lease Obtained: 01 01 80 12:00:00 AM
Lease Expires: 01 01 80 12:00:00 AM
There's a lot of information here that will vary depending on exactly how your connection to the Internet is established, but the physical address is the MAC address of the adapter queried by the program. The IP address is the logical address assigned to your connection by your ISP or network administrator. You'll see the addresses of other servers, including the DNS servers that keep track of all the names of Internet sites (so you can type "www.howstuffworks.com" rather than "216.27.61.189") and the gateway server that you connect to in order to reach the Internet. When you've finished looking at the information, click OK. (Note: For security reasons, some of the information about this connection to the Internet has been changed. You should be very careful about giving your computer's information to other people -- with your address and the right tools, an unscrupulous person could, in some circumstances, gain access to your personal information and control your system through a "Trojan Horse" program.
Understanding the Protocols
The first and most basic job of the router is to know where to send information addressed to your computer. Just as the mail handler on the other side of the country knows enough to keep a birthday card coming toward you without knowing where your house is, most of the routers that forward an e-mail message to you don't know your computer's MAC address, but they know enough to keep the message flowing.
Routers are programmed to understand the most common network protocols. That means they know the format of the addresses, how many bytes are in the basic package of data sent out over the network, and how to make sure all the packages reach their destination and get reassembled. For the routers that are part of the Internet's main "backbone," this means looking at, and moving on, millions of information packages every second. And simply moving the package along to its destination isn't all
18
that a router will do. It's just as important, in today's computerized world, that they keep the message flowing by the best possible route.
In a modern network, every e-mail message is broken up into small pieces. The pieces are sent individually and reassembled when they're received at their final destination. Because the individual pieces of information are called packets and each packet can be sent along a different path, like a train going through a set of switches, this kind of network is called a packet-switched network. It means that you don't have to build a dedicated network between you and your friend on the other side of the country. Your e-mail flows over any one of thousands of different routes to get from one computer to the other.
Depending on the time of day and day of the week, some parts of the huge public packet-switched network may be busier than others. When this happens, the routers that make up this system will communicate with one another so that traffic not bound for the crowded area can be sent by less congested network routes. This lets the network function at full capacity without excessively burdening already-busy areas. You can see, though, how Denial of Service attacks (described in the next section), in which people send millions and millions of messages to a particular server, will affect that server and the routers forwarding message to it. As the messages pile up and pieces of the network become congested, more and more routers send out the message that they're busy, and the entire network with all its users can be affected.
Tracing a Message
If you're using a Microsoft Windows-based system, you can see just how many routers are involved in your Internet traffic by using a program you have on your computer. The program is called Traceroute, and that describes what it does -- it traces the route that a packet of information takes to get from your computer to another computer connected to the Internet. To run this program, click on the "MS-DOS Prompt" icon on the "Start" menu. Then, at the"C:\WINDOWS>" prompt, type "tracert www.howstuffworks.com". When I did this from my office in Florida, the results looked like this:
The first number shows how many routers are between your computer and the router shown. In this instance, there were a total of 14 routers involved in the process (number 15 is the Howstuffworks.com Web server). The next three numbers show how long it takes a packet of information to move from your computer to the router shown and back again. Next, in this example, starting with step six, comes the "name" of the router or server. This is something that helps people looking at the list but is of no importance to the routers and computers as they move traffic along the Internet. Finally, you see the Internet Protocol (IP) address of each computer or router. The final picture of this trace route shows that there were 14 routers between the Web server and me and that it took, on average, a little more than 2.5 seconds for information to get from my computer to the server and back again.
You can use Traceroute to see how many routers are between you and any other computer you can name or know the IP address for. It can be interesting to see how many steps are required to get to computers outside your nation. Since I live in the United States, I decided to see how many routers were
19
between my computer and the Web server for the British Broadcasting Corporation. At the C:\WINDOWS> prompt, I typed tracert www.bbc.com. The result was this:
You can see that it took only one more step to reach a Web server on the other side of the Atlantic Ocean than it did to reach a server two states away!
On the next page, we'll go into detail about Denial of Service attacks.
Denial of Service Attacks
In the first quarter of 2000, there were several attacks on very popular Web sites. Most of these were "Denial of Service" attacks -- attacks that served to prevent regular readers and customers of the sites from getting a response to their requests. How did someone manage to do this? They did it by flooding the servers, and their attached routers, with requests for information at a rate far too great for the system to handle.
Most routers have rules in the configuration table that won't allow millions of requests from the same sending address. If too many requests from one address are received in a short period of time, the router simply discards them without forwarding. The people responsible for the attacks knew this, so they illicitly planted programs on many different computers. These programs, when triggered, began sending thousands of requests a minute to one or more Web sites. The programs "spoofed" the IP address of the sender, placing a different false IP address on each packet so that the routers' security rules wouldn't be triggered.
When the packet floods were triggered, millions of requests for information began to hit the targeted Web sites. While the servers were being heavily taxed by the requests, the real impact was to the routers just "upstream" from the servers. Suddenly these routers, which were robust but of a size appropriate for normal traffic, were getting the levels of requests normally associated with Internet backbone routers. They couldn't handle the massive number of packets, and began discarding packets and sending status messages to other routers stating that the connection was full. As these messages
20
cascaded through the routers leading to attacked servers, all paths to the servers were clogged, legitimate traffic couldn't get through the logjam, and the attackers' goals were accomplished.
Web content providers and router companies have placed new rules designed to prevent such an attack in the configuration tables, and the companies and universities whose computers were used to launch the attacks have worked to prevent their systems being used maliciously. Whether their defenses, or the new attacks designed by criminals, will prevail remains to be seen.
Backbone of the Internet
In order to handle all the users of even a large private network, millions and millions of traffic packets must be sent at the same time. Some of the largest routers are made by Cisco Systems, Inc., a company that specializes in networking hardware. Cisco's Gigabit Switch Router 12000 series of routers is the sort of equipment that is used on the backbone of the Internet. These routers use the same sort of design as some of the most powerful supercomputers in the world, a design that ties many different processors together with a series of extremely fast switches. The 12000 series uses 200-MHz MIPS R5000 processors, the same type of processor used in the workstations that generate much of the computer animation and special effects used in movies. The largest model in the 12000 series, the 12016, uses a series of switches that can handle up to 320 billion bits of information per second and, when fully loaded with boards, move as many as 60 million packets of data every second. Beyond the computing power of the processors, these routers can handle so much information because they are very highly specialized. Relieved of the burden of displaying 3-D graphics and waiting for mouse input, modern processors and software can cope with amazing amounts of information.
Even with the computing power available in a very large router, how does it know which of the many possibilities for outbound connection a particular packet should take? The answer lies back in the configuration table. The router will scan the destination address and match that IP address against rules in the configuration table. The rules will say that packets in a particular group of addresses (a group that may be large or small, depending on precisely where the router is) should go in a specific direction. Next the router will check the performance of the primary connection in that direction against another set of rules. If the performance of the connection is good enough, the packet is sent, and the next packet handled. If the connection is not performing up to expected parameters, then an alternate is chosen and checked. Finally, a connection will be found with the best performance at a given moment, and the packet will be sent on its way. All of this happens in a tiny fraction of a second, and this activity goes on millions of times a second, around the world, 24 hours every day.
Knowing where and how to send a message is the most important job of a router. Some simple routers do this and nothing more. Other routers add additional functions to the jobs they perform. Rules about where messages from inside a company may be sent and from which companies messages are accepted can be applied to some routers. Others may have rules that help minimize the damage from "denial of service" attacks. The one constant is that modern networks, including the Internet, could not exist without the router.
How LAN Switches Work
21
In the case of the Internet, all of these pieces work together to allow your computer to send information to another computer that could be on the other side of the world!
Switches are another fundamental part of many networks because they speed things up. Switches allow different nodes (a network connection point, typically a computer) of a network to communicate directly with one another in a smooth and efficient manner.
There are many different types of switches and networks. Switches that provide a separate connection for each node in a company's internal network are called LAN switches. Essentially, a LAN switch creates a series of instant networks that contain only the two devices communicating with each other at that particular moment. In this article, we will focus on Ethernet networks that use LAN switches. You will learn what a LAN switch is and how transparent bridging works, as well as about VLANs, trunking and spanning trees.
Networking Basics
Here are some of the fundamental parts of a network:
Network - A network is a group of computers connected together in a way that allows information to be exchanged between the computers.
Node - A node is anything that is connected to the network. While a node is typically a computer, it can also be something like a printer orCD-ROM tower.
22
Segment - A segment is any portion of a network that is separated, by a switch, bridge or router, from other parts of the network.
Backbone - The backbone is the main cabling of a network that all of the segments connect to. Typically, the backbone is capable of carrying more information than the individual segments. For example, each segment may have a transfer rate of 10 Mbps (megabits per second), while the backbone may operate at 100 Mbps.
Topology - Topology is the way that each node is physically connected to the network (more on this in the next section).
Local Area Network (LAN) - A LAN is a network of computers that are in the same general physical location, usually within a building or a campus. If the computers are far apart (such as across town or in different cities), then a Wide Area Network (WAN) is typically used.
Network Interface Card (NIC) - Every computer (and most other devices) is connected to a network through an NIC. In most desktop computers, this is an Ethernet card (normally 10 or 100 Mbps) that is plugged into a slot on the computer's motherboard.
Media Access Control (MAC) address - This is the physical address of any device -- such as the NIC in a computer -- on the network. The MAC address, which is made up of two equal parts, is 6 bytes long. The first 3 bytes identify the company that made the NIC. The second 3 bytes are the serial number of the NIC itself.
Unicast - A unicast is a transmission from one node addressed specifically to another node.
Multicast - In a multicast, a node sends a packet addressed to a special group address. Devices that are interested in this group register to receive packets addressed to the group. An example might be aCisco router sending out an update to all of the other Cisco routers.
Broadcast - In a broadcast, a node sends out a packet that is intended for transmission to all other nodes on the network.
On the next page, we'll discuss some of the most common network topologies.
23
Bus network topology
Network Topologies
Some of the most common topologies in use today include:
Star network topology
24
A typical star bus network
Bus - Each node is daisy-chained (connected one right after the other) along the same backbone, similar to Christmas lights. Information sent from a node travels along the backbone until it reaches its destination node. Each end of a bus network must be terminated with a resistor to keep the signal that is sent by a node across the network from bouncing back when it reaches the end of the cable.
Ring - Like a bus network, rings have the nodes daisy-chained. The difference is that the end of the network comes back around to the first node, creating a complete circuit. In a ring network, each node takes a turn sending and receiving information through the use of a token. The token, along with any data, is sent from the first node to the second node, which extracts the data addressed to it and adds any data it wishes to send. Then, the second node passes the token and data to the third node, and so on until it comes back around to the first node again. Only the node with the token is allowed to send data. All other nodes must wait for the token to come to them.
Star - In a star network, each node is connected to a central device called a hub. The hub takes a signal that comes from any node and passes it along to all the other nodes in the network. A hub does not perform any type of filtering or routing of the data. It is simply a junction that joins all the different nodes together.
Star bus - Probably the most common network topology in use today, star bus combines elements of the star and bus topologies to create a versatile network environment. Nodes in particular areas are connected to hubs (creating stars), and the hubs are connected together along the network backbone (like a bus network). Quite often, stars are nested within stars, as seen in the example below:
The Problem: Traffic
25
In the most basic type of network found today, nodes are simply connected together using hubs. As a network grows, there are some potential problems with this configuration:
Scalability - In a hub network, limited shared bandwidth makes it difficult to accommodate significant growth without sacrificing performance. Applications today need more bandwidth than ever before. Quite often, the entire network must be redesigned periodically to accommodate growth.
Latency - This is the amount of time that it takes a packet to get to its destination. Since each node in a hub-based network has to wait for an opportunity to transmit in order to avoid collisions, the latency can increase significantly as you add more nodes. Or, if someone is transmitting a large file across the network, then all of the other nodes have to wait for an opportunity to send their own packets. You have probably seen this before at work -- you try to access a server or the Internet and suddenly everything slows down to a crawl.
Network failure - In a typical network, one device on a hub can cause problems for other devices attached to the hub due to incorrect speed settings (100 Mbps on a 10-Mbps hub) or excessive broadcasts. Switches can be configured to limit broadcast levels.
Collisions - Ethernet uses a process called CSMA/CD (Carrier Sense Multiple Access with Collision Detection) to communicate across the network. Under CSMA/CD, a node will not send out a packet unless the network is clear of traffic. If two nodes send out packets at the same time, a collision occurs and the packets are lost. Then both nodes wait a random amount of time and retransmit the packets. Any part of the network where there is a possibility that packets from two or more nodes will interfere with each other is considered to be part of the same collision domain. A network with a large number of nodes on the same segment will often have a lot of collisions and therefore a large collision domain.
While hubs provide an easy way to scale up and shorten the distance that the packets must travel to get from one node to another, they do not break up the actual network into discrete segments. That is where switches come in. In the next section, you'll find out how switches assist in directing network traffic.
Imagine that each vehicle is a packet of data waiting for an opportunity to continue on its trip.
26
The Solution: Adding Switches
Think of a hub as a four-way intersection where everyone has to stop. If more than one car reaches the intersection at the same time, they have to wait for their turn to proceed.
Now imagine what this would be like with a dozen or even a hundred roads intersecting at a single point. The amount of waiting and the potential for a collision increases significantly. But wouldn't it be amazing if you could take an exit ramp from any one of those roads to the road of your choosing? That is exactly what a switch does for network traffic. A switch is like a cloverleaf intersection -- each car can take an exit ramp to get to its destination without having to stop and wait for other traffic to go by.
A vital difference between a hub and a switch is that all the nodes connected to a hub share the bandwidth among themselves, while a device connected to a switch port has the full bandwidth all to itself. For example, if 10 nodes are communicating using a hub on a 10-Mbps network, then each node may only get a portion of the 10 Mbps if other nodes on the hub want to communicate as well. But with a switch, each node could possibly communicate at the full 10 Mbps. Think about our road analogy. If all of the traffic is coming to a common intersection, then each car it has to share that intersection with every other car. But a cloverleaf allows all of the traffic to continue at full speed from one road to the next.
An example of a network using a switch
Image courtesy Cisco Networks
Fully Switched Networks
In a fully switched network, switches replace all the hubs of an Ethernet network with a dedicated segment for every node. These segments connect to a switch, which supports multiple dedicated segments (sometimes in the hundreds). Since the only devices on each segment are the switch and the node, the switch picks up every transmission before it reaches another node. The switch then forwards the frame over the appropriate segment. Since any segment contains only a single node, the frame only reaches the intended recipient. This allows many conversations to occur simultaneously on a switched network.
27
Switching allows a network to maintain full-duplex Ethernet. Before switching, Ethernet was half-duplex, which means that data could be transmitted in only one direction at a time. In a fully switched network, each node communicates only with the switch, not directly with other nodes. Information can travel from node to switch and from switch to node simultaneously.
Fully switched networks employ either twisted-pair or fiber-optic cabling, both of which use separate conductors for sending and receiving data. In this type of environment, Ethernet nodes can forgo the collision detection process and transmit at will, since they are the only potential devices that can access the medium. In other words, traffic flowing in each direction has a lane to itself. This allows nodes to transmit to the switch as the switch transmits to them -- it's a collision-free environment. Transmitting in both directions can effectively double the apparent speed of the network when two nodes are exchanging information. If the speed of the network is 10 Mbps, then each node can transmit simultaneously at 10 Mbps.
A mixed network with two switches and three hubs
Mixed Networks
Most networks are not fully switched because of the costs incurred in replacing all of the hubs with switches.
Instead, a combination of switches and hubs are used to create an efficient yet cost-effective network. For example, a company may have hubs connecting the computers in each department and then a switch connecting all of the department-level hubs.
28
The OSI Reference Model consists of seven layers that build from the wire (Physical) to the software (Application).
Routers and Switches
You can see that a switch has the potential to radically change the way nodes communicate with each other. But you may be wondering what makes it different from arouter. Switches usually work atLayer 2 (Data or Datalink) of theOSI Reference Model, using MAC addresses, while routers work atLayer 3 (Network) with Layer 3 addresses (IP, IPX or Appletalk, depending on which Layer 3 protocols are being used). Thealgorithm that switches use to decide how to forward packets is different from the algorithms used by routers to forward packets.
One of these differences in the algorithms between switches and routers is how broadcasts are handled. On any network, the concept of a broadcast packet is vital to the operability of a network. Whenever a device needs to send out information but doesn't know who it should send it to, it sends out a broadcast. For example, every time a new computer or other device comes on to the network, it sends out a broadcast packet to announce its presence. The other nodes (such as a domain server) can add the computer to their browser list (kind of like an address directory) and communicate directly with that computer from that point on. Broadcasts are used any time a device needs to make an announcement to the rest of the network or is unsure of who the recipient of the information should be.
29
A hub or a switch will pass along any broadcast packets they receive to all the other segments in the broadcast domain, but a router will not. Think about our four-way intersection again: All of the traffic passed through the intersection no matter where it was going. Now imagine that this intersection is at an international border. To pass through the intersection, you must provide the border guard with the specific address that you are going to. If you don't have a specific destination, then the guard will not let you pass. A router works like this. Without the specific address of another device, it will not let the data packet through. This is a good thing for keeping networks separate from each other, but not so good when you want to talk between different parts of the same network. This is where switches come in.
Packet-switching
LAN switches rely on packet-switching. The switch establishes a connection between two segments just long enough to send the current packet. Incoming packets (part of an Ethernet frame) are saved to a temporary memory area (buffer); the MAC address contained in the frame's header is read and then compared to a list of addresses maintained in the switch's lookup table. In an Ethernet-based LAN, an Ethernet frame contains a normal packet as the payload of the frame, with a special header that includes the MAC address information for the source and destination of the packet.
Packet-based switches use one of three methods for routing traffic:
Cut-through
Store-and-forward
Fragment-free
Cut-through switches read the MAC address as soon as a packet is detected by the switch. After storing the 6 bytes that make up the address information, they immediately begin sending the packet to the destination node, even as the rest of the packet is coming into the switch.
A switch using store-and-forward will save the entire packet to the buffer and check it for CRC errors or other problems before sending. If the packet has an error, it is discarded. Otherwise, the switch looks up the MAC address and sends the packet on to the destination node. Many switches combine the two methods, using cut-through until a certain error level is reached and then changing over to store-and-forward. Very few switches are strictly cut-through, since this provides no error correction.
A less common method is fragment-free. It works like cut-through except that it stores the first 64 bytes of the packet before sending it on. The reason for this is that most errors, and all collisions, occur during the initial 64 bytes of a packet.
Switch Configurations
LAN switches vary in their physical design. Currently, there are three popular configurations in use:
30
Shared memory - This type of switch stores all incoming packets in a common memory buffer shared by all the switch ports (input/output connections), then sends them out via the correct port for the destination node.
Matrix - This type of switch has an internal grid with the input ports and the output ports crossing each other. When a packet is detected on an input port, the MAC address is compared to the lookup table to find the appropriate output port. The switch then makes a connection on the grid where these two ports intersect.
Bus architecture - Instead of a grid, an internal transmission path (common bus) is shared by all of the ports using TDMA. A switch based on this configuration has a dedicated memory buffer for each port, as well as an ASIC to control the internal bus access.
Transparent Bridging
Most Ethernet LAN switches use a very cool system called transparent bridging to create their address lookup tables. Transparent bridging is a technology that allows a switch to learn everything it needs to know about the location of nodes on the network without the network administrator having to do anything. Transparent bridging has five parts:
Learning
Flooding
Filtering
Forwarding
Aging
Here's how it works:
In the next section, you'll get a step-by-step description of how transparent bridging works.
The switch is added to the network, and the various segments are plugged into the switch's ports.
A computer (Node A) on the first segment (Segment A) sends data to a computer (Node B) on another segment (Segment C).
The switch gets the first packet of data from Node A. It reads the MAC address and saves it to the lookup table for Segment A. The switch now knows where to find Node A anytime a packet is addressed to it. This process is called learning.
31
Since the switch does not know where Node B is, it sends the packet to all of the segments except the one that it arrived on (Segment A). When a switch sends a packet out to all segments to find a specific node, it is called flooding.
Node B gets the packet and sends a packet back to Node A in acknowledgement.
The packet from Node B arrives at the switch. Now the switch can add the MAC address of Node B to the lookup table for Segment C. Since the switch already knows the address of Node A, it sends the packet directly to it. Because Node A is on a different segment than Node B, the switch must connect the two segments to send the packet. This is known as forwarding.
The next packet from Node A to Node B arrives at the switch. The switch now has the address of Node B, too, so it forwards the packet directly to Node B.
Node C sends information to the switch for Node A. The switch looks at the MAC address for Node C and adds it to the lookup table for Segment A. The switch already has the address for Node A and determines that both nodes are on the same segment, so it does not need to connect Segment A to another segment for the data to travel from Node C to Node A. Therefore, the switch will ignore packets traveling between nodes on the same segment. This is filtering.
Learning and flooding continue as the switch adds nodes to the lookup tables. Most switches have plenty of memory in a switch for maintaining the lookup tables; but to optimize the use of this memory, they still remove older information so that the switch doesn't waste time searching through stale addresses. To do this, switches use a technique called aging. Basically, when an entry is added to the lookup table for a node, it is given a timestamp. Each time a packet is received from a node, the timestamp is updated. The switch has a user-configurable timer that erases the entry after a certain amount of time with no activity from that node. This frees up valuable memory resources for other entries. As you can see, transparent bridging is a great and essentially maintenance-free way to add and manage all the information a switch needs to do its job!
In our example, two nodes share segment A, while the switch creates independent segments for Node B and Node D. In an ideal LAN-switched network, every node would have its own segment. This would eliminate the possibility of collisions and also the need for filtering.
32
Redundancy
When we talked about bus and ring networks earlier, one issue was the possibility of a single point of failure. In a star or star-bus network, the point with the most potential for bringing all or part of the network down is the switch or hub. Look at the example below:
In this example, if either switch A or C fails, then the nodes connected to that particular switch are affected, but nodes at the other two switches can still communicate. However, if switch B fails, then the entire network is brought down. What if we add another segment to our network connecting switches A and C?
33
Broadcast Storms
In the last section, you discovered how switches learn where the nodes are located. With all of the switches now connected in a loop, a packet from a node could quite possibly come to a switch from two different segments. For example, imagine that Node B is connected to Switch A, and needs to communicate with Node A on Segment B. Switch A does not know who Node A is, so it floods the packet.
The packet travels via Segment A or Segment C to the other two switches (B and C). Switch B will add Node B to the lookup table it maintains for Segment A, while Switch C will add it to the lookup table for Segment C. If neither switch has learned the address for Node A yet, they will flood Segment B looking for Node A. Each switch will take the packet sent by the other switch and flood it back out again immediately, since they still don't know who Node A is. Switch A will receive the packet from each segment and flood it back out on the other segment. This causes a broadcast storm as the packets are broadcast, received and rebroadcast by each switch, resulting in potentially severe network congestion.
Which brings us to spanning trees...
Spanning Trees
To prevent broadcast storms and other unwanted side effects of looping, Digital Equipment Corporation created the spanning-tree protocol (STP), which has been standardized as the 802.1d specification by the Institute of Electrical and Electronic Engineers (IEEE). Essentially, a spanning tree uses the spanning-tree algorithm (STA), which senses that the switch has more than one way to communicate with a node, determines which way is best and blocks out the other path(s). The cool thing is that it keeps track of the other path(s), just in case the primary path is unavailable.
34
Here's how STP works:
Each switch is assigned a group of IDs, one for the switch itself and one for each port on the switch. The switch's identifier, called the bridge ID (BID), is 8 bytes long and contains a bridge priority (2 bytes) along with one of the switch's MAC addresses (6 bytes). Each port ID is 16 bits long with two parts: a 6-bit priority setting and a 10-bit port number.
A path cost value is given to each port. The cost is typically based on a guideline established as part of 802.1d. According to the original specification, cost is 1,000 Mbps (1 gigabit per second) divided by the bandwidth of the segment connected to the port. Therefore, a 10 Mbps connection would have a cost of (1,000/10) 100.
To compensate for the speed of networks increasing beyond the gigabit range, the standard cost has been slightly modified. The new cost values are:
Bandwidth 4 Mbps = 250 STP Cost Value
Bandwidth 10 Mbps = 100 STP Cost Value
Bandwidth 16 Mbps = 62 STP Cost Value
Bandwidth 45 Mbps = 39 STP Cost Value
Bandwidth 100 Mbps = 19 STP Cost Value
Bandwidth 155 Mbps = 14 STP Cost Value
Bandwidth 622 Mbps = 6 STP Cost Value
Bandwidth 1 Gbps = 4 STP Cost Value
Bandwidth 10 Gbps = 2 STP Cost Value
You should also note that the path cost can be an arbitrary value assigned by the network administrator, instead of one of the standard cost values. Each switch begins a discovery process to choose which network paths it should use for each segment. This information is shared between all the switches by way of special network frames called bridge protocol data units (BPDU). The parts of a BPDU are:
Root BID - This is the BID of the current root bridge.
Path cost to root bridge - This determines how far away the root bridge is. For example, if the data has to travel over three 100-Mbps segments to reach the root bridge, then the cost is (19 + 19 + 0) 38. The segment attached to the root bridge will normally have a path cost of zero.
Sender BID - This is the BID of the switch that sends the BPDU.
Port ID - This is the actual port on the switch that the BPDU was sent from.
35
All of the switches are constantly sending BPDUs to each other, trying to determine the best path between various segments. When a switch receives a BPDU (from another switch) that is better than the one it is broadcasting for the same segment, it will stop broadcasting its BPDU out that segment. Instead, it will store the other switch's BPDU for reference and for broadcasting out to inferior segments, such as those that are farther away from the root bridge.
A root bridge is chosen based on the results of the BPDU process between the switches. Initially, every switch considers itself the root bridge. When a switch first powers up on the network, it sends out a BPDU with its own BID as the root BID. When the other switches receive the BPDU, they compare the BID to the one they already have stored as the root BID. If the new root BID has a lower value, they replace the saved one. But if the saved root BID is lower, a BPDU is sent to the new switch with this BID as the root BID. When the new switch receives the BPDU, it realizes that it is not the root bridge and replaces the root BID in its table with the one it just received. The result is that the switch that has the lowest BID is elected by the other switches as the root bridge.
Based on the location of the root bridge, the other switches determine which of their ports has the lowest path cost to the root bridge. These ports are called root ports, and each switch (other than the current root bridge) must have one.
The switches determine who will have designated ports. A designated port is the connection used to send and receive packets on a specific segment. By having only one designated port per segment, all looping issues are resolved! Designated ports are selected based on the lowest path cost to the root bridge for a segment. Since the root bridge will have a path cost of "0," any ports on it that are connected to segments will become designated ports. For the other switches, the path cost is compared for a given segment. If one port is determined to have a lower path cost, it becomes the designated port for that segment. If two or more ports have the same path cost, then the switch with the lowest BID is chosen.
Once the designated port for a network segment has been chosen, any other ports that connect to that segment become non-designated ports. They block network traffic from taking that path so it can only access that segment through the designated port.
Each switch has a table of BPDUs that it continually updates. The network is now configured as a single spanning tree, with the root bridge as the trunk and all the other switches as branches. Each switch communicates with the root bridge through the root ports, and with each segment through the designated ports, thereby maintaining a loop-free network. In the event that the root bridge begins to fail or have network problems, STP allows the other switches to immediately reconfigure the network with another switch acting as root bridge. This amazing process gives a company the ability to have a complex network that is fault-tolerant and yet fairly easy to maintain.
36
Layer 3 switches actually work at the Network layer.
Routers and Layer 3 Switching
While most switches operate at the Data layer (Layer 2) of the OSI Reference Model, some incorporate features of a router and operate at the Network layer (Layer 3) as well. In fact, a Layer 3 switch is incredibly similar to a router.
When a router receives a packet, it looks at the Layer 3 source and destination addresses to determine the path the packet should take. A standard switch relies on the MAC addresses to determine the source and destination of a packet, which is Layer 2 (Data) networking.
The fundamental difference between a router and a Layer 3 switch is that Layer 3 switches have optimized hardware to pass data as fast as Layer 2 switches, yet they make decisions on how to transmit traffic at Layer 3, just like a router. Within the LAN environment, a Layer 3 switch is usually faster than a router because it is built on switching hardware. In fact, many of Cisco's Layer 3 switches are actually routers that operate faster because they are built on "switching" hardware with customized chips inside the box.
37
The pattern matching and caching on Layer 3 switches is similar to the pattern matching and caching on a router. Both use a routing protocol and routing table to determine the best path. However, a Layer 3 switch has the ability to reprogram the hardware dynamically with the current Layer 3 routing information. This is what allows for faster packet processing.
On current Layer 3 switches, the information received from the routing protocols is used to update the hardware caching tables.
In this case, even if one of the switches fails, the network will continue. This provides redundancy, effectively eliminating the single point of failure.
But now we have a new problem
VLANs
As networks have grown in size and complexity, many companies have turned to virtual local area networks (VLANs) to provide some way of structuring this growth logically. Basically, a VLAN is a collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location.
You learned about broadcasts earlier, and how a router does not pass along broadcasts. A broadcast domain is a network (or portion of a network) that will receive a broadcast packet from any node located within that network. In a typical network, everything on the same side of the router is all part of the same broadcast domain. A switch that you have implemented VLANs on has multiple broadcast
38
domains, similar to a router. But you still need a router (or Layer 3 routing engine) to route from one VLAN to another -- the switch can't do this by itself.
Here are some common reasons why a company might have VLANs:
Security - Separating systems that have sensitive data from the rest of the network decreases the chances that people will gain access to information they are not authorized to see.
Projects/Special applications - Managing a project or working with a specialized application can be simplified by the use of a VLAN that brings all of the required nodes together.
Performance/Bandwidth - Careful monitoring of network use allows the network administrator to create VLANs that reduce the number of router hops and increase the apparent bandwidth for network users.
Broadcasts/Traffic flow - Since a principle element of a VLAN is the fact that it does not pass broadcast traffic to nodes that are not part of the VLAN, it automatically reduces broadcasts. Access lists provide the network administrator with a way to control who sees what network traffic. An access list is a table the network administrator creates that lists which addresses have access to that network.
Departments/Specific job types - Companies may want VLANs set up for departments that are heavy network users (such as multimedia or engineering), or a VLAN across departments that is dedicated to specific types of employees (such as managers or sales people).
You can create a VLAN using most switches simply by logging into the switch via Telnet and entering the parameters for the VLAN (name, domain and port assignments). After you have created the VLAN, any network segments connected to the assigned ports will become part of that VLAN.
While you can have more than one VLAN on a switch, they cannot communicate directly with one another on that switch. If they could, it would defeat the purpose of having a VLAN, which is to isolate a part of the network. Communication between VLANs requires the use of a router.
VLANs can span multiple switches, and you can have more than one VLAN on each switch. For multiple VLANs on multiple switches to be able to communicate via a single link between the switches, you must use a process called trucking -- trucking is the technology that allows information from multiple VLANs to be carried over a single link between switches.
On the next page, you'll learn about trucking.
39
VLAN Trucking Protocol
The VLAN trucking protocol(VTP) is the protocol that switches use to communicate among themselves about VLAN configuration.
In the image above, each switch has two VLANs. On the first switch, VLAN A and VLAN B are sent through a single port (trunked) to the router and through another port to the second switch. VLAN C and VLAN D are trunked from the second switch to the first switch, and through the first switch to the router. This trunk can carry traffic from all four VLANs. The trunk link from the first switch to the router can also carry all four VLANs. In fact, this one connection to the router allows the router to appear on all four VLANs, as if it had four different physical ports connected to the switch.
The VLANs can communicate with each other via the trucking connection between the two switches using the router. For example, data from a computer on VLAN A that needs to get to a computer on VLAN B (or VLAN C or VLAN D) must travel from the switch to the router and back again to the switch. Because of the transparent bridging algorithm and trucking, both PCs and the router think that they are on the same physical segment!
As you can see, LAN switches are an amazing technology that can really make a difference in the speed and quality of a network.
For more information on LAN switches, networks and related topics, check out the links on the next page.
How OSI Works
40
Virtually all networks in use today are based in some fashion on the Open Systems Interconnection (OSI) standard. OSI was developed in 1984 by theInternational Organization for Standardization (ISO), a global federation of national standards organizations representing approximately 130 countries.
The core of this standard is the OSI Reference Model, a set of seven layers that define the different stages that data must go through to travel from one device to another over a network. In this article, you'll find out all about the OSI standard.
The seven layers of the OSI Reference Model
The Layers
Think of the seven layers as the assembly line in the computer. At each layer, certain things happen to the data that prepare it for the next layer. The seven layers, which separate into two sets, are:
41
Application Set
Layer 7: Application - This is the layer that actually interacts with the operating system or application whenever the user chooses to transfer files, read messages or perform other network-related activities.
Layer 6: Presentation - Layer 6 takes the data provided by the Application layer and converts it into a standard format that the other layers can understand.
Layer 5: Session - Layer 5 establishes, maintains and ends communication with the receiving device.
Transport Set
Layer 4: Transport - This layer maintains flow control of data and provides for error checking and recovery of data between the devices. Flow control means that the Transport layer looks to see if data is coming from more than one application and integrates each application's data into a single stream for the physical network.
Layer 3: Network - The way that the data will be sent to the recipient device is determined in this layer. Logical protocols, routing and addressing are handled here.
Layer 2: Data - In this layer, the appropriate physical protocol is assigned to the data. Also, the type of network and the packet sequencing is defined.
Layer 1: Physical - This is the level of the actual hardware. It defines the physical characteristics of the network such as connections, voltage levels and timing.
The OSI Reference Model is really just a guideline. Actual protocol stacks often combine one or more of the OSI layers into a single layer.
Protocol Stacks
A protocol stack is a group of protocols that all work together to allow software or hardware to perform a function. The TCP/IP protocol stack is a good example. It uses four layers that map to the OSI model as follows:
Layer 1: Network Interface - This layer combines the Physical and Data layers and routes the data between devices on the same network. It also manages the exchange of data between the network and other devices.
Layer 2: Internet - This layer corresponds to the Network layer. The Internet Protocol (IP) uses the IP address, consisting of a Network Identifier and a Host Identifier, to determine the address of the device it is communicating with.
42
Layer 3: Transport - Corresponding to the OSI Transport layer, this is the part of the protocol stack where the Transport Control Protocol (TCP) can be found. TCP works by asking another device on the network if it is willing to accept information from the local device.
Layer 4: Application - Layer 4 combines the Session, Presentation and Application layers of the OSI model. Protocols for specific functions such as e-mail (Simple Mail Transfer Protocol, SMTP) and file transfer (File Transfer Protocol, FTP) reside at this level.
As you can see, it is not necessary to develop a separate layer for each and every function outlined in the OSI Reference Model. But developers are able to ensure that a certain level of compatibility is maintained by following the general guidelines provided by the model.
What is a packet?
It turns out that everything you do on the Internet involves packets. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Networks that ship data around in small packets are called packet switched networks.
On the Internet, the network breaks an e-mail message into parts of a certain size in bytes. These are the packets. Each packet carries the information that will help it get to its destination -- the sender's IP address, the intended receiver's IP address, something that tells the network how many packets this e-mail message has been broken into and the number of this particular packet. The packets carry the data in the protocols that the Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet contains part of the body of your message. A typical packet contains perhaps 1,000 or 1,500 bytes.
Each packet is then sent off to its destination by the best available route -- a route that might be taken by all the other packets in the message or by none of the other packets in the message. This makes the network more efficient. First, the network can balance the load across various pieces of equipment on a millisecond-by-millisecond basis. Second, if there is a problem with one piece of equipment in the network while a message is being transferred, packets can be routed around the problem, ensuring the delivery of the entire message.
Depending on the type of network, packets may be referred to by another name:
frame
block
cell
segment
Next, learn about the parts of packets and an example of how packets are applied.
43
I've heard that data travels in packets on a computer network. What is a packet, and why do networks use them?
Network Packet Structure
Most network packets are split into three parts:
Header - The header contains instructions about the data carried by the packet. These instructions may include:
Length of packet (some networks have fixed-length packets, while others rely on the header to contain this information)
Synchronization (a few bits that help the packet match up to the network)
Packet number (which packet this is in a sequence of packets)
Protocol (on networks that carry multiple types of information, the protocol defines what type of packet is being transmitted: e-mail, Web page, streaming video)
Destination address (where the packet is going)
Originating address (where the packet came from)
Payload - Also called the body or data of a packet. This is the actual data that the packet is delivering to the destination. If a packet is fixed-length, then the payload may be padded with blank information to make it the right size.
Trailer - The trailer, sometimes called the footer, typically contains a couple of bits that tell the receiving device that it has reached the end of the packet. It may also have some type of error checking. The most common error checking used in packets is Cyclic Redundancy Check (CRC). CRC is pretty neat. Here is how it works in certain computer networks: It takes the sum of all the 1s in the payload and adds them together. The result is stored as a hexadecimal value in the trailer. The receiving device adds up the 1s in
44
the payload and compares the result to the value stored in the trailer. If the values match, the packet is good. But if the values do not match, the receiving device sends a request to the originating device to resend the packet.
As an example, let's look at how an e-mail message might get broken into packets. Let's say that you send an e-mail to a friend. The e-mail is about 3,500 bits (3.5 kilobits) in size. The network you send it over uses fixed-length packets of 1,024 bits (1 kilobit). The header of each packet is 96 bits long and the trailer is 32 bits long, leaving 896 bits for the payload. To break the 3,500 bits of message into packets, you will need four packets (divide 3,500 by 896). Three packets will contain 896 bits of payload and the fourth will have 812 bits. Here is what one of the four packets would contain:
Each packet's header will contain the proper protocols, the originating address (the IP address of your computer), the destination address (the IP address of the computer where you are sending the e-mail) and the packet number (1, 2, 3 or 4 since there are 4 packets). Routers in the network will look at the destination address in the header and compare it to their lookup table to find out where to send the packet. Once the packet arrives at its destination, your friend's computer will strip the header and trailer off each packet and reassemble the e-mail based on the numbered sequence of the packets.
What is an IP address?
In Microsoft Windows, you can enter ipconfig in the command prompt app to view your computer's current IP address configuration.
Every machine on a network has a unique identifier. Just as you would address a letter to send in the mail, computers use the unique identifier to send data to specific computers on a network. Most networks today, including all computers on the Internet, use the TCP/IP protocol as the standard for how to communicate on the network. In the TCP/IP protocol, the unique identifier for a computer is called its IP address.
45
There are two standards for IP addresses: IP Version 4 (IPv4) and IP Version 6 (IPv6). All computers with IP addresses have an IPv4 address, and many are starting to use the new IPv6 address system as well. Here's what these two address types mean:
IPv4 uses 32 binary bits to create a single unique address on the network. An IPv4 address is expressed by four numbers separated by dots. Each number is the decimal (base-10) representation for an eight-digit binary (base-2) number, also called an octet. For example: 216.27.61.137
IPv6 uses 128 binary bits to create a single unique address on the network. An IPv6 address is expressed by eight groups of hexadecimal (base-16) numbers separated by colons, as in 2001:cdba:0000:0000:0000:0000:3257:9652. Groups of numbers that contain all zeros are often omitted to save space, leaving a colon separator to mark the gap (as in 2001:cdba::3257:9652).
At the dawn of IPv4 addressing, the Internet was not the large commercial sensation it is today, and most networks were private and closed off from other networks around the world. When the Internet exploded, having only 32 bits to identify a unique Internet address caused people to panic that we'd run out of IP addresses. Under IPv4, there are 232 possible combinations, which offers just under 4.3 billion unique addresses. IPv6 raised that to a panic-relieving 2128 possible addresses. Later, we'll take a closer look at how to understand your computer's IPv4 or IPv6 addresses.
How does your computer get its IP address? An IP address can be either dynamic or static. A static address is one that you configure yourself by editing your computer's network settings. This type of address is rare, and it can create network issues if you use it without a good understanding of TCP/IP. Dynamic addresses are the most common. They're assigned by the Dynamic Host Configuration Protocol (DHCP), a service running on the network. DHCP typically runs on network hardware such as routers or dedicated DHCP servers.
Dynamic IP addresses are issued using a leasing system, meaning that the IP address is only active for a limited time. If the lease expires, the computer will automatically request a new lease. Sometimes, this means the computer will get a new IP address, too, especially if the computer was unplugged from the network between leases. This process is usually transparent to the user unless the computer warns about an IP address conflict on the network (two computers with the same IP address). An address conflict is rare, and today's technology typically fixes the problem automatically.
IP Classes
Earlier, you read that IPv4 addresses represent four eight-digit binary numbers. That means that each number could be 00000000 to 11111111 in binary, or 0 to 255 in decimal (base-10). In other words, 0.0.0.0 to 255.255.255.255. However, some numbers in that range are reserved for specific purposes on TCP/IP networks. These reservations are recognized by the authority on TCP/IP addressing, the Internet Assigned Numbers Authority (IANA). Four specific reservations include the following:
46
0.0.0.0 -- This represents the default network, which is the abstract concept of just being connected to a TCP/IP network.
255.255.255.255 -- This address is reserved for network broadcasts, or messages that should go to all computers on the network.
127.0.0.1 -- This is called the loopback address, meaning your computer's way of identifying itself, whether or not it has an assigned IP address.
169.254.0.1 to 169.254.255.254 -- This is the Automatic Private IP Addressing (APIPA) range of addresses assigned automatically when a computer's unsuccessful getting an address from a DHCP server.
The other IP address reservations are for subnet classes. A subnet is a smaller network of computers connected to a larger network through a router. The subnet can have its own address system so computers on the same subnet can communicate quickly without sending data across the larger network. A router on a TCP/IP network, including the Internet, is configured to recognize one or more subnets and route network traffic appropriately. The following are the IP addresses reserved for subnets:
10.0.0.0 to 10.255.255.255 -- This falls within the Class A address range of 1.0.0.0 to 127.0.0.0, in which the first bit is 0.
172.16.0.0 to 172.31.255.255 -- This falls within the Class B address range of 128.0.0.0 to 191.255.0.0, in which the first two bits are 10.
192.168.0.0 to 192.168.255.255 -- This falls within the Class C range of 192.0.0.0 through 223.255.255.0, in which the first three bits are 110.
Multicast (formerly called Class D) -- The first four bits in the address are 1110, with addresses ranging from 224.0.0.0 to 239.255.255.255.
Reserved for future/experimental use (formerly called Class E) -- addresses 240.0.0.0 to 254.255.255.254.
The first three (within Classes A, B and C) are those most used in creating subnets. Later, we'll see how a subnet uses these addresses. The IANA has outlined specific uses for multicast addresses within Internet Engineering Task Force (IETF) document RFC 5771. However, it hasn't designated a purpose or future plan for Class E addresses since it reserved the block in its 1989 document RFC 1112. Before IPv6, the Internet was filled with debate about whether the IANA should release Class E for general use.
Next, let's see how subnets work and find out who has those non-reserved IP addresses out on the Internet.
Internet Addresses and Subnets
47
The following is an example of a subnet IP address you might have on your computer at home if you're using a router (wireless or wired) between your ISP connection and your computer:
IP address: 192.168.1.102
Subnet mask: 255.255.255.0
Twenty-four bits (three octets) reserved for network identity
Eight bits (one octet) reserved for nodes
Subnet identity based on subnet mask (first address): 192.168.1.0
The reserved broadcast address for the subnet (last address): 192.168.1.255
Example addresses on the same network: 192.168.1.1, 192.168.1.103
Example addresses not on the same network: 192.168.2.1, 192.168.2.103
Besides reserving IP addresses, the IANA is also responsible for assigning blocks of IP addresses to certain entities, usually commercial or government organizations. Your Internet service provider (ISP) may be one of these entities, or it may be part of a larger block under the control of one of those entities. In order for you to connect to the Internet, your ISP will assign you one of these addresses. You can see a full list of IANA assignments and reservations for IPv4 addresses here.
If you only connect one computer to the Internet, that computer can use the address from your ISP. Many homes today, though, use routers to share a single Internet connection between multiple computers. Wireless routers have become especially popular in recent years, avoiding the need to run network cables between rooms.
If you use a router to share an Internet connection, the router gets the IP address issued directly from the ISP. Then, it creates and manages a subnet for all the computers connected to that router. If your computer's address falls into one of the reserved subnet ranges listed earlier, you're going through a router rather than connecting directly to the Internet.
IP addresses on a subnet have two parts: network and node. The network part identifies the subnet itself. The node, also called the host, is an individual piece of computer equipment connected to the network and requiring a unique address. Each computer knows how to separate the two parts of the IP address by using a subnet mask. A subnet mask looks somewhat like an IP address, but it's actually just a filter used to determine which part of an IP address designates the network and node.
A subnet mask consists of a series of 1 bits followed by a series of 0 bits. The 1 bits indicate those that should mask the network bits in the IP address, revealing only those that identify a unique node on that network. In the IPv4 standard, the most commonly used subnet masks have complete octets of 1s and 0s as follows:
48
255.0.0.0.0 = 11111111.00000000.00000000.00000000 = eight bits for networks, 24 bits for nodes
255.255.0.0 = 11111111.11111111.00000000.00000000 = 16 bits for networks, 16 bits for nodes
255.255.255.0 = 11111111. 11111111.11111111.00000000 = 24 bits for networks, eight bits for nodes
People who set up large networks determine what subnet mask works best based on the number of desired subnets or nodes. For more subnets, use more bits for the network; for more nodes per subnet, use more bits for the nodes. This may mean using non-standard mask values. For instance, if you want to use 10 bits for networks and 22 for nodes, your subnet mask value would require using 11000000 in the second octet, resulting in a subnet mask value of 255.192.0.0.
Another important thing to note about IP addresses in a subnet is that the first and last addresses are reserved. The first address identifies the subnet itself, and the last address identifies the broadcast address for systems on that subnet.
See the sidebar on the previous page for a look at how all this information comes together to form your IP address. For even more information about IP addresses, the Internet and related networking topics, head on to the next page.
How Domain Name Servers Work
When you enter a URL into your Web browser, your DNS server uses its resources to resolve the name into the IP address for the appropriate Web server..
49
If you've ever used the Internet, it's a good bet that you've used the Domain Name System, or DNS, even without realizing it. DNS is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. Its basic job is to turn a user-friendly domain name like "howstuffworks.com" into an Internet Protocol (IP) address like 70.42.251.42 that computers use to identify each other on the network. It's like your computer's GPS for the Internet.
Computers and other network devices on the Internet use an IP address to route your request to the site you're trying to reach. This is similar to dialing a phone number to connect to the person you're trying to call. Thanks to DNS, though, you don't have to keep your own address book of IP addresses. Instead, you just connect through a domain name server, also called a DNS server or name server, which manages a massive database that maps domain names to IP addresses.
Whether you're accessing a Web site or sending e-mail, your computer uses a DNS server to look up the domain name you're trying to access. The proper term for this process is DNS name resolution, and you would say that the DNS server resolves the domain name to the IP address. For example, when you enter "http://www.howstuffworks.com" in your browser, part of the network connection includes resolving the domain name "howstuffworks.com" into an IP address, like 70.42.251.42, for ' Web servers.
You can always bypass a DNS lookup by entering 70.42.251.42 directly in your browser (give it a try). However, you're probably more likely to remember "howstuffworks.com" when you want to return later. In addition, a Web site's IP address can change over time, and some sites associate multiple IP addresses with a single domain name.
Without DNS servers, the Internet would shut down very quickly. But how does your computer know what DNS server to use? Typically, when you connect to your home network, Internet service provider (ISP) or WiFi network, the modem or router that assigns your computer's network address also sends some important network configuration information to your computer or mobile device. That configuration includes one or more DNS servers that the device should use when translating DNS names to IP address.
So far, you've read about some important DNS basics. The rest of this article dives deeper into domain name servers and name resolution. It even includes an introduction to managing your own DNS server. Let's start by looking at how IP addresses are structured and how that's important to the name resolution process.
DNS Servers and IP Addresses
You just learned that the primary job of a domain name server, or DNS server, is to resolve (translate) a domain name into an IP address. That sounds like a simple task, and it would be, except for the following points:
50
There are billions of IP addresses currently in use, and most machines have a human-readable name as well.
DNS servers (cumulatively) are processing billions of requests across the Internet at any given time.
Millions of people are adding and changing domain names and IP addresses each day.
With so much to handle, DNS servers rely on network efficiency and Internet protocols. Part of the IP's effectiveness is that each machine on a network has a unique IP address in both the IPV4 and IPV6 standards managed by the Internet Assigned Numbers Authority (IANA). Here are some ways to recognize an IP address:
An IP address in the IPV4 standard has four numbers separated by three decimals, as in: 70.74.251.42
An IP address in the IPV6 standard has eight hexadecimal numbers (base-16) separated by colons, as in 2001:0cb8:85a3:0000:0000:8a2e:0370:7334. Because IPV6 is still a very new standard, we'll concentrate on the more common IPV4 for this article.
Each number in an IPV4 number is called an "octet" because it's a base-10 equivalent of an 8-digit base-2 (binary) number used in routing network traffic. For example, the octet written as 42 stands for 00101010. Each digit in the binary number is the placeholder for a certain power of two from 20 to 27, reading from right to left. That means that in 00101010, you have one each of 21, 23 and 25. So, to get the base-10 equivalent, just add 21 + 23 + 25 = 2 + 8 + 32 = 42. For more about how IP addresses are constructed, see our article "What is an IP address?"
There are only 256 possibilities for the value of each octect: the numbers 0 through 255.
Certain addresses and ranges are designated by the IANA as reserved IP addresses, which means they have a specific job in IP. For example, the IP address 127.0.0.1 is reserved to identify the computer you're currently using. So, talking to 127.0.0.1 is just talking to yourself!
Where does your computer's IP address come from? If we're talking about your desktop or laptop computer, it probably comes from a Dynamic Host Configuration Protocol (DHCP) server on your network. The job of a DHCP server is to make sure your computer has the IP address and other network configuration it needs whenever you're online. Because this is "dynamic," the IP address for your computer will probably change from time to time, such as when you shut down your computer for a few days. As the user, you'll probably never notice all this taking place. See the sidebar on this page for hints on where to find the IP address assigned to your computer or mobile device.
Web servers and other computers that need a consistent point of contact use static IP addresses. This means that the same IP address is always assigned to that system's network interface when it's online. To make sure that interface always gets the same IP address, IP associates the address with the Media
51
Access Control (MAC) address for that network interface. Every network interface, both wired and wireless, has a unique MAC address embedded in it by the manufacturer.
For more information on IP addresses, see the IANA, operated by the Internet Corporation for Assigned Names and Numbers (ICANN). Now, though, let's look at the other side of the DNS equation: domain names.
Domain Names
If we had to remember the IP addresses of all our favorite Web sites, we'd probably go nuts! Human beings are just not that good at remembering strings of numbers. We are good at remembering words, however, and that is where domain names come in. You probably have hundreds of domain names stored in your head, such as:
howstuffworks.com -- our favorite domain name
google.com -- one of the most used domain names in the world
mit.edu -- a popular EDU name
bbc.co.uk -- a three-part domain name using the country code UK
You'll recognize domain names as having strings of characters separated by dots (periods). The last word in a domain name represents a top-level domain. These top-level domains are controlled by the IANA in what's called the Root Zone Database, which we'll examine more closely later. The following are some common top-level domains:
COM -- commercial Web sites, though open to everyone
NET -- network Web sites, though open to everyone
ORG -- non-profit organization Web sites, though open to everyone
EDU -- restricted to schools and educational organizations
MIL -- restricted to the U.S. military
GOV -- restricted to the U.S. government
US, UK, RU and other two-letter country codes -- each is assigned to a domain name authority in the respective country
In a domain name, each word and dot combination you add before a top-level domain indicates a level in the domain structure. Each level refers to a server or a group of servers that manage that domain level. For example, "howstuffworks" in our domain name is a second-level domain off the COM top-level domain. An organization may have a hierarchy of sub-domains further organizing its Internet presence,
52
like "bbc.co.uk" which is the BBC's domain under CO, an additional level created by the domain name authority responsible for the UK country code.
The left-most word in the domain name, such as www or mail, is a host name. It specifies the name of a specific machine (with a specific IP address) in a domain, typically dedicated to a specific purpose. A given domain can potentially contain millions of host names as long as they're all unique to that domain.
Because all of the names in a given domain need to be unique, there has to be some way to control the list and makes sure no duplicates arise. That's where registrars come in. A registrar is an authority that can assign domain names directly under one or more top-level domains and register them with Inter NIC, a service of ICANN, which enforces uniqueness of domain names across the Internet. Each domain registration becomes part of a central domain registration database known as the who is database. Network Solutions, Inc. (NSI) was one of the first registrars, and today companies like GoDaddy.com offer domain registration in addition to many other Web site and domain management services.
Later, when we look at how to create a domain name, we'll see that part of registering a domain requires identifying one or more name servers (DNS servers) that have the authority to resolve the host names and sub-domains in that domain. Typically, you would do this through a hosting service, which has its own DNS servers. Next, we'll look at how these DNS servers manage your domain, and how DNS servers across the Internet work together to ensure traffic is routed properly between IP addresses.
Domain name servers connect to each other across the Internet and cache lookup information to make name resolution more efficient.
The Distributed System
Every domain has a domain name server handling its requests, and there is a person or IT team maintaining the records in that DNS server's database. No other database on the planet gets as many requests as DNS servers, and they handle all those queries while also processing data updates from millions of people every day. That's one of the most amazing parts of DNS -- it is completely distributed
53
throughout the world on millions of machines, managed by millions of people, and yet it behaves like a single, integrated database!
Because managing DNS seems like such a big job, most people tend to leave it to the IT professionals. However, by learning a little bit about how DNS works and how DNS servers are distributed across the Internet, you can manage DNS with confidence. The first thing to know is what the purpose of a DNS server is on the network where it resides. A DNS server will have one of the following as its primary task:
Maintain a small database of domain names and IP addresses most often used on its own network, and delegate name resolution for all other names to other DNS servers on the Internet.
Pair IP addresses with all hosts and sub-domains for which that DNS server has authority.
DNS servers that perform the first task are normally managed by your Internet service provider (ISP). As mentioned earlier, the ISP's DNS server is part of the network configuration you get from DHCP as soon as you go online. These servers reside in your ISP's data centers, and they handle requests as follows:
If it has the domain name and IP address in its database, it resolves the name itself.
If it doesn't have the domain name and IP address in its database, it contacts another DNS server on the Internet. It may have to do this multiple times.
If it has to contact another DNS server, it caches the lookup results for a limited time so it can quickly resolve subsequent requests to the same domain name.
If it has no luck finding the domain name after a reasonable search, it returns an error indicating that the name is invalid or doesn't exist.
The second category of DNS servers mentioned above is typically associated with Web, mail and other Internet domain hosting services. Though some hardcore IT gurus set up and manage their own DNS servers, hosting services have made DNS management much easier for the less technical audience. A DNS server that manages a specific domain is called the start of authority (SOA) for that domain. Over time, the results from looking up hosts at the SOA will propagate to other DNS servers, which in turn propagate to other DNS servers, and so on across the Internet.
This propagation is a result of each DNS server caching the lookup result for a limited time, known as its Time To Live (TTL), ranging from a few minutes to a few days. People managing a DNS server can configure its TTL, so TTL values will vary across the Internet. So, each time you look up "www.howstuffworks.com," it's possible that the DNS server for your ISP will find the lookup results "70.42.251.42" in its own cache if you or someone else using that server looked for it before within the server's TTL.
54
This great web of DNS servers includes the root name servers, which start at the top of the domain hierarchy for a given top-level domain. There are hundreds of root name servers to choose from for each top-level domain. Though DNS lookups don't have to start at a root name server, they can contact a root name server as a last resort to help track down the SOA for a domain.
Now that you know how DNS servers are interconnected to improve the name resolution process, let's look at how you can configure a DNS server to be the authority for your domain.
Creating a New Domain Name
When you want to create a new domain name, you need to do the following:
Use the Whois database to find a unique domain name that isn't yet registered. There are several sites that offer free Whois database searches, such as Network Solutions. If the search comes up empty, you know the domain name is available.
Register the domain name with a registrar. There are a lot of registrars to choose from, and some offer special prices for registering the COM, NET, and ORG versions of a domain at the same time, for registering for two or more years, or for hosting the domain with the same company.
If you're hosting the domain at a different company than your registrar, configure the registrar to point your domain name to the correct host name or IP address for your hosting company (see information below about A records).
Using the DNS servers from your registrar or hosting company means that you have a parked domain. This means that someone else owns the computer hardware for the DNS servers, and your domain is just part of that company's larger DNS configuration. Alternatively, if you're passionate about hosting your own DNS, you can set up your own server, either as a physical or virtual machine. Whichever DNS setup you decide on, that DNS server (or group of servers) becomes the SOA for your domain, as described earlier.
Whether your SOA is somewhere else or on your own system, you can extend and modify your DNS settings to add sub-domains, redirect e-mail and control other services. This information is kept in a zone file on the DNS server [source: GoDaddy.com]. If you're running your own server, you'll probably need to manually edit the zone file in a text editor. Many registrars today have a Web interface you can use to manage DNS for your domain. Each new configuration you add is called a record, and the following are the most common types of records you can configure for your DNS server:
Host (A) -- This is the basic mapping of IP address to host name, the essential component for any domain name.
Canonical Name (CNAME) -- This is an alias for your domain. Anyone accessing that alias will be automatically directed to the server indicated in the A record.
55
Mail Exchanger (MX) -- This maps e-mail traffic to a specific server. It could indicate another host name or an IP address. For example, people who use Google for the e-mail for their domain will create an MX record that points to ghs.google.com.
Name Server (NS) -- This contains the name server information for the zone. If you configure this, your server will let other DNS servers know that yours is the ultimate authority (SOA) for your domain when caching lookup information on your domain from other DNS servers around the world.
Start of Authority (SOA) -- This is one larger record at the beginning of every zone file with the primary name server for the zone and some other information. If your registrar or hosting company is running your DNS server, you won't need to manage this. If you're managing your own DNS, Microsoft's support information has a helpful article on the structure of a DNS SOA Record.
The following is an example of what a zone file might look like for those who are editing it directly in a text editor. Note that the center column (second item on each line) includes a record type from those listed above. When you see an "@" in the left column, it means that the record applies in all cases not otherwise specified:
@ NS auth-ns1.howstuffworks.com
@ NS auth-ns2.howstuffworks.com
@ MX 10 mail
mail A 209.170.137.42
vip1 A 216.183.103.150
Www CNAME vip1
Typical users will probably get the most use out of MX and CNAME records. The MX records allow you to point your mail services somewhere other than your hosting company if you choose to use something like Google Apps for your domain. The CNAME records let you point host names for your domain to various other locations. This could include setting google.example.com to redirect to google.com, or setting up a dedicated game server with its own IP address and pointing it to something like gameserver.example parent company, Discovery, does this: dsc.discovery.com is the main Web site, science.discovery.com is The Science Channel Web site, and so on.
Throughout this article, you've read about the role of domain name servers, how DNS maps domain names to IP addresses and how to choose your domain name and configure it to work within the distributed system of DNS servers around the world. Now that you're in the zone with zone files and registered for success with domain name servers, look up lots more information about DNS on the next page.
56
How DSL Works
A DSL modem uses telephone lines for high-speed Internet connections. When you connect to the Internet, you might connect through a regular modem, through a local-area network connection in your office, through a cable modem or through a digital subscriber line(DSL) connection. DSL is a very high-speed connection that uses the same wires as a regular telephone.
Here are some advantages of DSL:
You can leave your Internet connection open and still use the phone line for voice calls.
The speed is much higher than a regular modem
DSL doesn't necessarily require new wiring; it can use the phone line you already have.
The company that offers DSL will usually provide the modem as part of the installation.
But there are disadvantages:
A DSL connection works better when you are closer to the provider's central office. The farther away you get from the central office, the weaker the signal becomes.
The connection is faster for receiving data than it is for sending data over the Internet.
The service is not available everywhere.
In this article, we explain how a DSL connection manages to squeeze more information through a standard phone line -- and lets you make regular telephone calls even when you're online.
Telephone Lines
57
If you have read How Telephones Work, then you know that a standard telephone installation in the United States consists of a pair of copper wires that the phone company installs in your home. The copper wires have lots of room for carrying more than your phone conversations -- they are capable of handling a much greater bandwidth, or range of frequencies, than that demanded for voice. DSL exploits this "extra capacity" to carry information on the wire without disturbing the line's ability to carry conversations. The entire plan is based on matching particular frequencies to specific tasks.
To understand DSL, you first need to know a couple of things about a normal telephone line -- the kind that telephone professionals call POTS, for Plain Old Telephone Service. One of the ways that POTS makes the most of the telephone company's wires and equipment is by limiting the frequencies that the switches, telephones and other equipment will carry. Human voices, speaking in normal conversational tones, can be carried in a frequency range of 0 to 3,400 Hertz (cycles per second -- see How Telephones Work for a great demonstration of this). This range of frequencies is tiny. For example, compare this to the range of most stereo speakers, which cover from roughly 20 Hertz to 20,000 Hertz. And the wires themselves have the potential to handle frequencies up to several million Hertz in most cases.
The use of such a small portion of the wire's total bandwidth is historical -- remember that the telephone system has been in place, using a pair of copper wires to each home, for about a century. By limiting the frequencies carried over the lines, the telephone system can pack lots of wires into a very small space without worrying about interference between lines. Modern equipment that sends digital rather than analog data can safely use much more of the telephone line's capacity. DSL does just that.
Asymmetric DSL
Most homes and small business users are connected to anasymmetric DSL (ADSL) line. ADSL divides up the available frequencies in a line on the assumption that most Internet users look at, or download, much more information than they send, or upload. Under this assumption, if the connection speed from the Internet to the user is three to four times faster than the connection from the user back to the Internet, then the user will see the most benefit most of the time.
Precisely how much benefit you see from ADSL will greatly depend on how far you are from the central office of the company providing the ADSL service. ADSL is a distance-sensitive technology: As the connection's length increases, the signal quality decreases and the connection speed goes down. The limit for ADSL service is 18,000 feet (5,460 meters), though for speed and quality of service reasons many ADSL providers place a lower limit on the distances for the service. At the extremes of the distance limits, ADSL customers may see speeds far below the promised maximums, while customers nearer the central office have faster connections and may see extremely high speeds in the future. ADSL technology can provide maximum downstream (Internet to customer) speeds of up to 8 megabits per second (Mbps) at a distance of about 6,000 feet (1,820 meters), and upstream speeds of up to 640 kilobits per second (Kbps). In practice, the best speeds widely offered today are 1.5 Mbps downstream, with upstream speeds varying between 64 and 640 Kbps. Some vast improvements to ADSL are available in some areas through services called ASDL2 and ASDL2+. ASDL2 increases downstream to 12 Mbps and
58
upstream to 1 Mbps, and ASDL2+ is even better -- it improves downstream to as much as 24 Mbps and upstream to 3 Mbps.
You might wonder -- if distance is a limitation for DSL, why is it not also a limitation for voice telephonecalls? The answer lies in small amplifiers called loading coils that the telephone company uses to boost voice signals. Unfortunately, these loading coils are incompatible with ADSL signals, so a voice coil in the loop between your telephone and the telephone company's central office will disqualify you from receiving ADSL. Other factors that might disqualify you from receiving ADSL include:
Bridge taps - These are extensions, between you and the central office, that extend service to other customers. While you wouldn't notice these bridge taps in normal phone service, they may take the total length of the circuit beyond the distance limits of the service provider.
Fiber-optic cables - ADSL signals can't pass through the conversion from analog to digital and back to analog that occurs if a portion of your telephone circuit comes through fiber-optic cables.
Distance - Even if you know where your central office is (don't be surprised if you don't -- the telephone companies don't advertise their locations), looking at a map is no indication of the distance a signal must travel between your house and the office.
Splitting the SignalThe CAP System
There are two competing and incompatible standards for ADSL. The official ANSI standard for ADSL is a system called discrete multitone, or DMT. According to equipment manufacturers, most of the ADSL equipment installed today uses DMT. An earlier and more easily implemented standard was the carrierless amplitude/phase (CAP) system, which was used on many of the early installations of ADSL.
59
CAP operates by dividing the signals on the telephone line into three distinct bands: Voice conversations are carried in the 0 to 4 KHz (kilohertz) band, as they are in all POTS circuits. The upstream channel (from the user back to the server) is carried in a band between 25 and 160 KHz. The downstream channel (from the server to the user) begins at 240 KHz and goes up to a point that varies depending on a number of conditions (line length, line noise, number of users in a particular telephone company switch) but has a maximum of about 1.5 MHz (megahertz). This system, with the three channels widely separated, minimizes the possibility of interference between the channels on one line, or between the signals on different lines.
The DMT System
DMT also divides signals into separate channels, but doesn't use two fairly broad channels for upstream and downstream data. Instead, DMT divides the data into 247 separate channels, each 4 KHz wide.
One way to think about it is to imagine that the phone company divides your copper line into 247 different 4-KHz lines and then attaches a modem to each one. You get the equivalent of 247 modems connected to your computer at once. Each channel is monitored and, if the quality is too impaired, the signal is shifted to another channel. This system constantly shifts signals between different channels, searching for the best channels for transmission and reception. In addition, some of the lower channels (those starting at about 8 KHz), are used as bidirectional channels, for upstream and downstream information. Monitoring and sorting out the information on the bidirectional channels, and keeping up with the quality of all 247 channels, makes DMT more complex to implement than CAP, but gives it more flexibility on lines of differing quality.
Filters
CAP and DMT are similar in one way that you can see as a DSL user.
60
If you have ADSL installed, you were almost certainly given small filters to attach to the outlets that don't provide the signal to your ADSL modem. These filters arelow-pass filters -- simple filters that block all signals above a certain frequency. Since all voice conversations take place below 4 KHz, the low-pass (LP) filters are built to block everything above 4 KHz, preventing the data signals from interfering with standard telephone calls.
DSL Equipment
ADSL uses two pieces of equipment, one on the customer end and one at the Internet service provider, telephone company or other provider of DSL services. At the customer's location there is a DSL transceiver, which may also provide other services. The DSL service provider has a DSL Access Multiplexer (DSLAM) to receive customer connections.
The Transceiver
Most residential customers call their DSL transceiver a "DSL modem." The engineers at the telephone company or ISP call it an ATU-R. Regardless of what it's called, it's the point where data from the user's computer or network is connected to the DSL line.
61
DSL modem
The transceiver can connect to a customer's equipment in several ways, though most residential installation uses USBor 10 base-T Ethernet connections. While most of the ADSL transceivers sold by ISPs and telephone companies are simply transceivers, the devices used by businesses may combine network routers, network switches or other networking equipment in the same platform
.The DSLAM
The DSLAM at the access provider is the equipment that really allows DSL to happen. A DSLAM takes connections from many customers and aggregates them onto a single, high-capacity connection to the Internet. DSLAMs are generally flexible and able to support multiple types of DSL in a single central office, and different varieties of protocol and modulation -- both CAP and DMT, for example -- in the same type of DSL. In addition, the DSLAM may provide additional functions including routing or dynamic IP address assignment for the customers.
The DSLAM provides one of the main differences between user service through ADSL and through cable modems. Because cable-modem users generally share a network loop that runs through a neighborhood, adding users means lowering performance in many instances. ADSL provides a dedicated connection from each user back to the DSLAM, meaning that users won't see a performance decrease as new users are added -- until the total number of users begins to saturate the single, high-speed connection to the Internet. At that point, an upgrade by the service provider can provide additional performance for all the users connected to the DSLAM.
For information on ADSL rates and availability in the United States, go to Broadband Reports. This site can provide information on ADSL service companies in your area, the rates they charge, and customer satisfaction, as well as estimating how far you are from the nearest central office.
ADSL isn't the only type of DSL, and it's not the only way to get high-speed Internet access. Next, we'll look at ADSL alternatives.
62
Alternatives to ADSL
There are lots of variations in DSL technology -- many of them address DSL's distance limitations in one way or another. Other types of DSL include:
Very high bit-rate DSL (VDSL) - This is a fast connection, but works only over a short distance. It is capable of handling Internet access, HDTV and on-demand services at rates of 52 Mbps downstream and 12 Mbps upstream.
Symmetric DSL (SDSL) - This connection, used mainly by small businesses, doesn't allow you to use the phone at the same time, but the speed of receiving and sending data is the same.
Rate-adaptive DSL (RADSL) - This is a variation of ADSL, but the modem can adjust the speed of the connection depending on the length and quality of the line.
ISDN DSL (IDSL) - This is a combination of the Integrated Services Digital Network (ISDN) and DSL technology. ISDN was the solution to dial-up Internet -- it allowed voice, text graphics, video and other data to share one telephone line. This made it possible to talk on the phone and use the Internet at the same time. IDSL is faster than ISDN connections but slower than DSL. It can travel a longer distance of 5 to 6 miles, so it is usually a good option for people who can't get DSL in their area.
Universal DLS (Uni-DSL) - This emerging technology, developed by Texas Instruments, is backwards compatible with all existing versions of DSL. It offers somewhat of a middle ground between ASDL and VDSL -- at longer distances, it can reach the speeds of ASDL, but it can provide greater speeds than VDSL at shorter distances. In some locations, Uni-DSL can provide four times the amount of speed as VDSL.
Alternatives to DSL
With DSL's distance limitation and lower availability, what are some other options? There are two major alternatives to DSL -- cable and wireless.
Cable and DSL are the two big rivals in the world of broadband. Cable isn't limited by distance like DSL -- cable wires reach most neighborhoods, and signal strengths don't weaken over long distances. While DSL allows you to use the telephone and Internet simultaneously, cable lets users watch television and surf the Internet at the same time. Many cable companies are also beginning to bundle services with cable TV, Internet and digital telephone on one bill. Although cable and DSL speeds are about the same, the one disadvantage with cable is bandwidth -- connection speeds can slow down if too many people are using a cable service at the same time.
A new technology, known as WiMax or 802.16, looks to combine the benefits of broadband and wireless. WiMax will provide high-speed wireless Internet over very long distances and will most likely provide access to large areas such as cities. WiMax technology will be available in most American cities in 2008
63