Create beautiful school newsletters, updates, and announcements. Smore makes it easy to stay connected. But don’t just take it from us. All the way along this hop, by hop, by hop process, the MAC addresses, they do change. There’s our packet moving. It stops the source MAC address as it stops right there, because it’s going to the right, is that interface. The destination MAC address is that one. If it moves again now the source MAC is here and the Destination MAC is here.
Home > Articles > Software Development & Management
␡
How Do Packets Get Around?
< BackPage 4 of 9Next >
How Do Packets Get Around?
Up to this point, you have seen how to classify networks; you know that networks have an architectural type, topology, and protocols; and you know that networks are built to share information and resources. You also know that information is split into packets before being shared. This brings us to the next logical question: How do packets get from point A to point B?
To tackle this question, this section looks at two different examples:
A packet destined for a system on the same local network
A packet destined for a remote system on a different network
Before proceeding with these two delivery examples, let's take a minute to talk about the two most common protocols governing packet delivery: TCP and UDP.
TCP Versus UDP
The Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are protocols that run on top of the IP network protocol. Each has its advantages, but the key difference between the two protocols is the method of packet delivery and the guarantee of reliability and transmission.
UDP is a connectionless protocol that has very few error recovery services and no real guarantee of packet delivery. UDP is very much a 'fire and forget' protocol: You place packets on the network and hope they get there. For this reason, UDP is commonly used for network services that are not greatly affected by the occasional dropped or lost packet, such as network time requests and responses to name queries. In reality, the overall reliability of networks and data transmission makes UDP a good choice for many streaming network services. Because UDP is rather efficient, requiring no overhead for guaranteed delivery, it is becoming more popular with network application designers.
TCP is a connection-oriented protocol and is designed to allow two hosts to establish a reliable connection and exchange data. Contrary to UDP, TCP guarantees that packets will be delivered and processed in the same order in which they were sent. This guaranteed delivery is extremely important for many network applications, including such popular services as HTTP, FTP, and Telnet. To accomplish this, TCP uses a three-way handshake to establish connections:
The originating host (usually called the client) sends a SYN (synchronize) packet to the destination host (usually called the server). The SYN packet tells the server what port the client wants to connect to and the initial packet sequence number of the client.
The server sends a SYN/ACK packet back to the client. This SYN/ACK (synchronize/acknowledge) tells the client 'I received your request' and also contains the server's initial packet sequence number.
The client responds to the server with an ACK packet to complete the connection establishment process.
Figure 3.6 provides a graphical representation of the three-way handshake.
Figure 3.6 The TCP three-way handshake.
Local Packet Delivery
Now that you're familiar with the two main methods of packet transmission, assume you want to send a packet from your workstation to another workstation on the same Ethernet segment. The first step is fairly simple: you need to know the address of the remote workstation. From the discussion of IP packets, you know that the remote workstation's address is a 32-bit binary number. Since most people don't routinely remember 32-bit binary numbers, most applications let you use a dotted decimal representation of the destination address (in this case, assume your destination address is 10.10.10.101). Unfortunately, the IP address alone will not ensure your packet is received at the remote workstation. You have to find out the remote workstation's hardware address, the Media Access Control (MAC) address. MAC addresses are used to uniquely identify each node on the network and are usually hardwired into the physical network device, such as a network interface card (NIC), used to interface with the network media. In fact, at the lower layers of the Ethernet protocol, IP addresses are not even used. All network addresses are translated into MAC addresses.
To find a remote workstation's MAC address, the Address Resolution Protocol (ARP) is used. Basically, this is the computer's way of calling out, 'Who owns the tan minivan in the parking lot? (You have your lights on.)' Your workstation sends out an ARP request to find out, 'Who is 10.10.10.101?' Every node on the network will examine the packet, but only the workstation with the IP address of 10.10.10.101 will respond. It will send back an ARP reply to tell your workstation, 'I'm 10.10.10.101 and here's my MAC address.' Your workstation will then format the packet for delivery and drop it on the network media, stamped with the MAC address of the destination workstation. Ultimately, it is the MAC address that causes your packet to be received by the destination workstation.
Remote Packet Delivery
Local packet delivery is really not that difficult, but what if you want to exchange information with a remote system halfway around the world on a totally separate network? To illustrate, let's use a favorite pastime of most office workers: Web surfing. To get information, such as a Web request, to a remote server, you still need to know the remote system's IP address. In most cases you won't know the IP address of your favorite Web site, but you do know what the Web site is called. When you enter the name of your favorite Web site into your browser and hit Enter, the computer has to figure out where that Web site is and ultimately, that Web site's IP address. To accomplish this, your computer will use the domain name service (DNS).
DNS is basically a mechanism to translate names into IP addresses. Your computer will send a DNS query to a local DNS server (a machine whose main purpose is to respond to DNS queries) to find out, 'What's the IP address of this Web site?' The DNS server will then check its local records to see if it knows the IP address of the Web site. If it does, it will send a DNS reply to your system with the Web site's IP address. If it does not know the correct IP address for that Web site, it will query another, higher-level domain server, and so on until the correct IP address is returned.
When your computer gets back the correct IP address, it will look at the IP address to determine whether the remote system is on the same network. In most cases, the remote system is on another network that your workstation will not know how to reach. Your workstation will then create a packet, stamp it with the destination IP address, and forward the packet to the network gateway.
In many cases this gateway is a router. Routers are devices used to interconnect networks. Their job is to figure out how to move packets from one network to another. To accomplish this task, routers use forwarding tables to determine where a packet should go. When a packet reaches a router, it will look at the destination address to determine where to send the packet. If the router's forwarding tables know where the packet should go, the router will send the packet out along the appropriate route. If the router does not know where the destination network is, it will forward the packet to its defined gateway, which will repeat the same process. Eventually, after traversing various networks and being passed through various routers, the packet will come to the router serving the network with the Web site you are trying to reach. This router will determine the appropriate MAC address of the destination system and forward the packet accordingly.
For the average user, this entire process is completely transparent. The United States Postal Service serves as a good analogy. When you mail a letter, you put the appropriate address (including ZIP code) and a stamp on the letter before you drop it in a mailbox. The internal workings of the Postal Service takes care of the rest and the letter is delivered, usually without any further involvement on the part of the sender.
Subnetting
The remote packet delivery example is oversimplified, but you see how important IP addresses are to the packet delivery process. Let's take a minute to examine how an IP address is built. IP addresses really consist of two sections: the network section (prefix) and the host section. The network section of the IP address is usually referred to as the subnet, and the process of dividing IP addresses into networks is called subnetting.
Look at the sample IP address from the local packet delivery example: 10.10.10.101. To determine how to split this address into the network and host portions you need to know the subnet mask. A subnet mask basically tells you how much of the IP address to consider the network portion and how much to consider the host potion. In practice, to determine the subnet this address belongs to, you perform a bitwise AND operation on the mask and the IP address. Here's an example:
Subnet Mask: 255.255.255.0
IP Address: 10.10.10.101
First you must convert the address and subnet mask to their binary representations:
Subnet Mask: 11111111.11111111.11111111.00000000
IP Address: 00001010. 00001010. 00001010.01100101
Then, by performing the bitwise AND you get the subnet address. The bitwise AND operation examines each set of matching bits from the binary representation of the subnet mask and the IP address. For each set where both the mask and address bits are 1, the result is a 1. Otherwise, if either bit is a 0, the result is a 0. So for this example you get:
Which in decimal is 10.10.10.0, the subnet address of the IP address.
The subnet address and mask both tell you that the first three parts of the address are network related, which means that the last part of the address is the host portion. In this example, the network portion of the address is 10.10.10 and the host portion is 101. Please bear in mind that this is a very simple example; subnets can get fairly complicated.
Subnets are usually divided in one of three classes:
Class A addresses, supporting 16 million hosts on each of 27 networks
Subnets: 0.0.0.0 to 127.255.255.255
Class B addresses, supporting 65,000 hosts on each of 16,000 networks
Subnets: 128.0.0.0 to 191.255.255.255
Class C addresses, supporting 254 hosts on each of 2,000,000 networks
Subnets: 192.0.0.0 to 223.255.255.255
Everything above 224.0.0.0 is reserved for either multicasting or future use.
In addition, certain subnets are reserved for private use and are not routed across public networks:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Finally, when determining the valid hosts that can be placed on a particular subnet, you have to keep in mind that the 'all 0s' address of the host portion is reserved for the network address and the 'all 1s' address of the host portion is reserved for the broadcast address of that particular subnet. Again from the earlier example:
Subnet Address: 10.10.10.0
00001010. 00001010. 00001010.00000000
Broadcast Address: 10.10.10.255
00001010. 00001010. 00001010.11111111
In their forwarding tables, routers maintain lists of networks and the accompanying subnet mask. With these two pieces, the router can examine the destination address of each packet and then forward the packet on to the appropriate destination.
Assigning IP Addresses
There are two basic ways to assign an IP address to a specific device, such as a PC or server: the static method or Dynamic Host Configuration Protocol (DHCP). When you use the static method, you assign a specific IP address to a specific system. For example, 10.10.10.2 belongs to Jane's Linux workstation. No other system on that subnet can use that address; it belongs to Jane's system whether she is active on the network or not.
The second main method is DHCP, which is a dynamic addressing scheme that allows administrators to allocate IP addresses on a first come, first served basis. When a device configured to use DHCP (the client) tries to connect to the network, it will query for a DHCP server. The DHCP server will then provide the client with an IP address from a range of addresses allocated for DHCP use. These addresses cannot be used for any other purpose. Note that DHCP is an 'as available' protocol. If the server runs out of IP addresses, the next requesting client will not get an IP address and will be unable to connect to the network.
Another key feature of DHCP is the ability to limit the amount of time the client can use a particular IP address. When the DHCP server grants the client an IP address, it can also specify how long the client can use that particular IP address (sometimes called a DHCP lease). At the end of that lease period, the client must ask the DHCP server if it can continue using the same IP address or must attempt to obtain a new one.
DHCP can also make configuring individual network stations easier by specifying the default name server and gateway at the same time an IP address is assigned. There is little or no interaction on the part of the individual user. This lack of user involvement makes DHCP a very popular choice for large corporate networks and Internet service providers (ISPs). Most ISPs, whether they are dial-up or broadband, use DHCP to configure user connections.
Routing
The overall process of delivering a packet from point A to point B is usually referred to as routing, and the devices primarily responsible for accomplishing this task are usually called routers. Essentially, it is a router's job to know where the packet needs to go next. You already know that routers use forwarding or routing tables to determine where to send a particular packet based on destination address. But how do routers build their routing tables?
There are a number of different ways to build routing tables, and different routing protocols have been developed to assist in the creation and maintenance of routing tables. Some of the more common protocols include
Static—Routing entries are entered once and are not updated again. Static routes are often used to define the last resort next hop. If you don't know what else to do with a packet, send it here. In some ways, static routes are more secure than other routing protocols because there is less danger of a malicious individual attempting to reroute your network traffic by manipulating your routing tables.
Routing Information Protocol (RIP)—Entire routing tables are shared between routers on a periodic basis. This is a rather inefficient and insecure way of sharing routing information.
Open Shortest Path First (OSPF)—The shortest and most efficient route to reach a particular destination is calculated based upon the path that must be traversed, the state of the links that must be followed, and the nodes the traffic must pass through. Although efficient in traffic delivery, this method requires a great deal of overhead.
Border Gateway Protocol (BGP)—Peer routers called neighbors exchange routing information between autonomous systems. Although initially entire routing tables are exchanged, following exchanges are limited to updates and keep alive messages only. BGP is designed to ensure a loop-free route to the destination network.
Related Resources
There are currently no related titles. Please check back later.
This post is from our Cisco CCNA Training Course.
Instructor Mark Jacob was presenting a Q&A Session in our ICND1 CCNA class and answered a question regarding MAC Addresses and when they get associated to devices.
Transcription:
What issues arise if there are duplicate MAC addresses?
MAC addresses are important. Let’s say I’m a PC and I have another PC next to me that is in the same network that I’m in and I want to communicate with it. Let’s go back to the old standby “PING”. I want to ping that device. That means in order for me to ping that device, I have to determine that device’s MAC address.
How do I do that? I use the ARP process. I say, “Who’s the IP address that has this MAC address?” They reply back to me, and all is well.
However, what if the MAC address that that other endpoint has is exactly the same as mine?
I’m going to have a problem in the fact that I feel like I’m talking to myself.
I have a topology here if I can bring it live ‑‑ let’s say that I have two IP endpoints and you’ll notice that they are both plugged in to a switch.
It turns out if one of these computers try’s to perform an ARP process to determine the MAC address of the far side, that machine will answer. But we have an intervening network device here. It’s a Layer 2 Switch.
The Layer 2 switch passively learns MAC addresses by listening. It will have learned the MAC addresses of these two endpoints. If by some chance both of these machines claim to have duplicate MAC addresses, the switch will not know what to do with that traffic.
In fact, if I added a router to this picture. Let’s say these two people were users, and they were working for a company, and needed to browse for the Internet, as soon as both machines were live and claiming to have the same MAC address, they would have an issue.
That’s if they’re on the same network. That’s the real extent of a MAC address is, it only really matters within the same network.
How far reaching is the MAC address? That is, when does it cease to have network meaning?
If the PC on the left in this picture is in a different network, or let’s say VLAN, from the PC on the right, it’s not as consequential, although the real problem here is they’re on the same switch. That is the extent of the network.
If I have a router connected to a router connected to a router and so on…
And if there’s a packet flying through this network.
This packet is flying through the network. These are like hops. That’s the actual word for it, but I imagine it like stones as you’re walking across a stream.
Make sure you step on the stones. I can only step as far as to the next stone.
Similarly with a MAC address, this interface here has a MAC address on it. This interface has a MAC address on it.
You can imagine, in fact let’s give a source here, here’s somebody in their house trying to browse Google.
It turns out that whoever’s sitting here in their little house, and they’re typing Google.com, they go to their edge device, then it starts the path across to Google.
It turns out if you follow this, the source of this information (SIP) is that guy in his house. The Destination IP (DIP) is always Google. That never changes. All the way along this hop, by hop, by hop process, the MAC addresses, they do change.
There’s our packet moving. It stops the source MAC address as it stops right there, because it’s going to the right, is that interface.
The destination MAC address is that one. If it moves again now the source MAC is here and the Destination MAC is here.
Bottom line answer, how far reaching is a MAC address, is it only matters at Layer 2. You can ask it this way, “Does the Google server have a MAC address?” Sure. Will the guy sitting here in this house ever learn the MAC address of Google’s server? No, neither does he care. It’s some Layer 2 area that he’s not connected to, so it’s inconsequential to him.
How Many MAC Addresses can be learned by a Switch?
Quick answer is, that depends on how much money you spent when you bought the thing, because higher‑end switches can support more and learn more MAC addresses.
I have a live piece of equipment here, Switch 1.
Let’s do the Show MAC Address‑Table, count, [sh mac-address-table count]
It says the maximum number of MAC addresses that it can learn is 8,192 MAC addresses.
Again, depending on whatever hardware you’re using, that number could go up, could go down, but that’s hardware dependent. There’s no set number that a switch has to be able to support.
The idea there is ‑‑ and in fact, I do demonstrations like this when I do a live class ‑‑ is if you overrun or exceed the ability of the switch to learn more MAC addresses, you essentially turn it into a hub. Take a nice expensive switch and tell it, “Hey, just send everything out of every port.” which can be a security risk.
Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ
Contact Important Infomrs. Mac's Classes Nyc
You May Also Like
Contact Important Infomrs. Mac's Classes Near Me
CategoryCiscoTags
Contact Important Infomrs. Mac's Classes 2020
ARP, Destination IP, Destination MAC, DIP, Duplicate MAC Addresses, Layer 2 Switch, MAC Addresses, Show MAC Address Table, topology, VLAN