Computer Networks and Security

(1)

Computer Networks and Security

Link Layer (06)

Dr. Tanir Ozcelebi

(2)

Guiding questions

• What are the principles of link layer services and protocols?

• How can we detect errors at the link level?

• How to control access to the link?

• How can we translate between network and link addresses?

• What are the roles and working principles of hubs and switches?

(3)

Position of the link layer

Data-link layer is responsible for transferring a packet from one node to adjacent node over a single link.

(4)

Nodes communicating over a single link

• sending side:

• encapsulates datagram in a frame

• adds error checking bits, rdt, flow control, etc.

• receiving side

• looks for errors, rdt, flow control, etc.

• extracts datagram, passes to upper layer at receiving side

controller controller

sending host receiving host

datagram datagram

datagram

frame

(5)

Link layer services

There can be various links, protocols on the e2e path, e.g., Ethernet on first link, frame relay on intermediate links, 802.11 on the last link. Its services are:

• framing, link access

• encapsulate datagram into frame, adding header, trailer

• use “MAC” addresses in frame headers to identify source, destination on a link

− different from IP address!

• gain channel access (for shared medium)

• reliable delivery between adjacent nodes

− Q: Why do we need both link-level and end-to-end reliability?

• reliable service rarely used on links with low bit-error rate (e.g. wired)

• wireless links: high error rates

(6)

Link layer services (more)

• error detection:

• the receiver detects errors

− Option 1: signals sender for retransmission

− Option 2: drops frame

• errors can be due to signal attenuation, noise.

• error correction:

• receiver identifies and corrects bit error(s), avoiding retransmission

• full-duplex and half-duplex

• full-duplex: nodes at both ends of link can transmit simultaneously

• half-duplex: nodes at both ends of link can transmit in turns

• flow control:

• pacing between adjacent sending and receiving nodes

(7)

MAC addresses and ARP - 2 address types:

• IP address:

• network-layer address

• used to get datagram to destination IP subnet

• MAC (or LAN or physical or Ethernet) address:

• function: get frame from one interface to another physically-connected interface (in the same subnet)

• 48 bit MAC address (for most LANs)

− Manufacturer burns it in NIC ROM, also sometimes software settable

− hexadecimal notation

Analogy:

• MAC address is like the Social Security Number

• IP address is like postal address (can change)

(8)

MAC addresses and ARP

Each adapter on LAN has a unique (!) LAN address

Broadcast address = FF-FF-FF-FF-FF-FF

= adapter

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0

0C-C4-11-6F-E3-98 71-65-F7-2B-08-53

(wired orLAN wireless)

(9)

MAC address (more)

• MAC address allocation administered by IEEE

• manufacturer buys portion of MAC address space

• portable and unique

• can move LAN card from one LAN to another

• Note that the IP hierarchical address is NOT portable

− address depends on IP subnet to which node is attached

(10)

ARP:

Address Resolution Protocol

• Each IP node (host, router) on LAN has ARP table

• ARP table has IP/MAC

address mappings for some LAN nodes

< IP address; MAC address; TTL>

• TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min)

Question: how to determine MAC address of a node

if we know its IP address?

1A-2F-BB-76-09-AD

58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98

71-65-F7-2B-08-53

LAN

137.196.7.23

137.196.7.78

137.196.7.14

137.196.7.88

(11)

ARP protocol:

Routing in the same subnet

• A wants to send datagram to B, and B’s MAC address not in A’s ARP table.

• A broadcasts ARP query packet, containing B's IP address

• dest MAC address = FF-FF-FF-FF-FF-FF

• all machines on LAN receive ARP query

• B receives ARP packet, replies to A with its (B's) MAC address

• frame sent to A’s MAC address (unicast)

• A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out)

• soft state: information that times out (goes away) unless refreshed

• ARP is “plug-and-play”:

• nodes create their ARP tables without intervention from net administrator

(12)

Addressing:

Routing to another subnet

R

1A-23-F9-CD-06-9B

222.222.222.220 111.111.111.110

E6-E9-00-17-BB-4B

CC-49-DE-D0-AB-7D 111.111.111.112

111.111.111.111

A

74-29-9C-E8-FF-55

222.222.222.221 88-B2-2F-54-1A-0F

222.222.222.222

B

49-BD-D2-C7-56-2A

HOW TO: send datagram from A to B via R assume A knows B’s IP address

• 2 ARP tables in router R, one for each IP network (LAN)

(13)

1A-23-F9-CD-06-9B E6-E9-00-17-BB-4B

111.111.111.112 111.111.111.111

A

74-29-9C-E8-FF-55

222.222.222.221 88-B2-2F-54-1A-0F

B

222.222.222.222

49-BD-D2-C7-56-2A 222.

222.

220 111.

R

111.

110

• A creates IP datagram with source A, destination B

• A uses ARP to get R’s MAC address for 111.111.111.110

• A creates link-layer frame with R's MAC address as dest, frame contains A-to-B IP datagram

• A’s NIC sends frame

• R’s (left) NIC receives frame

• R extracts IP datagram from Ethernet frame, sees its destined to B

• R uses ARP to get B’s MAC address

• R creates frame containing A-to-B IP datagram sends to B Important!!!

Make sure you understand.

(14)

Link layer error detection

• Error detection not 100% reliable!

• protocol may miss some errors, but rarely

• larger EDC field yields better detection and correction, but causes more overhead.

EDC = Error Detection and Correction bits (redundancy)

D = Data protected by error checking (may include link layer headers)

(15)

Parity checking

Single Bit Parity:

Detect single bit errors

Two Dimensional Bit Parity:

Detect and correct single bit errors

1 Even parity check:

Odd parity check:

0 0

(16)

Link layer checksum:

Cyclic Redundancy Check

• widely used in practice (Ethernet, IEEE 802.11 WiFi, ATM)

• view data bits D as a binary number, add r bits of redundancy R (CRC)

• use an r+1 bit pattern (generator), G

• goal: choose r CRC bits, R, such that

• <D,R> is exactly divisible by G (modulo 2)

• receiver knows G, divides <D,R> by G.

• if non-zero remainder: error detected!

• can detect all burst errors less than r+1 bits

<D,R> =

(17)

CRC example:

D=101110, G=1001

Use: modulo-2 arithmetic without carries in addition and borrows in subtraction Want: D^.2^r XOR R = nG

Equivalently: D^.2^r = nG XOR R

Equivalently: R = remainder[ ]D^.2^r G XOR vs binary sum & subtraction (1 XOR 0) = (0 XOR 1) = 1

(1 – 0) = (0 – 1) = (0 + 1) = 1 0 XOR 0 = 1 XOR 1 = 0

0 + 0 = 1 + 1 = 0

(18)

Multiple access links and protocols

Two types of “links”:

• point-to-point

• Point-to-Point Protocol (PPP) for dial-up access

• point-to-point link between Ethernet switch and host

• broadcast (shared wire or medium)

• old-fashioned Ethernet

• upstream HFC (Hybrid Fiber-Coaxial)

• 802.11 wireless LAN

shared wire (e.g.,

cabled Ethernet) shared RF

(e.g., 802.11 WiFi) shared RF (satellite)

humans at a cocktail party (shared air, acoustical)

(19)

Multiple access protocols

• single shared broadcast channel

• two or more simultaneous transmissions: signal interference

• collision if node receives two or more signals at the same time

Multiple Access Protocol

• distributed algorithm that determines how nodes share channel,

• i.e. determine when a node can transmit

• communication about channel sharing must use the channel itself!

• no out-of-band channel for coordination

(20)

Ideal multiple access protocol

Broadcast channel of rate R bps

1. when one node wants to transmit, it can send at a rate of R.

2. when M nodes want to transmit, each can send at average rate R/M 3. coordination of transmissions is fully decentralized:

• no special node to coordinate transmissions

• no synchronization of clocks, slots 4. simple

(21)

MAC protocols: a taxonomy

Three broad classes:

• Channel Partitioning (physical partitioning)

• divide channel into smaller “pieces” (time slots, frequency, code)

• algorithm: allocate piece to node for exclusive use (no collisions)

• Random Access

• channel is not divided,

• algorithm: collisions allowed, “recover” from collisions

• Controlled Access: “Taking Turns”

• algorithm: nodes take turns, but nodes with more to send can take longer turns

(22)

MAC protocols: a taxonomy

• Random Access

(23)

Channel partitioning MAC protocols: TDMA

TDMA: time division multiple access

• access to channel in "rounds"

• each station gets fixed length slot (length = pkt trans time) in each round (fair)

• unused slots go idle

• example: 6-station LAN, 1,3,4 have pkt, slots 2,5,6 idle

1 3 4 1 3 4

6-slot round

(24)

Channel partitioning MAC protocols: FDMA

FDMA: frequency division multiple access

• channel spectrum divided into frequency bands

• each station assigned fixed frequency band

• unused frequency bands go idle

• example: 6-station LAN, 1,3,4 have pkt, frequency bands 2,5,6 idle

frequency bands time

FDM cable

1 2 3 4 5 6

(25)

Channel partitioning MAC protocols: CDMA

CDMA: code division multiple access

• assigns a different code to each node

• each code orthogonal to every other code

• i.e. multiply and take the integral of any two different codes and you will find zero.

• all nodes can broadcast at the same time

• receivers will know how to distinguish

Example: 4 mutually orthogonal digital codes

(26)

Example: CDMA encoding

Data (bits)

Code

Signal in channel (Volts)

Total signal in channel (Volts)

Sender1 Sender2

1 0 0

Signal (Volts)

1 0 1

(27)

Example: CDMA decoding (receiver 1)

Code 1

Total signal in channel (Volts)

Signal 1 (Volts)

1 0 0

(28)

MAC protocols: a taxonomy

• Random Access

(29)

Random access protocols

• When node has packet to send

• transmit at full channel data rate R.

• with no a priori coordination among nodes = random access

• Collision: two or more transmitting nodes are simultaneously heard.

• MAC protocol specifies:

• how to detect collisions

• how to recover from collisions (e.g., via delayed retransmissions)

• Example protocols:

• (slotted) ALOHA à University of Hawaii, ALOHAnet

• CSMA, CSMA/CD, CSMA/CA

(30)

CSMA

(Carrier Sense Multiple Access)

CSMA: listen before transmitting

• If channel is sensed idle: transmit entire frame

• If channel is sensed busy: defer transmission

• Human analogy:

• do not interrupt others when they are speaking.

CSMA/CD: CSMA with Collision Detection CSMA/CA: CSMA with Collision Avoidance

(31)

CSMA collisions

collisions can still occur

• due to distance and propagation delay

– two nodes (initially) may not hear each other’s

transmissions

in case of collision

• entire packet transmission time wasted

spatial layout of nodes

(32)

CSMA/CD (Collision Detection)

• CSMA with Collision Detection:

• carrier sensing, deferral as in CSMA

• plus: collisions detected in short time

• plus: colliding transmissions aborted, reducing channel wastage

• Collision detection in wired/wireless:

• easy in wired LANs: measure signal strengths, compare transmitted, received signals

• difficult in wireless LANs: received signal strength overwhelmed by local transmission strength

• Human analogy:

• a polite conversationalist.

(33)

Wireless link characteristics

Differences from wired link ….

• decreased signal strength: radio signal attenuates as it propagates (path loss)

• interference from other sources: sources transmitting at the same freq band will interfere (e.g., ~2.4 GHz shared by home appliances – wireless phones, WiFi, microwave etc)

• multipath propagation: radio signal reflects off objects, arriving at destination at different times

Result: more bit errors and packet losses.

(34)

Wireless link characteristics

Multiple wireless senders and receivers create additional problems (compared to wired multiple access):

A B

C

Hidden terminal problem (due to obstacles, attenuation)

• B hears A, B also hears C.

• The problem is: A and C can not hear each other interfering at B.

à radio signals collide at B!

A B C

A’s signal strength

space

C’s signal strength

(35)

IEEE 802.11: multiple access

• CSMA with no collision detection!

• difficult to receive (sense collisions) when transmitting due to weak received signals

• can’t sense all collisions in any case: hidden terminal, fading

• Goal: avoid collisions à CSMA/C(ollision)A(voidance)

A B

C A B C

A’s signal strength

space

C’s signal strength

(36)

IEEE 802.11 MAC protocol:

CSMA/CA

802.11 sender

1 if channel sensed idle for Distributed Inter-frame Space (DIFS), transmit entire frame (no CD) 2 if channel sensed busy then

start random back-off time

timer counts down only when the channel is idle transmit when timer expires

if no ACK, increase random backoff interval, repeat 2

802.11 receiver - if frame received OK

return ACK after Short Inter-frame Space - SIFS (ACK needed due to hidden terminal problem)

sender receiver

DIFS

data

SIFS

ACK

(37)

Avoiding collisions (more)

Dealing with hidden terminals

Allow sender to “reserve” channel rather than random access of data frames:

• Goal: avoid collisions of long data frames

• sender first transmits small request-to-send (RTS) packets to AP using CSMA

• RTS packets may still collide with each other (but they’re short)

• AP broadcasts clear-to-send (CTS) in response to RTS

• CTS heard by all nodes

• sender transmits data frame

• other stations defer transmissions

avoid long data frame collisions completely using short reservation packets (in exchange for increased delay)!

(38)

Collision Avoidance:

RTS-CTS exchange

A AP B

time

RTS(A) RTS(B)

RTS(A)

CTS(A) ^CTS(A)

DATA (A)

ACK(A) ^ACK(A)

reservation collision

defer access

(39)

MAC protocols: a taxonomy

• Random Access

(40)

“Taking Turns” access protocols

Polling:

• master node “invites”

slave nodes to transmit in turns

• typically used with

“dumb” slave devices

• disadvantage:

• polling overhead

• latency

• single point of failure (master)

master

slaves

poll

data

(41)

“Taking Turns” access protocols

Token passing:

• control token message passed from one node to next sequentially.

• disadvantage:

• token overhead

• latency

• single point of failure (token)

T

data (nothing

to send) T

(42)

Summary of access protocols

• channel partitioning

• Time Division, Frequency Division, Code Division

• random access: do not partition channel, allow collision

• ALOHA, S-ALOHA, CSMA, CSMA/CD, CSMA/CA

• carrier sensing: easy in wired, hard in wireless

• CSMA/CD used in Ethernet (collision detection)

• CSMA/CA used in 802.11 (collision avoidance)

• taking turns: take channel turn only when data needs to be sent

• polling from central site, token passing

• e.g. Bluetooth, FDDI, IBM Token Ring

(43)

Ethernet

“dominant” wired LAN technology:

• first widely used LAN technology

• network interface cards (NIC) cheap

• simpler, cheaper than token LANs and ATM

• kept up with speed race: 100 Gigabit Ethernet (IEEE 802.3ba)

Metcalfe’s Ethernet sketch

(44)

Topology

• bus topology popular through mid 90s

• all nodes in same collision domain (can collide with each other)

• now it’s more dominant in embedded networks

• today: star topology prevails

• active hub or switch in center

• with switch: transmissions do not collide

switch

bus: coaxial cable star

(45)

Ethernet frame structure

Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet frame

Preamble (8 bytes):

• 7 bytes with pattern 10101010 followed by one byte with pattern 10101011

• used to synchronize receiver, sender

(46)

Ethernet frame structure (more)

• Addresses (6 bytes each):

• if adapter receives frame with matching destination address, or with broadcast address (e.g. ARP packet), it passes data in frame to network layer protocol

• otherwise, adapter discards frame

• Type (2 bytes):

• indicates higher layer protocol (mostly IP but others possible, e.g., Novell IPX, AppleTalk)

• CRC (4 bytes):

• checked at receiver, if error is detected, frame is dropped

(47)

Ethernet:

Unreliable, connectionless

• Connectionless:

• no handshaking between sending and receiving NICs

• Unreliable:

• Receiving NIC doesn’t send ACKs or NACKs to sender

• Stream of datagrams passed to network layer can have gaps (missing datagrams)

• Gaps will be filled if app is using TCP. Otherwise, app will see gaps

• Ethernet’s MAC protocol: unslotted CSMA/CD

(48)

Ethernet CSMA/CD algorithm

1. NIC receives datagram from network layer, creates

frame

2. If NIC senses channel idle, starts frame transmission. If NIC senses channel busy, waits until channel

becomes idle.

3. If NIC transmits entire frame without detecting another transmission, NIC is done with the frame!

4. If NIC detects another

transmission while transmitting, aborts and sends a jam signal (48 bits) and makes sure that all transmitters are aware of collision.

5. After aborting, NIC enters exponential backoff:

after the m^th collision, NIC waits for K·512 bit times, and returns to Step 2.

K chosen randomly from the set:

{0,1,2,…,2^m-1}

(49)

Ethernet’s CSMA/CD (more)

Exponential Backoff:

• Goal: adapt retransmission attempts to estimated current load

• heavy load:

allow random wait to be longer

• first collision: choose K from {0,1};

delay is K· 512 bit transmission times

• after second collision: choose K from {0,1,2,3}…

• after ten or more collisions: choose K from {0,1,2,3,4,…,1023}

• Max K value: 2¹⁰-1

Bit time & wait time:

Bit time = 1 / bitrate

= 0.1 microsec for 10 Mbps Ethernet.

Then for K=1023 wait time is about 50 msec.

(50)

Hubs and switches

Hub: physical-layer (“dumb”) repeater

• bits coming in a link go out to all other links at the same rate

• all nodes connected to hub can collide with one another

• no frame buffering nor examining

• no CSMA/CD at hub: host NICs detect collisions

twisted pair

hub

(51)

Switches

• smarter than hubs, takes active role

• stores, forwards Ethernet frames

− Ethernet protocol used on each link

• examines incoming frame’s dest MAC address,

selectively forwards frame to one-or-more outgoing links

• uses CSMA/CD to access segment

• transparent

• hosts are unaware of presence of switches

• plug-and-play, self-learning

• switches do not need to be configured

(52)

Switch: allows multiple

simultaneous transmissions

• hosts have dedicated, direct connection to switch

• switch buffers packets

• no Ethernet collisions; full duplex

• each link has its own collision domain

• Switching A-to-A’ and B-to-B’

simultaneously is possible, without collisions

− not possible with a hub

A

A’

B

B’

C C’

switch with six interfaces (1,2,3,4,5,6)

1 2 3 5 4

6

(53)

Switch table

• Q: How does switch know that A’ is reachable via interface 4, B’ is

reachable via interface 5?

• A: Each switch has a switch table,

• entries: MAC address of host,

interface to reach host, time stamp

− like a routing table!

• Q: how are entries created, maintained in switch table?

A

A’

B

B’

C C’

switch with six interfaces (1,2,3,4,5,6)

1 2 3 5 4

6

(54)

Switch: self-learning

• Switch learns which hosts can be reached through which

interfaces when frames are received.

• location of sender:

incoming LAN segment

• It records sender/location pair in switch table

A

A’

B

B’

C C’

1 2 3 5 4

6

A A’

Source: A Dest: A’

MAC addr interface TTL

Switch table (initially empty)

A 1 60

(55)

Switch:

frame filtering/forwarding

When frame received:

1. record link associated with sending host 2. index switch table using MAC dest address 3. if an entry is found for destination

{

if dest on segment from which frame arrived {drop the frame}

else forward the frame on interface indicated }

else flood

forward on all interfaces but the one on which the frame arrived

(56)

Self-learning, forwarding:

example

A

A’

B

B’

C C’

1 2 3 5 4

6

A A’

Source: A Dest: A’

Switch table (initially empty)

A 1 60

A A’

• If frame destination is unknown:

flood

A’ A

• If destination location is known:

A’ 4 60

selective send

(57)

Interconnecting switches

• Switches can be connected together

A B

Q: Sending from A to G: How does S₁ know to forward frame destined to G via S₄ and S₃?

A: self learning! (works exactly same as in single-switch case!) S₁

C D

E S₂ F

S₄

S₃

H

I G

(58)

Example:

Self-learning multi-switch

Suppose C sends frame to I, I responds to C

A B

S₁

C D

E S2 F

S₄

S₃

H

I G

Show switch tables and packet forwarding in S₁, S₂, S₃, S₄.

(59)

Self-learning multi-switch example

A B

S₁

C D

E S₂ F

S4

S₃

H

I G

MAC addr interface TTL MAC addr interface TTL MAC addr interface TTL

C 0 60

C 3 60

S1 S₃

C I C I C I C I

C IC I C I C I

C I C IC IC I

1

1 1 2

2

2 3 2

3

0 0 0

(60)

Self-learning multi-switch example (reply)

A B

S₁

C D

E S2 F

S₃

H

I G

C 0 60

C 1 60

C 0 60

I 3 60

C 3 60

I 0 60

S1

S

S₃ I C

I C

1 I C

1

1 1 2

2

2 3 2

3

0 0 0

S4

(61)

Institutional network

to external network

router

IP subnet

mail server

web server

(62)

Switches vs. routers

• both store-and-forward devices

• routers: network layer

• switches: link layer

• routers maintain routing tables, implement routing algorithms

• switches maintain switch tables, implement filtering, learning

(Switch)

(63)

Guiding questions

• What are the principles of link layer services and protocols?

• Role: transferring a packet over a single link.

• How can we detect errors at the link level?

• How to control access to the link?

• MAC protocols aim to utilize the channel optimally and fairly.

• How can we translate between network and link addresses?

• ARP

• What are the roles and working principles of hubs and switches?