The Data-Link Layer

application

Provides a service to the network layer Deals with individual links connecting individual hosts

transport network link physical

The Data-Link Layer

Hosts/routers = nodes Communication channels that connect adjacent nodes along communication path = links wired links, wireless links Layer-2 packet = !am" encapsulates datagram Data-Link Layer: has responsibility of transferring datagram from one node to adjacent node over a link

Data-Link Layer

Why a separate layer? Datagram may be transferred by dierent link protocols over dierent links e.g., Ethernet on rst link, frame relay on intermediate links, 802.11 on nal link Each link protocol provides dierent services e.g., may or may not provide rdt, error detection, over link

analogy: transport  Trip from Hanover to London

 (England)   bus: Hanover to Boston   plane: BOS LHR   tube: Heathrow to London  student = datagra#  transport segment = lin$  transportation mode = lin$ layer protocol  travel agent = routing algorith#

Link Layer Services

Framing, link access encapsulate datagram into frame, add header, trailer channel access if shared medium MAC addresses used in frame headers to identify src, dst dierent from IP addresses Reliable delivery between adjacent nodes using rdt rarely used on low bit-error links (bre) but other links may have high error rates (wireless)

 Flow Control
  pacing between adjacent sending/receiving nodes  Error Detection   signal attenuation/noise   receiver detects, signals sender  Error Correction   receiver detects and    corrects w/o retransmit  Half and full-duplex   half-duplex - both ends   can transmit, but not at the same time

Adapters

Link layer implemented in adapter (NIC)

e.g, Ethernet, 802.11 NICs encapsulates datagram in frame adds error-checking bits, rdt, ow control, etc. looks for errors, rdt, ow control, etc. extracts datagram, passes to receiving node

sending card receiving card adapter is semi-autonomous

Error detection
EDC = Error Detection & Correction bits D = Data protected by EDC (may include headers)

An error-prone link requires error detection

saves on end-to-end retransmits protocol may sometimes miss errors larger EDC yields better detection, but larger overhead

Error detection not 100% reliable

Parity checks

single-bit parity

count 1s can detect single-bit errors what if even number of errors?

errors are bursty

Hamming codes
frame consisting of m data bits and r check bits

n = m + r = n-bit codeword

Given any two codewords, the Hamming distance is the

number of bit positions in which they dier (XOR)

If two codewords are Hamming distance d apart, it requires d single-bit errors to turn one into the other

Hamming distance of a code is the minimum Hamming

distance between any two words in that code

to detect d errors, you need a distance d+1 code e.g., single parity bit has distance 2, so it can only detect single (2-1) errors

10001001 10110001 00111000

Hamming distance = 3

Parity checks

2-D bit parity divide bits into rows & cols detect and correct single-bit errors

Internet checksum
Goal: detect errors in transmitted segment

used at transport layer only (checksum cheap in software) treat segment contents as sequence of 16-bit integers checksum: addition (1s complement sum) of segment contents put checksum in UDP checksum eld compute checksum of received segment check if computed checksum equals checksum eld value but even if equal, might still be errors...

Sender:

Receiver:

Cyclic Redundancy Check (CRC)

CRC code = polynomial code

treat data bits D as a binary number (bit string) bit string with k terms considered a polynomial of degree k-1 e.g., 110001 = 1*x5 + 1*x4 + 0*x3 + 0*x2 + 0*x1 + 1*x0

choose r+1 bit pattern (generator) G goal: choose r CRC bits, R, such that

<D,R> exactly divisible by G (modulo 2) receiver knows G, divides <D,R> by G. remainder!=0 error can detect a' burst errors less than r+1 bits long

widely used in practice (ATM, HDLC)

CRCs
use G on D to make R

i.e., G(x)

append R to D to make <D,R> s.t. <D,R> is divisible by G see www.cs.dartmouth.edu/~cs78/crc-info.html Note:

if G has two or more terms, all single-bit errors can be detected to detect an odd number of errors, G should contain (x+1) as a factor

Multiple Access Links & Protocols

Two types of links Point-to-point

e.g., PPP (dial-up access) point-to-point link between Ethernet switch and host traditional Ethernet 802.11 wireless LAN

Broadcast (shared wire or medium)

Multiple Access protocols

Single shared broadcast channel

two nodes transmit simultaneously interferenc" node receives two or more signals at same time co'isio* distributed algorithm that determines how nodes share the channel, i.e., determines when a node can transmit communication about channel-sharing must use the channel itself! i.e., no out-of-band channel for coordination

Multiple access protocol

The ideal Multiple Access Protocol

Broadcast channel of rate R bps

1. when one node wants to transmit, sends at rate R 2. when M nodes want to transmit, each send at avg rate R/M 3. fully decentralised: no special node to coordinate transmissions no synchronisation of clocks, slots, etc. 4. simple

Types of MAC protocols

MAC = Media Access Control

some consider this a separate sub-layer divide channel into smaller pieces time slots (TDM), frequency (FDM), code (CDMA) allocate a piece to a node for exclusive use channel not divided allow for, and recover from, collisions nodes take turns nodes with more to send can take longer turns

Channel Partitioning

Random Access Taking turns

Channel Partitioning
TDM (Time Division Multiplexing)

divide channel into timeslots but bandwidth wasted if only one user divide channel into frequency bands also wastes bandwidth when few users divide channel by assigning each sender a cod" if codes are designed well, senders can transmit over entire frequency spectrum simultaneously people speaking simultaneously in dierent languages commonly used in cellphones (US 2G, US/EU 3G WCDMA) GSM uses TDM (sometimes called TDMA)

FDM (Frequency Division Multiplexing) CDMA (Code Division Multiple Access)

Slotted ALOHA
A random-access MAC protocol

Developed to network Hawaiian islands all frames same size, L bits time divided into slots of L/R sec (time to transmit 1 frame) nodes start to transmit frames only at beginning of slot nodes are synchronised if 2 or more nodes transmit in a slot, all nodes detect collision when node obtains fresh frame, transmits in next slot if no collision, frame is sent if collision, node retransmits in each subsequent slot with probability p until success

Assumptions:

Operation:

Slotted ALOHA

Pros single active node can transmit at full rate of channel highly-decentralised: only slots in nodes need to be in sync simple

Cons  collisions wasting slots  idle slots  nodes may be able to detect collision in less than time to transmit packet  clock synchronisation

Slotted ALOHA - eciency

Eciency = long-run fraction of successful slots when
there are many nodes, each with many frames to send N nodes with many frames, each transmits with prob p

prob that node 1 has success in slot = p(1-p)N-1 prob that any node has success = Np(1-p)N-1 for max eciency with N nodes, nd p* that max Np(1-p)N-1 p* = 1/N as N , p* 1/e = 0.37

At best, channel is used for useful transmissions 37%

of the time!

Pure (unslotted) ALOHA

decentralised: no synchronisation When frame rst arrives, transmit immediately

if collision, wait and retransmit with probability p eciency = 1/(2e) = 0.18 50% of slotted ALOHA = price of decentralisation

Probability of collisions increases

CSMA (Carrier Sense Multiple Access)

Used in Ethernet Listen before transmit If channel (carrier) sensed to be idle, transmit entire frame If channel sensed to be busy, defer transmission Human analogy dont interrupt speaker Collisions may still occur propagation delay nodes may not hear each other if collision, the entire packet transmission time is wasted

CSMA/CD (Collision Detection)

Carrier Sense, but collisions detected within short time colliding transmissions aborted: reduce channel waste Collision detection easy in wired LAN: measure signal strength, compare transmitted and received signals dicult in half-duplex wireless LANs Human analogy polite conversation

Taking Turns
Polling protocol

Master node invites slave nodes to transmit in turn Polling overhead, delay Single point of failure (master node) Control token passed from one node to next sequentially Token overhead, delay Single point of failure (token)

Token-passing protocol

e.g., FDDI, IBM Token Ring (IEEE 802.5)

IBM Token Ring

A LAN (Local Area Network) technology N nodes of LAN (hosts and routers) connected in a
ring by direct links

when node obtains token and sends frame, frame propagates around entire ring ring = virtual broadcast channel destination node reads frame from link-layer medium as frame propagates by sender responsible for removing frame from ring receiver responsible for removing frame from ring

FDDI = MAN technology

Link-Layer Addressing
Network-layer (IP) address

used to get datagram to destination IP subnet but how to nd destination host once at nal router? used to get datagram from one interface to another physicallyconnected interface on the same network 48-bit MAC address burned into the adapters ROM each NIC has unique MAC address (in theory...) address allocation administered by IEEE rst 24-bits = OUI (standards.ieee.org/regauth/oui/oui.txt) MAC at address portable can move NIC from one LAN to another

Link-layer (MAC) address

ARP (Address Resolution Protocol)

How to determine MAC address knowing IP address? Each IP node (host, router) on LAN has ARP table

ARP table: IP/MAC address mapping for some LAN nodes <IP address; MAC address; TTL> TTL (Time To Live): time after which mapping forgotten

ARP: same LAN

A wants to send datagram to B

Bs MAC address not in As ARP table broadcast MAC address = FF-FF-FF-FF-FF-FF all machines on LAN receive ARP query replies to A with its MAC address frame sent directly to As MAC address (unicast) soft-state: information saved until timeout or refreshed nodes create ARP tables with intervention from administrator

A broadcasts ARP query packet containing Bs IP addr B receives ARP packet A saves IP-to-MAC address pair in ARP table ARP is plug-and-play

ARP: dierent LANs

R A B

A wants to send datagram to B via R A knows Bs IP address R has two ARP tables, one for each LAN A creates Layer-3 (IP, AppleTalk, etc) datagram with src A, dst B A uses ARP to get Rs MAC address for 111.111.111.110 A creates link-layer (L2) frame containing L3 datagram with Rs MAC address as dst, sends frame R receives frame, removes L3 datagram, sees Bs dst address R uses ARP to get Bs MAC address R creates L2 frame containing L3 datagram with Bs MAC address as dst

DHCP (RFC2131)
Dynamic Host Conguration Protocol

Client-server protocol

client - new host that wants network conguration information (IP address, DNS server)

Four-stage process:
1. DHCP server discover

client sends DHCP discover message (UDP port 67, IP broadcast dst 255.255.255.255, src 0.0.0.0) DHCP server responds to discover msg with oer msg proposed IP address, netmask, lease time client chooses from 1 oers, responds with DHCP request server responds to client, conrming parameters

2. DHCP server oer

3. DHCP request

4. DHCP ACK

DHCP example

DHCP very useful for one particular link-layer: wireless LANs imagine a sysadmin having to recongure each new wireless client? or every time you changed subnet? Ouch!

Ethernet
First widely-used LAN technology cheap Kept up with speed race

10Mbps, 100Mbps, 1Gbps, 10 Gbps

simple

Ethernet frame format

Preamble Dest MAC address Source MAC Type address Data (46 - 1500 bytes) CRC

Sending NIC encapsulates IP datagram (or other

network-layer protocol packet) in Ethernet !am" Preamble: 7 bytes 10101010, 1 byte 10101011

used to synchronise receiver/sender clock rates if NIC receives frame w/o matching or broadcast addr, discards, otherwise, passes data in frame to higher-layer protocol

Addresses: 6 byte MAC addresses

Type: higher-layer protocol, e.g., IP, AppleTalk CRC: checked at receiver; if error, frame dropped

Byte-stung
Transparency: data eld must be allowed to contain
ag pattern <01111110>

how to distinguish between <01111110> data or ag? $string = the ghost said \boo!\;

How to include a quotation mark () in a string? Sender: adds/escapes/stus extra <01111110> byte
after every <01111110> data byte Receiver:

two <01111110> bytes in a row: discard rst byte, continue data reception single <01111110> = ag byte

Ethernet LAN topologies

Bus topology popular in early 1990s Star topology popular now Connections via hub or switch

Ethernet service model

Connectionless: no handshaking between sending and

receiving NIC Unreliable: receiving NIC doesnt send ACKs/NAKs to sending NIC

stream of datagrams passed to network layer may have gaps gaps may be lled, e.g., if transport layer is TCP otherwise, application will see the gaps

Ethernet MAC
CSMA/CD

no slots NIC doesnt transmit if it senses that some other NIC is transmitting, i.e., carrier sens" Transmitting NIC aborts when it senses that another adapter is transmitting, i.e., co'ision detectio* Before attempting to retransmit, NIC waits a random time, i.e., random access if propagation delay small, eciency NICs measure voltage levels 100%

Eciency higher than slotted ALOHA How to detect carrier/collision?

Ethernet CSMA/CD algorithm

1. NIC receives datagram from network layer and creates frame 2. If NIC senses channel idle, starts to transmit frame. If senses channel busy, waits until channel idle and then transmits 3. If NIC transmits entire frame without detecting another transmission, NIC is nished with this frame 4. If NIC detects another transmission while transmitting, aborts and transmits 48-bit jam signal 5. After aborting, NIC enters exponential backo phase. After nth collision, NIC chooses K randomly from {0,1,2,...,2m-1} where m=min(n,10), waits K*512 bit times and returns to Step 2. bit time: .1 sec for 10BaseT e.g., after 10 collisions, choose K from {0,1,2,...1023} wait around 50 ms more collisions = heavy load, so wait longer

CSMA/CD eciency
Eciency of Ethernet: long-run fraction of time during
which frames are being transmitted on the channel without collisions when there is a large number of active nodes, each with a large number of frames to send tprop = maximum propagation between 2 nodes in LAN ttrans = time to transmit maximum-sized Ethernet frame
ef f iciency = 1 1 + 5tprop /ttrans

Eciency 1 as tprop 0 Eciency 1 as ttrans Better than ALOHA, but still decentralised, simple and
cheap

Ethernet technologies

IEEE 802.3 most common: 10BaseT/100BaseT 10BaseT = 10Mbps, 100BaseT = 100Mbps, 100m distance T = Twisted Pair 10Base2 = 10Mbps over coax, 185m distance 10Base5 = 10Mbps ocver coax, 500m distance Nodes connect to hub, 100m max distance between nodes and hub 802.3z = GigE backwards-compatible Cat5 and bre

Hubs
Hub = physical-layer repeater

bits coming from one link go out of a' other links at the same rate no frame-buering no CSMA/CD at hub NICs detect collisions may provide some network management functionality

Hubs are cheap

Interconnecting with hubs

Backbone hub interconnects LAN segments Extends maximum distance between nodes

but individual segment co'ision domains become one big collision domain maximum aggregate throughput limited

Cant interconnect 10BaseT & 100BaseT

Switches
Link-layer device

stores and forwards Ethernet frames examines frame header and selectively forwards frame based on destination MAC address when frame is to be forwarded on a segment, use CSMA/CD hosts are unaware of presence of switches switches do not need to be congured these days both switches and hubs are cheap (but hubs are still cheaper)

transparent switches used to be much more expensive than hubs

Forwarding

How to choose onto which LAN segment to forward frame? Switch has a switch tabl" entries: (MAC address, interface, timestamp) stale entries dropped after TTL (e.g., 60 min) Switch learns which hosts can be reached through which interfaces when frame received, switch learns location of sender (incoming LAN

segment) records sender/location pair in switch table

Filtering/forwarding algorithm
When switch receives a frame:

index switch table using MAC destination address if entry found for destination then { if destination on segment from which frame arrived then drop the frame else forward the frame on interface indicated } else ood ood: forward frame on all interfaces except the interface on which the frame arrived

Forwarding
1 2 3 address interfac" A B
A B D C E F H G I J K L

1 1 2 3

E G

C sends frame to F Switch receives frame from C adds C to switch table - notes that C is on interface 1 because F is not in table, switch forwards frame into interfaces 2 & 3 F receives frame

Forwarding
1 2 3 address interfac" A B
A B D C E F H G I J K L

1 1 2 3 1

E G C

F replies with frame to C Switch receives frame from F adds F to switch table - notes that F is on interface 2 because C is in table, switch forwards frame only into interfaces 1 C receives frame

Switches: dedicated access

Switches can have many interfaces e.g., in Sudiko typically 48port switches Hosts have direct connection to switch no collisions full-duplex A can speak to A and B can speak to B simultaneously cut-through switching: frame forwarded from input to output port w/o collecting entire frame

Switches versus routers

Both are store-and-forward devices

routers: network-layer devices (examine network layer headers) switches: link-layer devices (examine MAC addresses)

routers maintain routing tables, implement routing

algorithms switches maintain switch tables, implement ltering, learning algorithms
4 3 2 1 Host 3 2 1 Router 4 3 2 1 Host

2 1 Switch

Repeaters, bridges
lots of terminology (jargon), often confusing repeater = physical-layer hub

connects two segments, e.g., cable signal appears on one segment, amplied and put on the other typically switch used for connecting computers (dedicated access) bridge used for connecting LANs, i.e., multiple hosts on each port both layer 2 a.k.a., a router (L3 switch is marketing-speak) with faster dedicated hardware, fast as a L2 switch but processing L3 headers

bridge switch

layer 3 switch

VLANs (Virtual LANs)

Might want to partition a LAN

e.g., divide campus network by department limit load, broadcast storms VLAN-aware switches only forward frames to appropriate VLAN VLANs can be created by port, MAC address, layer 3 proto / addr i.e., breaks layering, end-to-end, connectionless service but industry likes it... what happens when IPv9 is introduced? add extra elds to Ethernet frame format to tag frames not all switches/hosts are aware of new format, so the rst VLANaware switch can add tags based on MAC or IP

Divide physical LAN into virtual LANs

IEEE 802.1Q

Summary
hubs trac isolatio* plug & play optimal routing cut-through routers switches

Network measurement

Why measure networks?

sysadmin, debugging/verifying/reverse-engineering protocols, troubleshooting, testing performance, understanding usage wiretap (FBI), spying (everyone else) capture entire link-layer frame and analyse (or write to disk)

Measure at the link layer

Measuring Ethernet
Place NIC into promiscuous mod"

NIC no longer discards frames not addressed to it NIC will see all frames (since hub forwards frames on all ports) NIC will only see frames addressed to it (+ broadcast/multicast) copy all frames to a dedicated port - plug snier into this port issue spoofed ARP frames to fool other machines into thinking that you have another hoss MAC address a sysadmin shouldnt really need to do this

In an Ethernet LAN with hubs In a switched network Some switches have a monitor mode (port mirroring) ARP poisoning (man in the middle attack)

Measurement software
packet snier programs

e.g., Ethereal, tcpdump, Network General Snier e.g., libpcap

link-layer frames encapsulated in a le format program may be able to decode dierent protocols
protocol analyser e.g., ethereal understands HTTP (and ~600 other protocols)

program may reside on a dierent host from snier

link-layer frames encapsulated and forwarded to host

Packet lters
Network driver sits in kernel Measurement software sits in userspace Packet lter - sits in kernel, passes frames to userspace

e.g., Berkeley Packet Filter - /dev/bpf0 e.g., winpcap (Windows - http://winpcap.polito.it/)

tcpdump -i eth0 host 129.170.213.211 and port 22

May just pass particular frames

Security issues
If someone can sni my data-link frames, they can see
all of my data

e-mail contents, telnet passwords, etc ssh (instead of telnet), SSL (HTTPS), PGP (e-mail) tricks using ICMP possible to attack even passive sniers e.g., Witty worm

application-layer security snier detection sniers can be security holes