============================================================================== RED CIENTIFICA PERUANA ============================================================================== Ethernet Network Questions and Answers ====================================== Summarized from UseNet group comp.dcom.lans.ethernet on 29OCT92 References (in order of appearance): Daniel Huber (the one who asked) Rich Lawrence (CableTron) Rich Seifert (NetCom) Mark Medici (Rutgers U.) Q: What is a runt? A: A packet that is below the minimum size for a given protocol. With Ethernet, a runt is a frame shorter than the minimum legal length of 64 bytes (at Data Link). Q: What causes a runt? A: Runt packets can be caused accidentally or intentionally. If accidental, they are most likely the result of a faulty device on the network, or software gone awry. If intentional, they may be designed to be runts for a specific reason. SNMP (Simple Network Management Protocol) is often sent as runt packets so that many devices will simply ignore it. Q: What is a jabber? A: A blanket term for a device that is behaving improperly in terms of electrical signalling on a network. In ethernet this is Very Bad, because ethernet uses electrical signal levels to determine whether the network is available for transmission. A jabbering device can cause the entire network to halt because all other devices think it is busy. Q: What causes a jabber? A: Typically a bad network interface card in a machine on the network. In bizarre circumstances outside interference might cause it. These are very hard problems to trace with layman tools. Q: What is a collision? A: A condition where two devices on the network end up trying to send a packet at the same time. Since only one device can transmit at a time, this causes both packets to be lost. Collisions are detected by monitoring voltage levels on the wire. Q: What causes a collision? A: See above. Ethernet is a CSMA/CD (Carrier Sense Multiple Access/ Collision Detect) system. It is possible to not sense carrier from a previous device and attempt to transmit anyway, or to have two devices attempt to transmit at the same time; in either case a collision results. Ethernet is particularly susceptible to performance loss from such problems when people ignore the "rules" for wiring ethernet. Q: How can I test an ethernet? A: You must be more specific. Do you wish to test the electrical integrity of the wire (ie, will it carry a signal properly) or do you wish to test the performance of it while running, etc? If the former, a TDR (see below) or cable scanner that incorporates and expands on the capabilities of a TDR would be the most comprehensive tool, though a great deal can be determined with a simple ohmmeter. The latter requires special and often very expensive software, usually combined with custom hardware, to capture, optionally filter, and analyze the network packets. Q: What is the difference between an ethernet frame and a IEEE802.3 frame? Why are there two types? Why is there a difference? A: Ethernet was invented at Xerox Palo Alto Research Center and later became an international standard. IEEE handled making it a standard; the specifications are slightly different from the original Xerox ones. Hence, two different types. Ethernet uses a "TYPE" field to distinguish among multiple client protocols. 802.3 uses the 802.2 LLC to distinguish among multiple clients, and has a "LENGTH" field where Ethernet has the "TYPE" information. TCP/IP and DECnet (and others) use Ethernet_II framing, which is that which Xerox/PARC originated, while NetWare defaults to 802.3. Q: What exactly means 10Base5, 10BaseT, 10Base2, 10Broad36, etc. A: The "10" stands for signalling speed: 10Mhz. "Base" means Baseband, "broad" means broadband. The final section describes the physical wiring used, ie 2=coax, 5=standard or thick, T=twisted pair. This actually comes from the IEEE committee number for that media. Initially, the last section as intended to indicate the maximum length of an unrepeatered cable segment. This convention was modified with the introduction of 10BaseT, where the T means twisted pair, and 10BaseF where the F means fiber. Q: Where can I get IEEE803.x docs online? A: Bunch of places. Check archie (telnet to archie.rutgers.edu). (Really? Where? I've had no success, and was under the impression that IEEE sold these documents.) Q: Why has the MAC address to be uniq? A: Each card has a unique MAC address, so that it will be able to exclusively grab packets off the wire meant for it. If MAC addresses are not unique, there is no way to distinguish between two stations. Devices on the network watch network traffic and look for their own MAC address in each packet to determine whether they should decode it or not. Special circumstances exist for broadcasting to every device. Q: Is there a special numbering scheme for MAC addresses? A: Each manufacturer of ethernet devices applies for a certain range of MAC addresses they can use. The first few bytes of the address determine the manufacturer. Q: What is a broadcast storm? A: An overloaded term that describes an overloaded protocol. :-). Basically it describes a condition where devices on the network are generating traffic that by its nature causes the generation of even more traffic. The inevitable result is a huge degradation of performance or complete loss of the network as the devices continue to generate more and more traffic. This can be related to the physical transmission or to very high level protocols. There is a famous example of Banyan Vines bringing a huge network to its knees because of the addition of a single server, which brought the network to "critical mass" (this logic error has been corrected). NFS is famous for this type of failure. Q: How do I recognize a broadcast storm? A: That depends on what level it is occuring. Basically you have to be aware of the potential for it beforehand and be looking for it, because in a true broadcast storm you will probably be unable to access the network. This can change dramatically for a higher level protocol. NFS contention can result in a dramatic DROP in ethernet traffic, yet no one will have access to resources. Q: How can I prevent a broadcast storm? A: Avoid protocols that are prone to it. Route when it is practical. Don't buy ethernet. :-). Q: What exactly does a bridge? A: A bridge will connect to distinct segments (usually referring to a physical length of wire) and transmit traffic between them. This allows you to extend the maximum size of the network while still not breaking the maximum wire length, attached device count, or number of repeaters for a network segment. Q: What does a "learning bridge"? A: A learning bridge monitors MAC addresses on both sides of its connection and attempts to learn which addresses are on which side. It can then decide when it receives a packet whether it should cross the bridge or stay local (some packets may not need to cross the bridge because the source and destination addresses are both on one side). If the bridge receives a packet that it doesn't know the addresses of, it will forward it by default. Q: What exactly does a repeater? A: A repeater acts on a purely electrical level to connect to segments. All it does is amplify and reshape (and, depending on the type, possibly retime) the analog waveform to extend network segment distances. It does not know anything about addresses or forwarding, thus it cannot be used to reduce traffic as a bridge can in the example above. Q: What exactly does a router? A: Routers work much like bridges, but they pay attention to the upper network layer protocols rather than physical layer protocols. A router will decide whether to forward a packet by looking at the protocol level addresses (for instance, TCP/IP addresses) rather than the MAC address. Many routers can also function as bridges. Routing would always be preferable to bridging except for the fact that routers are slower and usually more expensive (due to the amount of processing required to look inside the physical packet and determine which interface that packet needs to get sent out). Q: What means FOIRL? A: Fiber Optic Inter Repeater Link. A "IEEE 802 standard" worked out between many vendors some time ago for carrying ethernet signals across long distances via fiber optic cable. It has since been adapted to other applications besides connecting segments via repeaters (you can get FOIRL cards for PCs). It has been superseded by the larger 10baseF standard. Q: What is a remote bridge? A: A bridge as described above that has an ethernet (or token-ring) interface on one side and a serial interface on the other. It would connect to a similar device on the other side of the serial line. Most commonly used in WAN links where it is impossible or impractical to install network cables. A high-speed modem (or T1 DSU/CSU's, X.25 PAD's, etc) and intervening telephone lines or public data network would be used to connect the two remote bridges together. Q: Where can I find the specifications of ethernet equipments? A: From the manufacturer of the product, probably. Q: Is there a troubleshooting guide for ethernet? A: Many. I suggest you check your local technical bookstore. (Recommendations needed) Q: What books are good about ethernet LAN's? A: Ditto (Recommendations needed) Q: What's about wireless LAN's? Are there any? A: Yes. They typically work off of infrared, or microwave as trans- mission. There are special applications for light based (laser) repeaters. They are typically expensive, slow (relative to Ether- net) and are not yet a mature technology. Q: When should I choose 10BaseT, when 10Base2 (or others)? A: One general rule of thumb is to avoid using copper between build- ings. The electrical disturbances caused by lightning, as well as naturally occurring differences in ground potential over distance, can very quickly and easily cause considerable damage to equipment and people. The use of fiber-optic cabling between buildings eliminates network cabling as a safety risk. Other than that, the decision is based on what type of wiring you already have, building codes, anticipated needs of your network, future expansion, money available, etc etc etc. Impossible to determine without detailed analysis. Q: What is a driver? A: Typically the software that allows an ethernet card in a computer to decode packets and send them to the operating system and encode data from the operating system for transmission by the ethernet card through the network. By handling the nitty-gritty hardware interface chores, it provides a device-independant interface to the upper layer protocols, thereby making them more universal and [allegedly] easier to develop and use. There are many other meanings to this word, but this is probably what you are looking for. Q: What is NDIS, packet driver, ODI.? A: NDIS is a Microsoft/3com puppy that allows "stacking" of multiple protocols for a single underlying driver. Essentially it allows a single ethernet card in a PC (it's not limited to ethernet) to speak many different network "languages", and usually at the same time. A packet driver is another method of allowing multiple protocols to access the network interface at the same time. Developed and suportted by FTP Software Inc, Clarkson University, BYU and, more recently, Crynwr Software, the packet driver spec (PDS) is used to provide a device independant interface to various TCP/IP applica- tions, and often in combination with concurrent Novell access (IPX/SPX). ODI is Novell and Apple's equivelent of NDIS. There are differ- ences between the two specs, but not so much as to warrant descrip- tion in this text. The next logical question is "which one should I use?" There is no simple or obvious answer, except that you should use the one most commonly required by your software. Q: What means "promiscuous mode"? A: A controller in promiscuous mode will receive all frames, regard- less of destination address. Ethernet is promiscuous in that it allows any device on a segment to hear every packet on that segment if the card is so programmed. This is an obvious security issue. It used to be that there was no way around this besides encoding the packets themselves, but Synoptics recently released a secure ethernet solution (blatent employee plug). Q: What (free) tools are there to monitor/decode/etc an ethernet? A: There are many built into most Unix systems. Some cards for the PC come with utilities. There are several free ones avaiable. Again, use archie. (Recommendations? Beholder? Others?) Q: What is a "segment"? A: A piece of wire bounded by bridges, routers, or terminators. Some people consider wires on either side of a repeater seperate segments, but they aren't really. Q: What is a "subnet"? A: Another overloaded term. It can mean, depending on the usage, a segment, a set of machines grouped together by a specific protocol feature (note that these machines do not have to be on the same segment, but they could be) or a big nylon thing used to capture soviet subs. Q: Are there any *interesting* ethernet devices (e.g. Kalpana..) A: What do you mean by interesting? There are several marvelous engineering designs in the realm of ethernet. None of them is likely to work as a topic of discussion at the local bar. Q: What is a Kalpana EtherSwitch? A: A device that works sort of like a bridge, but off a different principle. It's advantages are that it is extremely fast and can "bridge" more than one packet at a time (it is not limited to two interfaces as a traditional bridge is). Disadvantages are that it does not understand spanning tree and doesn't work well in many to one networks. You probably don't understand that, so ignore it. Q: What means SQE? What is it for? A: SQE is the IEEE term for a collision. (Signal Quality Error) Q: What means "heartbeat"? What is it for? A: Heartbeat (a.k.a. SQE Test) is a means of detecting a transceiver's inability to detect collisions. The normal operation of an Ethernet will test the transceiver's power, transmitter and receiver; if any of these fail the station will not hear its own loopback. Without heartbeat, it is not possible to determine if your collision detector is operating properly. Heartbeat is implemented by generating a test signal on the collision pair from the transceiver (or its equivalent) following every transmission on the network. It does not generate any signal on the common medium. Q: What is a fan-out? Is this device still used? A: Fanout (a.k.a transceiver multiplexer, a.k.a. multiport trans- ceiver, a.k.a. DELNI) allows multiple stations to connect to a single transceiver or transceiver-like device. They are still widely used. Q: What is a transceiver? A: A transceiver allows a station to transmit and receive to/from the common medium. In addition, Ethernet transceivers detect collisions on the medium and provide electrical isolation between stations. Q: Are there any documents I should read? A. Probably tons. (Recommendations?) Q: What is a "TDR"? A: A Time-Domain Reflectometer is a tool used to detect cable faults. This device operates by sending a brief signal pulse down the cable and looking for its reflection to bounce back. By analysizing the reflected pulse, it is possible to make judgements about the quality of the cable segment. More advanced units can not only detect and identify the nature of the problem, but give a reasonably accurate indication of the problem's location (distance from the point of the test). There is also a device known as an OTDR, which is an Optical Time-Domain Reflectometer for fiber-optic cables. Q: What means "BERT"? A: Bit Error Rate Tester. This equipment is used to analyze the amount and types of errors that occur on a cable segment. Q: What means "CSMA/CD"? A: Carrier Sense, Multiple Access, with Collision Detection, the MAC (Media Access Control) algorithm used by Ethernet. Q: What is a "HUB"? A: A hub is a common wiring point for star-topology networks, and is a common synonym for concentrator (though the latter generally has additional features or capabilities). Arcnet, 10Base-T Ethernet and 10Base-F Ethernet and many proprietary network topologies use hubs to connect multiple cable runs in a star-wired network topology into a single network. Token-Ring MSAUs (Multi-Station Access Units) can also be considered a type of hub, but don't let a token-ring biggot hear that. Hubs have multiple ports to attach the different cable runs. Some hubs (such as 10Base-T and active ArcNet) include electronics to regenerate and retime the signal between each hub port. Others (such as 10Base-F or passive Arcnet) simply act as signal splitters, similar to the multi-tap cable-TV splitters you might use on your home antenna coax (of course, 10Base-F uses mirrors to split the signals between cables). Token-Ring MSAUs use relays (mechanical or electronic) to reroute the network signals to each active device in series, while all other hubs redistribute received signals out all ports simultaneously, just as a 10Base-2 multi-port repeater would. Q: What is EIA/TIA 586? (Some type of wiring standard, no? Help?) Q: What means "IPG"? A: The InterPacket Gap (more properly referred to as the InterFrame Gap, or IFG) is an enforced quiet time of 9.6 us between transmitted Ethernet frames. Q: What is 10BaseF? A: 10Base-F is an IEEE standard for 10mbps Ethernet over fiber-optic cabling. It defines the methodology and standard devices which, ideally, can permit one company's 10Base-F devices to interoperate with any others'. Q: What means "MAU"? A: Medium Access Unit, an IEEE term for a transceiver. MAU is also commonly [mis]used to describe a Token-Ring Multi-Station Access Unit (MSAU). Refer to HUB for an explaination of MSAU. Q: What means "AUI"? A: Attachment Unit Interface, an IEEE term for the connection between a controller and the transceiver. Q: Does a NEMP affect an ethernet? (Help?) Q: What are the advantages/disadvantages of a star like cabling? A: Old style ethernet bus wiring (ie, taking the cable from one machine to the next, and then to the next, etc) is prone to cable failure and quickly consumes allowed distances due to aesthetic wiring needs. If the wiring connection is broken at any point, the entire network (segment) fails - and the much greater number of connections increases the probability of a failure or break. On the other hand, it's pretty easy to do for a layman and may involve less actual wiring for small segments. Star wiring eliminates the single point of failure of a common wire. A central hub has many connctions that radiate out to hosts, if one of these hosts connections fails it usually doesn't affect the others. Obviously, however, the hub becomes a central point of failure itself, but studies show a quality hub is less likely to fail before a heavily used strand of coax. There are a bunch of other reasons hubs are desireable, but this is the biggie. Q: What is UTP, STP? A: Unshielded twisted pair, shielded twisted pair. UTP is what the phone companies typically use, though this is not always of high- enough quality for high-speed network use. STP is mostly from IBM. Either one can be used for ethernet, but they have different electrical characteristics (impedence) and can't be mixed and matched freely. Some manufacturer's hubs and concentrator cards can be bought that will speak to either type of cable, so you CAN hook them together in a manner. Q: What is *high* traffic on an ethernet? 5%? 20%? 90%? A: High traffic is when things start slowing down to the point they are no longer acceptable. There is not set percentage point, in other words. Xerox used to use a formula based on packet size over time, or something, but the issue has been significantly muddied by the plethora of protocols available and how they react to wire usage. I usually start paying attention over 40-50%, *or when things slow down*. I've seen IPX segments that were slow with less than 20% usage. --- _________________________________________________________________________ RUCS | Mark A. Medici, Systems Programmer III, User Services Division User | Rutgers University Computing Services, New Brunswick, NJ 08903 Services | [medici@gandalf.rutgers.edu] [908-932-2412] .