Wednesday, June 9, 2010

NIC Card

Ethernet is a family of frame-based computer networking technologies for local area networks (LANs). The name came from the physical concept of the ether. It defines a number of wiring and signaling standards for the Physical Layer of the OSI networking model as well as a common addressing format and Media Access Control at the Data Link Layer.
Ethernet is standardized as IEEE 802.3. The combination of the twisted pair versions of Ethernet for connecting end systems to the network, along with the fiber optic versions for site backbones, is the most widespread wired LAN technology. It has been used from around 1980[1] to the present, largely replacing competing LAN standards such as token ring, FDDI, and ARCNET.
A standard 8P8C (often called RJ45) connector used most commonly on cat5 cable, a type of cabling used primarily in Ethernet networks.
The Internet Protocol Suite
Application Layer
BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · LDAP · Megaco · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · RTSP · SDP · SIP · SMTP · SNMP · SOAP · SSH · Telnet · XMPP · (more)
Transport Layer
TCP · UDP · DCCP · SCTP · RSVP · TLS/SSL · ECN · (more)
Internet Layer
IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP/InARP · NDP · OSPF · Tunnels (L2TP) · PPP · Media Access Control (Ethernet, DSL, ISDN, FDDI) · (more)

Contents

[hide]

[edit] History

Ethernet was developed at Xerox PARC between 1973 and 1975.[2] It was inspired by ALOHAnet which Robert Metcalfe had studied as part of his Ph. D. dissertation.[3] In 1975, Xerox filed a patent application listing Metcalfe, David Boggs, Chuck Thacker and Butler Lampson as inventors.[4] In 1976, after the system was deployed at PARC, Metcalfe and Boggs published a seminal paper.[5][note 1]
Metcalfe left Xerox in 1979 to promote the use of personal computers and local area networks (LANs), forming 3Com. He convinced Digital Equipment Corporation (DEC), Intel, and Xerox to work together to promote Ethernet as a standard, the so-called "DIX" standard, for "Digital/Intel/Xerox"; it specified the 10 megabits/second Ethernet, with 48-bit destination and source addresses and a global 16-bit Ethertype type field. The first standard draft was first published on September 30, 1980 by the Institute of Electrical and Electronics Engineers (IEEE).[citation needed] Support of Ethernet's carrier sense multiple access with collision detection (CSMA/CD) in other standardization bodies (i.e. ECMA, IEC and ISO) was instrumental in getting past delays of the finalization of the Ethernet standard due to the difficult decision processes in the IEEE, and due to the competitive Token Ring proposal strongly supported by IBM.[citation needed] Ethernet initially competed with two largely proprietary systems, Token Ring and Token Bus. These proprietary systems soon found themselves buried under a tidal wave of Ethernet products. In the process, 3Com became a major company. 3Com built the first 10 Mbit/s Ethernet adapter (1981).[citation needed] This was followed quickly by DEC's Unibus to Ethernet adapter, which DEC sold and used internally to build its own corporate network, which reached over 10,000 nodes by 1986; far and away the largest extant computer network in the world at that time.[citation needed]
Through the first half of the 1980s, Digital's Ethernet implementation utilized a coaxial cable about the diameter of a US nickel which became known as Thick Ethernet when its successor, Thinnet Ethernet was introduced. Thinnet uses a cable similar to cable television cable of the era. The emphasis was on making installation of the cable easier and less costly.
The observation that there was plenty of excess capacity in unused unshielded twisted pair (UTP) telephone wiring already installed in commercial buildings provided another opportunity to expand the installed base and thus twisted-pair Ethernet was the next logical development in the mid 1980s, beginning with StarLAN. UTP-based Ethernet became widely known with 10BASE-T standard. This system replaced the coaxial cable systems with a system of hubs linked via UTP.
In 1990, Kalpana introduced the first Ethernet switch[6] which replaced the CSMA/CD scheme in favor of a switched full duplex system offering higher performance and at a lower cost than using routers.

[edit] Standardization

Notwithstanding its technical merits, timely standardization was instrumental to the success of Ethernet. It required well-coordinated and partly competitive activities in several standardization bodies such as the IEEE, ECMA, IEC, and finally ISO.
In February 1980 IEEE started a project, IEEE 802, for the standardization of local area networks (LAN).[7]
The "DIX-group" with Gary Robinson (DEC), Phil Arst (Intel) and Bob Printis (Xerox) submitted the so-called "Blue Book" CSMA/CD specification as a candidate for the LAN specification. Since IEEE membership is open to all professionals, including students, the group received countless comments on this brand-new technology.
In addition to CSMA/CD, Token Ring (supported by IBM) and Token Bus (selected and henceforward supported by General Motors) were also considered as candidates for a LAN standard. Due to the goal of IEEE 802 to forward only one standard and due to the strong company support for all three designs, the necessary agreement on a LAN standard was significantly delayed.
In the Ethernet camp, it put at risk the market introduction of the Xerox Star workstation and 3Com's Ethernet LAN products. With such business implications in mind, David Liddle (General Manager, Xerox Office Systems) and Metcalfe (3Com) strongly supported a proposal of Fritz Röscheisen (Siemens Private Networks) for an alliance in the emerging office communication market, including Siemens' support for the international standardization of Ethernet (April 10, 1981). Ingrid Fromm, Siemens representative to IEEE 802 quickly achieved broader support for Ethernet beyond IEEE by the establishment of a competing Task Group "Local Networks" within the European standards body ECMA TC24. As early as March 1982 ECMA TC24 with its corporate members reached agreement on a standard for CSMA/CD based on the IEEE 802 draft. The speedy action taken by ECMA decisively contributed to the conciliation of opinions within IEEE and approval of IEEE 802.3 CSMA/CD by the end of 1982.
Approval of Ethernet on the international level was achieved by a similar, cross-partisan action with Fromm as liaison officer working to integrate IEC TC83 and ISO TC97SC6, and the ISO/IEEE 802/3 standard was approved in 1984.

[edit] General description

A 1990s network interface card. This is a combination card that supports both coaxial-based using a 10BASE2 (BNC connector, left) and twisted pair-based 10BASE-T, using an RJ45 (8P8C modular connector, right).
Ethernet was originally based on the idea of computers communicating over a shared coaxial cable acting as a broadcast transmission medium. The methods used show some similarities to radio systems, although there are fundamental differences, such as the fact that it is much easier to detect collisions in a cable broadcast system than a radio broadcast. The common cable providing the communication channel was likened to the ether and it was from this reference that the name "Ethernet" was derived.
The advantage of CSMA/CD was that, unlike Token Ring and Token Bus, all nodes could "see" each other directly. All "talkers" shared the same medium - a single coaxial cable - however, this was also a limitation; with only one speaker at a time, packets had to be of a minimum size to guarantee that the leading edge of the propagating wave of the message got to all parts of the medium before the transmitter could stop transmitting, thus guaranteeing that collisions (two or more packets initiated within a window of time which forced them to overlap) would be discovered. Minimum packet size and the physical medium's total length were thus closely linked.
From this early and comparatively simple concept, Ethernet evolved into the complex networking technology that today underlies most LANs. The coaxial cable was replaced with point-to-point links connected by Ethernet hubs and/or switches to reduce installation costs, increase reliability, and enable point-to-point management and troubleshooting. StarLAN was the first step in the evolution of Ethernet from a coaxial cable bus to a hub-managed, twisted-pair network. The advent of twisted-pair wiring dramatically lowered installation costs relative to competing technologies, including the older Ethernet technologies.
Above the physical layer, Ethernet stations communicate by sending each other data packets, blocks of data that are individually sent and delivered. As with other IEEE 802 LANs, each Ethernet station is given a single 48-bit MAC address, which is used to specify both the destination and the source of each data packet. Network interface cards (NICs) or chips normally do not accept packets addressed to other Ethernet stations. Adapters generally come programmed with a globally unique address, but this can be overridden, either to avoid an address change when an adapter is replaced, or to use locally administered addresses.
Despite the significant changes in Ethernet from a thick coaxial cable bus running at 10 Mbit/s to point-to-point links running at 1 Gbit/s and beyond, all generations of Ethernet (excluding early experimental versions) share the same frame formats (and hence the same interface for higher layers), and can be readily interconnected.
Due to the ubiquity of Ethernet, the ever-decreasing cost of the hardware needed to support it, and the reduced panel space needed by twisted pair Ethernet, most manufacturers now build the functionality of an Ethernet card directly into PC motherboards, eliminating the need for installation of a separate network card.

[edit] Dealing with multiple clients

[edit] CSMA/CD shared medium Ethernet

Ethernet originally used a shared coaxial cable (the shared medium) winding around a building or campus to every attached machine. A scheme known as carrier sense multiple access with collision detection (CSMA/CD) governed the way the computers shared the channel. This scheme was simpler than the competing token ring or token bus technologies. When a computer wanted to send some information, it used the following algorithm:

[edit] Main procedure

  1. Frame ready for transmission.
  2. Is medium idle? If not, wait until it becomes ready and wait the interframe gap period (9.6 µs in 10 Mbit/s Ethernet).
  3. Start transmitting.
  4. Did a collision occur? If so, go to collision detected procedure.
  5. Reset retransmission counters and end frame transmission.

[edit] Collision detected procedure

  1. Continue transmission until minimum packet time is reached (jam signal) to ensure that all receivers detect the collision.
  2. Increment retransmission counter.
  3. Was the maximum number of transmission attempts reached? If so, abort transmission.
  4. Calculate and wait random backoff period based on number of collisions.
  5. Re-enter main procedure at stage 1.
This can be likened to what happens at a dinner party, where all the guests talk to each other through a common medium (the air). Before speaking, each guest politely waits for the current speaker to finish. If two guests start speaking at the same time, both stop and wait for short, random periods of time (in Ethernet, this time is generally measured in microseconds). The hope is that by each choosing a random period of time, both guests will not choose the same time to try to speak again, thus avoiding another collision. Exponentially increasing back-off times (determined using the truncated binary exponential backoff algorithm) are used when there is more than one failed attempt to transmit.
Computers were connected to an Attachment Unit Interface (AUI) transceiver, which was in turn connected to the cable (later with thin Ethernet the transceiver was integrated into the network adapter). While a simple passive wire was highly reliable for small Ethernets, it was not reliable for large extended networks, where damage to the wire in a single place, or a single bad connector, could make the whole Ethernet segment unusable. Multipoint systems are also prone to very strange failure modes when an electrical discontinuity reflects the signal in such a manner that some nodes would work properly while others work slowly because of excessive retries or not at all (see standing wave for an explanation of why); these could be much more painful to diagnose than a complete failure of the segment. Debugging such failures often involved several people crawling around wiggling connectors while others watched the displays of computers running a ping command and shouted out reports as performance changed.
Since all communications happen on the same wire, any information sent by one computer is received by all, even if that information is intended for just one destination. The network interface card interrupts the CPU only when applicable packets are received: the card ignores information not addressed to it unless it is put into "promiscuous mode". This "one speaks, all listen" property is a security weakness of shared-medium Ethernet, since a node on an Ethernet network can eavesdrop on all traffic on the wire if it so chooses. Use of a single cable also means that the bandwidth is shared, so that network traffic can slow to a crawl when, for example, the network and nodes restart after a power failure.

[edit] Repeaters and hubs

For signal degradation and timing reasons, coaxial Ethernet segments had a restricted size which depended on the medium used. For example, 10Base5 coax cables had a maximum length of 500 meters (1,640 ft) and 10Base2 coax cables had a maximum length of 185 meters (607 ft). Also, as was the case with most other high-speed buses, Ethernet segments had to be terminated with a resistor at each end. For coaxial-cable-based Ethernet, each end of the cable had a 50 ohm (Ω) resistor attached. Typically this resistor was built into a male BNC or N connector and attached to the last device on the bus, or, if vampire taps were in use, to the end of the cable just past the last device. If termination was not done, or if there was a break in the cable, the AC signal on the bus was reflected, rather than dissipated, when it reached the end. This reflected signal was indistinguishable from a collision, and so no communication would be able to take place.
Terminators had a metallic chain attached to them for grounding purposes, however many people never understood how to properly ground cabling and thus grounded the terminators at both ends rather than just one end. This caused many of the grounding loop problems during that era which caused network outages and/or data corruption when swells of electricity traversed the coaxial cabling's outer shield on its path to the ground with the least resistance.
A greater cabling length could be obtained by an Ethernet repeater, which took the signal from one Ethernet cable and repeated it onto another cable. If a collision was detected, the repeater transmitted a jam signal onto all ports (initial repeaters only had 2 ports but they gave way to 4-, 6-, 8-ports and more) to ensure collision detection. Repeaters could be used to transparently connect segments such that up to five Ethernet segments could be inter-joined between any two hosts, of which 3 of those segments could have attached devices and the other 2 segments were only used to increase distance, but would not have any hosts attached (i.e. only repeaters attached at each end). Repeaters could detect an improperly terminated link from the continuous collisions and stop forwarding data from it. Hence they alleviated the problem of cable breakages: when an Ethernet coax segment broke, while all devices on that segment were unable to communicate, repeaters allowed the other segments to continue working - although depending on which segment was broken and the layout of the network the partitioning that resulted may have made other segments unable to reach important servers and thus effectively useless.
The Ethernet 5-4-3 Rule was made following this standard to make it easier to remember. The "5" was the maximum number of segments which could be connected on a single network. The "4" was the maximum number of repeaters which could be used on that network. And the "3" was the maximum number of populated (segments with hosts attached) segments on that network.
People recognized the advantages of cabling in a star topology, primarily that only faults at the star point will result in a badly partitioned network, and network vendors began creating repeaters having multiple ports, thus reducing the number of repeaters required at the star point. Multiport Ethernet repeaters became known as "Ethernet hubs" with repeaters built into the hub itself. Network vendors such as DEC and SynOptics sold hubs that connected many 10Base5 thick coaxial and 10Base2 thin coaxial segments. There were also "multiport transceivers" or "fan-outs". These could be connected to each other and/or a coax backbone. A well-known early example was DEC's DELNI. These devices allowed multiple hosts with AUI connections to share a single transceiver. They also allowed creation of a small standalone Ethernet segment without using a coaxial backbone cable.
A twisted pair Cat-3 or Cat-5 cable is used to connect 10BASE-T Ethernet
Ethernet on unshielded twisted-pair cables (UTP), beginning with StarLAN and continuing with 10BASE-T, was designed for point-to-point links only and all termination was built into the device. This changed hubs from a specialist device used at the center of large networks to a device that every twisted pair-based network with more than two machines had to use. The tree structure that resulted from this made Ethernet networks more reliable by preventing faults with (but not deliberate misbehavior of) one peer or its associated cable from affecting other devices on the network, although a failure of a hub or an inter-hub link could still affect lots of users. Also, since twisted pair Ethernet is point-to-point and terminated inside the hardware, the total empty panel space required around a port is much reduced, making it easier to design hubs with lots of ports and to integrate Ethernet onto computer motherboards.
Despite the physical star topology, hubbed Ethernet networks still use half-duplex and CSMA/CD, with only minimal activity by the hub, primarily the Collision Enforcement signal, in dealing with packet collisions. Every packet is sent to every port on the hub, so bandwidth and security problems aren't addressed. The total throughput of the hub is limited to that of a single link and all links must operate at the same speed.
Collisions reduce throughput by their very nature. In the worst case, when there are lots of hosts with long cables that attempt to transmit many short frames, excessive collisions can reduce throughput dramatically. However, a Xerox report in 1980 summarized the results of having 20 fast nodes attempting to transmit packets of various sizes as quickly as possible on the same Ethernet segment.[8] The results showed that, even for the smallest Ethernet frames (64 Bytes), 90% throughput on the LAN was the norm. This is in comparison with token passing LANs (token ring, token bus), all of which suffer throughput degradation as each new node comes into the LAN, due to token waits.
This report was controversial, as modeling showed that collision-based networks became unstable under loads as low as 40% of nominal capacity. Many early researchers failed to understand the subtleties of the CSMA/CD protocol and how important it was to get the details right, and were really modeling somewhat different networks (usually not as good as real Ethernet).[9]

[edit] Bridging and switching

While repeaters could isolate some aspects of Ethernet segments, such as cable breakages, they still forwarded all traffic to all Ethernet devices. This created practical limits on how many machines could communicate on an Ethernet network. Also as the entire network was one collision domain and all hosts had to be able to detect collisions anywhere on the network, the number of repeaters between the farthest nodes was limited. Finally segments joined by repeaters had to all operate at the same speed, making phased-in upgrades impossible.
To alleviate these problems, bridging was created to communicate at the data link layer while isolating the physical layer. With bridging, only well-formed Ethernet packets are forwarded from one Ethernet segment to another; collisions and packet errors are isolated. Bridges learn where devices are, by watching MAC addresses, and do not forward packets across segments when they know the destination address is not located in that direction.
Prior to discovery of network devices on the different segments, Ethernet bridges (and switches) work somewhat like Ethernet hubs, passing all traffic between segments. However, as the bridge discovers the addresses associated with each port, it only forwards network traffic to the necessary segments, improving overall performance. Broadcast traffic is still forwarded to all network segments. Bridges also overcame the limits on total segments between two hosts and allowed the mixing of speeds, both of which became very important with the introduction of Fast Ethernet.
Early bridges examined each packet one by one using software on a CPU, and some of them were significantly slower than hubs (multi-port repeaters) at forwarding traffic, especially when handling many ports at the same time. This was in part due to the fact that the entire Ethernet packet would be read into a buffer, the destination address compared with an internal table of known MAC addresses and a decision made as to whether to drop the packet or forward it to another or all segments.
In 1989 the networking company Kalpana introduced their EtherSwitch, the first Ethernet switch. This worked somewhat differently from an Ethernet bridge, in that only the header of the incoming packet would be examined before it was either dropped or forwarded to another segment. This greatly reduced the forwarding latency and the processing load on the network device. One drawback of this cut-through switching method was that packets that had been corrupted at a point beyond the header could still be propagated through the network, so a jabbering station could continue to disrupt the entire network. The remedy for this was to make available store-and-forward switching, where the packet would be read into a buffer on the switch in its entirety, verified against its checksum and then forwarded. This was essentially a return to the original approach of bridging, but with the advantage of more powerful, application-specific processors being used. Hence the bridging is then done in hardware, allowing packets to be forwarded at full wire speed. It is important to remember that the term switch was invented by device manufacturers and does not appear in the 802.3 standard.
Since packets are typically only delivered to the port they are intended for, traffic on a switched Ethernet is slightly less public than on shared-medium Ethernet. Despite this, switched Ethernet should still be regarded as an insecure network technology, because it is easy to subvert switched Ethernet systems by means such as ARP spoofing and MAC flooding. The bandwidth advantages, the slightly better isolation of devices from each other, the ability to easily mix different speeds of devices and the elimination of the chaining limits inherent in non-switched Ethernet have made switched Ethernet the dominant network technology.
When a twisted pair or fiber link segment is used and neither end is connected to a hub, full-duplex Ethernet becomes possible over that segment. In full duplex mode both devices can transmit and receive to/from each other at the same time, and there is no collision domain. This doubles the aggregate bandwidth of the link and is sometimes advertised as double the link speed (e.g. 200 Mbit/s) to account for this. However, this is misleading as performance will only double if traffic patterns are symmetrical (which in reality they rarely are). The elimination of the collision domain also means that all the link's bandwidth can be used and that segment length is not limited by the need for correct collision detection (this is most significant with some of the fiber variants of Ethernet).

[edit] More advanced networks

Simple switched Ethernet networks, while an improvement over hub based Ethernet, suffer from a number of issues:
  • They suffer from single points of failure. If any link fails some devices will be unable to communicate with other devices and if the link that fails is in a central location lots of users can be cut off from the resources they require.
  • It is possible to trick switches or hosts into sending data to a machine even if it's not intended for it (see switch vulnerabilities).
  • Large amounts of broadcast traffic, whether malicious, accidental, or simply a side effect of network size can flood slower links and/or systems.
    • It is possible for any host to flood the network with broadcast traffic forming a denial of service attack against any hosts that run at the same or lower speed as the attacking device.
    • As the network grows, normal broadcast traffic takes up an ever greater amount of bandwidth.
    • If switches are not multicast aware, multicast traffic will end up treated like broadcast traffic due to being directed at a MAC with no associated port.
    • If switches discover more MAC addresses than they can store (either through network size or through an attack) some addresses must inevitably be dropped and traffic to those addresses will be treated the same way as traffic to unknown addresses, that is essentially the same as broadcast traffic (this issue is known as failopen).
  • They suffer from bandwidth choke points where a lot of traffic is forced down a single link.
Some switches offer a variety of tools to combat these issues including:
  • Spanning-tree protocol to maintain the active links of the network as a tree while allowing physical loops for redundancy.
  • Various port protection features, as it is far more likely an attacker will be on an end system port than on a switch-switch link.
  • VLANs to keep different classes of users separate while using the same physical infrastructure.
  • Fast routing at higher levels to route between those VLANs.
  • Link aggregation to add bandwidth to overloaded links and to provide some measure of redundancy, although the links won't protect against switch failure because they connect the same pair of switches.

[edit] Autonegotiation and duplex modes

While the early coaxial cable based variants of Ethernet were half-duplex by design, all the common variants of twisted pair (10BASE-T, 100BASE-TX and 1000BASE-T) and fiber optic Ethernet provide separate channels for send and receive (full-duplex).
To allow use of hubs and for compatibility with existing variants of Ethernet they were originally implemented in a half-duplex manner with the transceiver detecting a collision if an attempt was made to transmit and receive simultaneously. However, if both ends of the link are not hubs, and the hardware supports it, the two channels can be split and used to make a full-duplex link.
In combination with the various speeds, this results in many different modes of operations (10BASE-T half duplex, 10BASE-T full duplex, 100BASE-TX half duplex, …) for Ethernet over twisted pair cable. In 1995, IEEE standard 802.3u (100BASE-TX) was released, allowing two network interfaces connected to each other to autonegotiate the best possible shared mode of operation. While implementation of autonegotiation is not required for a compliant 10BASE-T or 100BASE-TX Ethernet port, it is recommended as default behaviour by IEEE 802.3u. 1000BASE-T devices are required to implement autonegotiation in order to elect the clock master.
Ethernet contains a mechanism for detecting the speed but not the duplex setting of an Ethernet peer that did not use autonegotiation. when the remote does not negotiate An autonegotiating device assumes the remote device is a hub and defaults to half duplex. If the remote is, in fact a hub or a device operating in half duplex mode this works. But if remote is in full duplex mode, this generates a duplex mismatch. When two interfaces are connected and set to different duplex modes, the effect of the duplex mismatch is a network that works, but is much slower than its nominal speed. To avoid this, never set one end of a connection to a forced full-duplex setting and the other end to autonegotiation. Or better yet, never disable autonegotiation on any port. There are no disadvantages of keeping autonegotiation active on all devices.

[edit] Physical layer

The first Ethernet networks, 10BASE5, used thick yellow cable with vampire taps as a shared medium (using CSMA/CD). Later, 10BASE2 Ethernet used thinner coaxial cable (with BNC connectors) as the shared CSMA/CD medium. The later StarLAN 1BASE5 and 10BASE-T used twisted pair connected to Ethernet hubs with 8P8C (RJ45) modular connectors.
Currently Ethernet has many varieties that vary both in speed and physical medium used. The most common forms used are 10BASE-T, 100BASE-TX, and 1000BASE-T. All three utilize Category 5 cables and 8P8C modular connectors. They run at 10 Mbit/s, 100 Mbit/s, and 1 Gbit/s, respectively.
Fiber optic variants of Ethernet are commonly used in structured cabling applications. These variants have also seen substantial penetration in enterprise datacenter applications, but are rarely seen connected to end user systems for cost/convenience reasons. Their advantages lie in performance, electrical isolation and distance (up to tens of kilometers with some versions). 10 gigabit Ethernet is becoming more popular in both enterprise and carrier networks, with development starting on 40 Gbit/s[10][11] and 100 Gbit/s Ethernet.[12] Metcalfe now believes commercial applications using terabit Ethernet may occur by 2015 though he says existing Ethernet standards may have to be overthrown to reach terabit Ethernet.[13]
A data packet on the wire is called a frame and consists of just a long string of binary 0's and 1's. A frame viewed on the actual physical wire would show Preamble and Start Frame Delimiter, in addition to the other data. These are required by all physical hardware. However, they are not displayed by packet sniffing software because these bits are stripped away at OSI Layer 1 by the Ethernet adapter before being passed on to the OSI Layer 2 which is where packet sniffers collect their data from. There are OSI Physical Layer sniffers which can capture and display the Preamble and Start Frame but they are expensive and mainly used to detect physical related problems.
The table below shows the complete Ethernet frame, as transmitted, for the MTU of 1500 bytes (some implementations of gigabit Ethernet and higher speeds support larger jumbo frames). Note that the bit patterns in the preamble and start of frame delimiter are written as bit strings, with the first bit transmitted on the left (not as byte values, which in Ethernet are transmitted least significant bit first). This notation matches the one used in the IEEE 802.3 standard. One octet is eight bits of data (i.e., a byte on most modern computers).
10/100M transceiver chips (MII PHY) work with four bits (one nibble) at a time. Therefore the preamble will be 7 instances of 0101 + 0101, and the Start Frame Delimiter will be 0101 + 1101. 8-bit values are sent low 4-bit and then high 4-bit. 1000M transceiver chips (GMII) work with 8 bits at a time, and 10 Gbit/s (XGMII) PHY works with 32 bits at a time.
802.3 MAC Frame
Preamble Start-of-Frame-Delimiter MAC destination MAC source 802.1Q header (optional) Ethertype/Length Payload (Data and padding) CRC32 Interframe gap
7 octets of 10101010 1 octet of 10101011 6 octets 6 octets (4 octets) 2 octets 46–1500 octets 4 octets 12 octets

64–1522 octets
72–1530 octets
84–1542 octets
After a frame has been sent transmitters are required to transmit 12 octets of idle characters before transmitting the next frame.
From this table, we may calculate the efficiency and net bit rate for Ethernet:
\text{Efficiency} = \frac{\text{Payload 
size}}{\text{Frame size}}
Maximum efficiency is achieved with largest allowed payload size and is \frac{1500}{1538} = 97.53% for untagged Ethernet packets and \frac{1500}{1542} = 97.28% when 802.1Q VLAN tagging is used.
Net bit rate may be calculated from efficiency:
\text{Net bit rate} = \text{Efficiency} \times 
\text{Wire bit rate}\,\!
Maximum net bit rate for 100BASE-TX Ethernet without 802.1Q is 97.53 Mbit/s.

[edit] Ethernet frame types and the EtherType field

There are several types of Ethernet frames:
In addition, all four Ethernet frames types may optionally contain a IEEE 802.1Q tag to identify what VLAN it belongs to and its IEEE 802.1p priority (quality of service). This encapsulation is defined in the IEEE 802.3ac specification and increases the maximum frame by 4 bytes to 1522 bytes.
The different frame types have different formats and MTU values, but can coexist on the same physical medium.
The most common Ethernet Frame format, type II
Versions 1.0 and 2.0 of the Digital/Intel/Xerox (DIX) Ethernet specification have a 16-bit sub-protocol label field called the EtherType. The new IEEE 802.3 Ethernet specification replaced that with a 16-bit length field, with the MAC header followed by an IEEE 802.2 logical link control (LLC) header. The maximum length of a frame was 1518 bytes for untagged (1522 for 802.1p or 802.1q tagged) classical Ethernet v2 and IEEE802.3 frames. The two formats were eventually unified by the convention that values of that field between 64 and 1522 indicated the use of the new 802.3 Ethernet format with a length field, while values of 1536 decimal (0600 hexadecimal) and greater indicated the use of the original DIX or Ethernet II frame format with an EtherType sub-protocol identifier.[14] This convention allows software to determine whether a frame is an Ethernet II frame or an IEEE 802.3 frame, allowing the coexistence of both standards on the same physical medium. See also Jumbo Frames.
By examining the 802.2 LLC header, it is possible to determine whether it is followed by a SNAP (subnetwork access protocol) header. Some protocols, particularly those designed for the OSI networking stack, operate directly on top of 802.2 LLC, which provides both datagram and connection-oriented network services. The LLC header includes two additional eight-bit address fields, called service access points or SAPs in OSI terminology; when both source and destination SAP are set to the value 0xAA, the SNAP service is requested. The SNAP header allows EtherType values to be used with all IEEE 802 protocols, as well as supporting private protocol ID spaces. In IEEE 802.3x-1997, the IEEE Ethernet standard was changed to explicitly allow the use of the 16-bit field after the MAC addresses to be used as a length field or a type field.
Novell's "raw" 802.3 frame format was based on early IEEE 802.3 work. Novell used this as a starting point to create the first implementation of its own IPX Network Protocol over Ethernet. They did not use any LLC header but started the IPX packet directly after the length field. This does not conform to the IEEE 802.3 standard, but since IPX has always FF at the first two bytes (while in IEEE 802.2 LLC that pattern is theoretically possible but extremely unlikely), in practice this mostly coexists on the wire with other Ethernet implementations, with the notable exception of some early forms of DECnet which got confused by this.
Novell NetWare used this frame type by default until the mid nineties, and since Netware was very widespread back then, while IP was not, at some point in time most of the world's Ethernet traffic ran over "raw" 802.3 carrying IPX. Since Netware 4.10, Netware now defaults to IEEE 802.2 with LLC (Netware Frame Type Ethernet_802.2) when using IPX. (See "Ethernet Framing" in References for details.)
Mac OS uses 802.2/SNAP framing for the AppleTalk V2 protocol suite on Ethernet ("EtherTalk") and Ethernet II framing for TCP/IP.
The 802.2 variants of Ethernet are not in widespread use on common networks currently, with the exception of large corporate Netware installations that have not yet migrated to Netware over IP. In the past, many corporate networks supported 802.2 Ethernet to support transparent translating bridges between Ethernet and IEEE 802.5 Token Ring or FDDI networks. The most common framing type used today is Ethernet Version 2, as it is used by most Internet Protocol-based networks, with its EtherType set to 0x0800 for IPv4 and 0x86DD for IPv6.
There exists an Internet standard for encapsulating IP version 4 traffic in IEEE 802.2 frames with LLC/SNAP headers.[15] It is almost never implemented on Ethernet (although it is used on FDDI and on token ring, IEEE 802.11, and other IEEE 802 networks). IP traffic cannot be encapsulated in IEEE 802.2 LLC frames without SNAP because, although there is an LLC protocol type for IP, there is no LLC protocol type for ARP. IP Version 6 can also be transmitted over Ethernet using IEEE 802.2 with LLC/SNAP, but, again, that's almost never used (although LLC/SNAP encapsulation of IPv6 is used on IEEE 802 networks).
The IEEE 802.1Q tag, if present, is placed between the Source Address and the EtherType or Length fields. The first two bytes of the tag are the Tag Protocol Identifier (TPID) value of 0x8100. This is located in the same place as the EtherType/Length field in untagged frames, so an EtherType value of 0x8100 means the frame is tagged, and the true EtherType/Length is located after the Q-tag. The TPID is followed by two bytes containing the Tag Control Information (TCI) (the IEEE 802.1p priority (quality of service) and VLAN id). The Q-tag is followed by the rest of the frame, using one of the types described above.

[edit] Runt frames

A runt frame is an Ethernet frame that is less than the IEEE 802.3 minimum length of 64 bytes. Possible causes are collision, underruns, bad network card or software.[16][17]

[edit] Varieties of Ethernet

The Ethernet physical layer evolved over a considerable time span and encompasses quite a few physical media interfaces and several magnitudes of speed. The speed ranges from 1 Mbit/s to 10 Gbit/s in speed (higher speeds are under development)[citation needed] while the physical medium can range from bulky coaxial cable to twisted pair to optical fiber. In general, network protocol stack software will work similarly on all varieties.

[edit] Related standards

  • Networking standards that are not part of the IEEE 802.3 Ethernet standard, but support the Ethernet frame format, and are capable of interoperating with it.
    • LattisNet—A SynOptics pre-standard twisted-pair 10 Mbit/s variant.
    • 100BaseVG—An early contender for 100 Mbit/s Ethernet. It runs over Category 3 cabling. Uses four pairs. Commercial failure.
    • TIA 100BASE-SX—Promoted by the Telecommunications Industry Association. 100BASE-SX is an alternative implementation of 100 Mbit/s Ethernet over fiber; it is incompatible with the official 100BASE-FX standard. Its main feature is interoperability with 10BASE-FL, supporting autonegotiation between 10 Mbit/s and 100 Mbit/s operation – a feature lacking in the official standards due to the use of differing LED wavelengths. It is targeted at the installed base of 10 Mbit/s fiber network installations.
    • TIA 1000BASE-TX—Promoted by the Telecommunications Industry Association, it was a commercial failure, and no products exist. 1000BASE-TX uses a simpler protocol than the official 1000BASE-T standard so the electronics can be cheaper, but requires Category 6 cabling.
    • G.hn—A standard developed by ITU-T and promoted by HomeGrid Forum for high-speed (up to 1 Gbit/s) local area networks over existing home wiring (coaxial cables, power lines and phone lines). G.hn defines an Application Protocol Convergence (APC) layer that accepts Ethernet frames and encapsulates them into G.hn MSDUs.
It has been observed that Ethernet traffic has self-similar properties, with important consequences for traffic engineering.[citation needed]

[edit] See also

[edit] Notes

  1. ^ The experimental Ethernet described in the 1976 paper ran at 3 Mbit/s and had eight-bit destination and source address fields, so the original Ethernet addresses were not the MAC addresses they are today. By software convention, the 16 bits after the destination and source address fields specified a "packet type", but, as the paper says, "different protocols use disjoint sets of packet types". Thus the original packet types could vary within each different protocol, rather than the packet type in the current Ethernet standard which specifies the protocol being used.
http://en.wikipedia.org/wiki/Ethernet
06/09/10

Web Server

A web server is a computer program that delivers (serves) content, such as web pages, using the Hypertext Transfer Protocol (HTTP), over the World Wide Web. The term web server can also refer to the computer or virtual machine running the program. In large commercial deployments, a server computer running a web server can be rack-mounted with other servers to operate a web farm.

Contents

[hide]

[edit] Overview

The primary function of a web server is to deliver web pages to clients. This means delivery of HTML documents and any additional content that may be included by a document, such as images, style sheets and JavaScripts.
A client, commonly a web browser or web crawler, initiates communication by making a request for a specific resource using HTTP and the server responds with the content of that resource, or an error message if unable to do so. The resource is typically a real file on the server's secondary memory, but this is not necessarily the case and depends on how the web server is implemented.
While the primary function is to serve content, a full implementation of HTTP also includes a way of receiving content from clients. This feature is used for submitting web forms, including uploading of files.
Many generic web servers also support server-side scripting, e.g., Apache HTTP Server and PHP. This means that the behaviour of the web server can be scripted in separate files, while the actual server software remains unchanged. Usually, this functionality is used to create HTML documents on-the-fly as opposed to return fixed documents. This is referred to as dynamic and static content respectively. The former is primarily used for retrieving and/or modifying information in databases. The latter is, however, typically much faster and easily cached.
Web servers are not always used for serving the world wide web, but they can also be found embedded in devices such as printers, routers, webcams and serving only a local network. The web server may then be used as a part of a system for monitoring and/or administrating the device in question. This usually means that no additional software has to be installed on the client computer, since a only a web browser is required (which by now is included with most operating systems).

[edit] History of web servers

The world's first web server.
In 1989 Tim Berners-Lee proposed to his employer CERN (European Organization for Nuclear Research) a new project, which had the goal of easing the exchange of information between scientists by using a hypertext system. As a result of the implementation of this project, in 1990 Berners-Lee wrote two programs:
Between 1991 and 1994 the simplicity and effectiveness of early technologies used to surf and exchange data through the World Wide Web helped to port them to many different operating systems and spread their use among lots of different social groups of people, first in scientific organizations, then in universities and finally in industry.
In 1994 Tim Berners-Lee decided to constitute the World Wide Web Consortium (W3C) to regulate the further development of the many technologies involved (HTTP, HTML, etc.) through a standardization process.

[edit] Common features

  1. Virtual hosting to serve many Web sites using one IP address.
  2. Large file support to be able to serve files whose size is greater than 2 GB on 32 bit OS.
  3. Bandwidth throttling to limit the speed of responses in order to not saturate the network and to be able to serve more clients.
  4. Server-side scripting to generate dynamic Web pages, but still keeping Web server and Web site implementations separate from each other.

[edit] Path translation

Web servers are able to map the path component of a Uniform Resource Locator (URL) into:
  • a local file system resource (for static requests);
  • an internal or external program name (for dynamic requests).
For a static request the URL path specified by the client is relative to the Web server's root directory.
Consider the following URL as it would be requested by a client:
http://www.example.com/path/file.html
The client's user agent will translate it into a connection to www.example.com with the following HTTP 1.1 request:
GET /path/file.html HTTP/1.1
Host: www.example.com
The Web server on www.example.com will append the given path to the path of its root directory. On Unix machines, this is commonly /var/www. The result is the local file system resource:
/var/www/path/file.html
The Web server will then read the file, if it exists, and send a response to the client's Web browser. The response will describe the content of the file and contain the file itself.

[edit] Load limits

A Web server (program) has defined load limits, because it can handle only a limited number of concurrent client connections (usually between 2 and 80,000, by default between 500 and 1,000) per IP address (and TCP port) and it can serve only a certain maximum number of requests per second depending on:
  • its own settings;
  • the HTTP request type;
  • content origin (static or dynamic);
  • the fact that the served content is or is not cached;
  • the hardware and software limits of the OS where it is working.
When a Web server is near to or over its limits, it becomes unresponsive.

[edit] Kernel-mode and user-mode Web servers

A Web server can be either implemented into the OS kernel, or in user space (like other regular applications).
An in-kernel Web server (like TUX on GNU/Linux or Microsoft IIS on Windows) will usually work faster, because, as part of the system, it can directly use all the hardware resources it needs, such as non-paged memory, CPU time-slices, network adapters, or buffers.
Web servers that run in user-mode have to ask the system the permission to use more memory or more CPU resources. Not only do these requests to the kernel take time, but they are not always satisfied because the system reserves resources for its own usage and has the responsibility to share hardware resources with all the other running applications.
Also, applications cannot access the system's internal buffers, which causes useless buffer copies that create another handicap for user-mode web servers. As a consequence, the only way for a user-mode web server to match kernel-mode performance is to raise the quality of its code to much higher standards, similar to that of the code used in web servers that run in the kernel. This is a significant issue under Windows, where the user-mode overhead is about six times greater than that under Linux.[1]

[edit] Overload causes

At any time Web servers can be overloaded because of:
  • Too much legitimate Web traffic. Thousands or even millions of clients connecting to the Web site in a short interval, e.g., Slashdot effect;
  • DDoS. Distributed Denial of Service attacks;
  • Computer worms that sometimes cause abnormal traffic because of millions of infected computers (not coordinated among them);
  • XSS viruses can cause high traffic because of millions of infected browsers and/or Web servers;
  • Internet Web robots. Traffic not filtered/limited on large Web sites with very few resources (bandwidth, etc.);
  • Internet (network) slowdowns, so that client requests are served more slowly and the number of connections increases so much that server limits are reached;
  • Web servers (computers) partial unavailability. This can happen because of required or urgent maintenance or upgrade, hardware or software failures, back-end (e.g., DB) failures, etc.; in these cases the remaining Web servers get too much traffic and become overloaded.

[edit] Overload symptoms

The symptoms of an overloaded Web server are:
  • requests are served with (possibly long) delays (from 1 second to a few hundred seconds);
  • 500, 502, 503, 504 HTTP errors are returned to clients (sometimes also unrelated 404 error or even 408 error may be returned);
  • TCP connections are refused or reset (interrupted) before any content is sent to clients;
  • in very rare cases, only partial contents are sent (but this behavior may well be considered a bug, even if it usually depends on unavailable system resources).

[edit] Anti-overload techniques

To partially overcome above load limits and to prevent overload, most popular Web sites use common techniques like:
  • managing network traffic, by using:
    • Firewalls to block unwanted traffic coming from bad IP sources or having bad patterns;
    • HTTP traffic managers to drop, redirect or rewrite requests having bad HTTP patterns;
    • Bandwidth management and traffic shaping, in order to smooth down peaks in network usage;
  • deploying Web cache techniques;
  • using different domain names to serve different (static and dynamic) content by separate Web servers, i.e.:
    • http://images.example.com
    • http://www.example.com
  • using different domain names and/or computers to separate big files from small and medium sized files; the idea is to be able to fully cache small and medium sized files and to efficiently serve big or huge (over 10 - 1000 MB) files by using different settings;
  • using many Web servers (programs) per computer, each one bound to its own network card and IP address;
  • using many Web servers (computers) that are grouped together so that they act or are seen as one big Web server, see also: Load balancer;
  • adding more hardware resources (i.e. RAM, disks) to each computer;
  • tuning OS parameters for hardware capabilities and usage;
  • using more efficient computer programs for Web servers, etc.;
  • using other workarounds, especially if dynamic content is involved.

[edit] Market structure

Market share of major Web servers
Given below is a list of top web server software vendors published in a Netcraft survey in January 2010.
Vendor Product Web Sites Hosted (millions) Percent
Apache Apache 111 54%
Microsoft IIS 50 24%
Igor Sysoev nginx 16 8%
Google GWS 15 7%
lighttpd lighttpd 1 0.46%

[edit] See also

[edit] References

[edit] External links