OSI Layer 2

 -> DATA LINK LAYER -> Functions -> provides node-to-node connectivity and data transfer (local network using physical addresses) -> controls how data is placed and received on the media -> receives encapsulated data and directs it to the proper upper-layer protocol. -> performs error detection and rejects corrupt frames -> enables upper layers to access the media (Adjacent-layer interaction) -> accepts data (L3 packets) and encapsulates them into "frames" -> Data Link Layer PDU's				-> the L2 protocol used depends on the logical topology and the physical media -> IEEE 802LAN/MAN subdivides data link layer into two sublayers -> Logical Link Control (LLC) -> communicates between software layers at upper levels (L3) and hardware layers at lower level (MAC sublayer) -> adds fields to the frame that identifies which L3 protocol is used for the frame -> adds control information to the field -> Media Access Control (MAC) -> controls the hardware responsible for sending and receiving data on the physical medium -> provides data encapsulation -> frame delimiting -> addressing (MAC addresses or L2 Addresses or physical addresses) -> error detection (generates the Frame Check Sequence - FCS) -> provides media access control (controls access to the medium when multiple hosts contends for access) -> Frame -> layer 2 protocol data unit (the unit of data transmission at layer 2) -> the structure of the frame depends on the L2 protocol used to encapsulate the L3 packet -> the generic structure looks like -> HEADER -> Frame Start -> Used with Frame Stop to identify the beginning and end of the frame -> Addressing -> L2 Addresses -> are used for data transmission in the local network. -> Type -> Identifies the L3 protocol in the data field -> Control -> flow control services like QoS -> DATA -> L3 packet -> TRAILER -> Error Detection (last field) -> Frame Check Sequence field which contains the Cyclic Redundancy Check CRC value -> Frame Stop -> Example L2 protocols -> Point-to-Point Protocol (PPP)(WAN) -> High-Level Data Link Control (HDLC)(WAN) -> very common for leased line WAN links -> HDLC frame -> FLAG -> recognizable bits pattern so the receiving nodes realize a new frame is arriving -> DESTINATION ADDRESS -> Identifies the destination device -> due to the p2p nature of the links, the destination is implied and this field is unimportant -> a broadcast address is used as destination address. -> CONTROL -> TYPE -> Identifies the L3 Protocol -> FCS -> error detection purposes -> FLAG -> identifies the end of the frame -> Frame Relay (WAN) -> Asynchronous Transfer Mode (ATM)(WAN) -> X.25 (WAN) -> 802.11 Wireless -> ETHERNET -> A family of originally LAN networking standards and protocols -> Example -> at Layer 1 -> UTP cables, RJ-45 connectors, optical fiber cables and connectors -> at Layer 2 -> the Ethernet frame -> with the evolution of standards, Ethernet is used now in MAN and WAN networks as well -> Layer 2 Ethernet protocol was originally introduced in IEEE 802.3 standard -> part of IEEE 802 LAN/MAN protocols which means it uses the L2 sublayers LLC and MAC -> Ethernet frame -> minimum size -> 64 bytes -> Less than 64 bytes is called "collision fragment" or "runt frame" -> is discarded by Ethernet capable devices -> maximum size -> 1518 bytes; 1522 if 802.1Q tag is considered (1526/1530 with preamble & sfd). -> 1518 is the default maximum size used by Ethernet devices. -> larger than 1500 are called "jumbo frame" or "baby giant frame" -> the conventional adopted jumbo frame size is 9018 bytes (9022 for 802.1Q), however, bigger frame size may be possible to set, based on vendor -> advantages and disadvantages -> increase in efficiency -> more efficient usage of the bandwidth as using bigger frames, there is less overhead (encapsulation) for the same usable data. -> on a faulty link, though, having to retransmit lost frames means that more data has to be retransmitted -> it is to be noted that both SNAP and LLC additional headers will decrease the maximum size of the payload to 1492 bytes to keep the max frame size to 1518 bytes -> PREAMBLE and START of FRAME DELIMITER -> are streams of bits that are NOT part of the actual Ethernet frame (which starts at layer 2) -> are considered part of Ethernet transmission at layer 1 (physical layer) as they allow the sending and receiving devices to synchronize -> there is no "actual" header/data transmission -> they are not calculated in the frame's min/max sizes -> the PREAMBLE (7 bytes) -> a 7 byte (56 bits) series of alternating 1s and 0s -> allows the synchronization between sending and receiving devices -> the SFD (1 byte) -> is 10101011 -> marks the end of Preamble and the beginning of the rest of the frame -> Destination MAC Address field follows immediately after -> INTERPACKET GAP -> it is a mandatory pause, which follows each sent frame -> it is necessary to allow the receiving device to prepare to receive another frame. -> just as in the case of Preamble and SFD, it is not a frame field, but a layer 1 necessity -> has multiple versions -> based on the structure of the frame -> can be identified by -> the value of the EtherType/Length field -> if the value is 1500 or less, then the field is Length and indicates the length of the encapsulated packet -> specific to 802.3 frame formats -> if the value is 1536 or greater, then the field is EtherType and indicates the upper layer protocol encapsulated -> specific to Ethernet II frames only -> the first bytes of the payload that are occupied by the LLC and SNAP headers, separate between the types of 802.3 Ethernet formats -> EthernetII -> also called DIX Ethernet, and DIX Ethernet v2.0 (DIX = DEC, Intel, Xerox -> the original developers) -> it is the most commonly used framing type for TCP/IP networks

+-+-+---++---+															 | Destination | Source      | EtherType |      DATA      |    FCS    | | MAC Address | MAC Address |          |                |           | +-+-+---++---+															 |---6 bytes---|---6 bytes---|--2 bytes--|--46/1500 bytes-|--4 bytes--| -> DESTINATION MAC ADDRESS (6 bytes) -> the physical address of the receiving device. -> the receiving device uses this address to decide if it is the intended recipient. -> SOURCE MAC ADDRESS (6 bytes) -> the physical address of the sending device. Identifies the NIC from which the frame originates. -> ETHERTYPE (2 bytes) -> has a value of 1536 or greater -> identifies the upper layer protocol encapsulated -> Example: 0x0800 for IPv4 and 0x86DD for IPv6 -> DATA (46 bytes - 1500 bytes) -> upper layer packet encapsulated. -> the minimum limit is 42 when 802.1Q tag is added. -> if a small packet is encapsulated, additional bits (pad) are added to increase the size of the frame to minimum size. -> considering this, the maximum padding size is 46 bytes (42 if 802.1Q tag), if the actual payload would be 0 bytes (testing required) -> FCS (4 bytes) -> Frame Check Sequence -> used to detect error in a frame -> contains the Cyclic Redundancy Check value. -> the sending and receiving devices perform this CRC and if the values don't match then the frame is corrupt. -> IEEE 802.3 -> the IEEE standardized version of DIX's Ethernet II frame. -> same as Ethernet II, but -> Ethertype field is replaced by Length field -> Preamble is "formally" split between Preamble and Start of Frame Delimiter. But really it is the same exact thing -> usually unusable, as based on the frame's structure, there is no way to identify the next layer protocol -> it has been used in this form by Netware networks only, which used the IPX protocol, instead of IPv4 -> when used in NetWare networks, the DATA field always starts with 0xFFFF (the first field of IPX is "Checksum" which is always set to 0xFFFF) -> used as a "skeleton" frame, which is to describe the "minimal" structure an Ethernet frame should have

+-+-+---++---+															 | Destination | Source      |   Length  |      DATA      |    FCS    | | MAC Address | MAC Address |          |  (0xFFFF....)  |           | +-+-+---++---+															 |---6 bytes---|---6 bytes---|--2 bytes--|--46/1500 bytes-|--4 bytes--|

-> 802.3 LLC -> 802.3 + 802.2 LLC -> used only in NetWare network installations -> to make a usable frame, IEEE added the 802.2 LLC header at the top of the L2 -> IEEE 802.2 -> IEEE standard that defines the LLC subheader at the top of the L2 layer -> basically LLC becomes the upper half of L2																									    -> has three modes -> unacknowledged connectionless mode -> connection mode -> Acknowledged connectionless mode -> fields -> DSAP -> 8 bits -> its purpose is to identify the upper layer protocol to which the packet is addressed -> SSAP -> 8 bits -> its purpose is to identify the upper layer protocol which encapsulates the message -> basically serves the same purpose as EtherType -> CONTROL -> 8 or 16 bits +LLC+ +-+-+---+++-++---+															 | Destination | Source      |   Length  |  DSAP  |  SSAP  | Control |      DATA      |    FCS    | | MAC Address | MAC Address |          |        |        |         |                |           | +-+-+---+++-++															 |---6 bytes---|---6 bytes---|--2 bytes--|-1 byte-|-1 byte-|--1 byte-|--43/1497 bytes-|--4 bytes--|

-> IEEE 802.2 SNAP -> 802.3 LLC's DSAP and SSAP fields couldn't contain enough values to accomodate enough upper layer protocols. -> so on top of LLC, IEEE added the SNAP header -> Subnetwork Access Protocol -> allows using more upper layer protocols than the LLC permits -> also permits using vendor specific upper layer protocols -> when SNAP header is used, LLC's DSAP and SSAP are set to 0xAA -> fields -> OUI -> Organizationally Unique Identifier -> identifies a specific organization -> PROTOCOL ID -> identifies the upper layer protocol -> if the OUI is 0, the Protocol ID must contain the EtherType value for the upper layer protocol -> if the OUI is different from 0, then the protocol ID is the value assigned by the organization identified by that OUI, to the upper layer protocol

+LLC+SNAP+ +-+-+---+++-+-+--++---+															 | Destination | Source      |   Length  |  DSAP  |  SSAP  | Control |   OUI   | Protocol |      DATA      |    FCS    | | MAC Address | MAC Address |          | (0xAA) | (0xAA) |         |         |    ID    |                |           | +-+-+---+++-+-+--++---+															 |---6 bytes---|---6 bytes---|--2 bytes--|-1 byte-|-1 byte-|--1 byte-|-3 bytes-|-2 bytes--|--38/1492 bytes-|--4 bytes--| -> all things considered an Ethernet transmission would look like:

+--+-++-+--+-++-+									   | PREAMBLE | SFD |   ETHERNET FRAME   | INTERPACKET | PREAMBLE | SFD |   ETHERNET FRAME   | INTERPACKET | |         |     |                    |     GAP     |          |     |                    |     GAP     | +--+-++-+--+-++-+									   |layer 1-|--layer 2---|---layer 1|--layer 2---|---layer 1---| -> MAC Address -> used to identify the source and destination NICs. -> has no meaning outside the local network where the frame originated. -> the first 6 hexadecimal digits identify the vendor of the hardware (Organizationally Unique Identifier OUI). -> MAC Addresses are usually globally unique (there are local unique MACs). -> 48 bits in length, expressed using 12 hexadecimal digits. -> the MAC addresses can be -> UNICAST -> is the unique MAC address of a NIC. -> the frame is intended for a single device -> MULTICAST -> special MAC addresses used when the frame is destined to a group of NICs -> for example, 01-00-5E-XX-XX-XX destination addresses are used when the encapsulated packet is a IPv4 multicast packet. -> by default, they are flooded by switches and NOT forwarded by routers. These behaviours can be changed. -> there are special reserved multicast destination MACs for when data encapsulated is not IP (STP, LLDP) -> since no device would ever reply (source) with a multicast/broadcast MAC address, these addresses will never appear in a MAC table. -> BROADCAST -> the destination broadcast MAC address is FF-FF-FF-FF-FF-FF -> all IP broadcast packets use a broadcast MAC. -> by default, these frames are flooded by switches and NOT forwarded by routers. These behaviours can be changed. -> not all broadcast frames encapsulate broadcast IP packets. For example ARP frames. -> SWITCHING FUNDAMENTALS: -> a switch makes its forwarding decisions based on the destination MAC address and using its MAC Address Table (CAM table) -> a switch works by performing 4 functions -> LEARNING -> the switch examines the source MAC address and the port of an incoming frame and -> if the MAC address doesn't exist in its CAM table then it is added in the table along with the incoming interface (port) number -> if it does exist then the switch refreshes its timer for that entry ( 5 minutes by default, called "aging-time" ) -> if it does exist but on a different port then it is added in the CAM table with the new port and replaces the old entry. -> the MAC Address Table (CAM Table) is built solely on SOURCE MAC ADDRESSES using the learning operation. -> when the MAC table fills, the switch removes the oldest entries -> FLOODING -> the switch examines the destination mac address of a frame -> if the destination mac address is not on its CAM table (unknown unicast) then the frame is forwarded on all the ports except the port it came from. -> multicast and broadcast frames are always flooded. -> FILTERING -> refers to "not forward" a frame on specific interfaces -> if the destination MAC address is on its CAM table then the frame is forwarded only on that port. -> FORWARDING -> refers to the switch sending the received frames on other ports. Flooding and Filtering are the two "types" of Forwarding a switch does. -> Cisco switches have two methods of forwarding: -> Store-and-forward switching -> the switch receives the entire frame -> computes CRC -> if the CRC is valid the switch determines the outgoing interface -> the frame is forwarded -> Cut-through switching -> has two types -> Fast-Forward switching -> the switch forwards the frame as soon as the destination address is read. -> offers the lowest level of latency -> Fragment-free switching -> the switch stores only the first 64 bytes of data and performs an error check -> Memory Buffering -> a swtich stores a frame until it can be transmitted -> methods -> port-based memory -> specific queues for each incoming port -> a frame is sent to the outgoing port when all the frames ahead of it in the queue have been transmitted -> a single frama can delay the transmission of all frames if the outgoingport is busy -> shared memory -> common memory buffer shared by all switch ports -> the frames are not kept in queues, they are dynamically linked to the outgoing ports. -> recommended in assymetric switching (different ports have different bandwidths). -> Topologies -> WAN -> Point-to-Point -> a permanent link between 2 points -> Hub and spoke -> a central site interconnects branch sites using point to point links. -> Mesh -> every point is interconnected to every other point. -> LAN -> Star -> multiple hosts connected to a switch -> extended-star -> multiple star switches connected. -> Bus -> all end systems are chained to each other. -> Ring -> end systems are connected to their neighbour forming a ring. -> Access Control Methods -> COntention-based access -> all nodes are operating in half-duplex, competing for the use of the medium -> contention based access methodes -> Carrier sense multiple access with collision detection CSMA/CD -> used on legacy Ethernet LAN networks -> bus topology -> networks using Hubs -> the hosts listen and if they don't detect a carrier signal they assume the network is available to send -> if the hosts needs to send data but it is receiving, then he will wait until the network is available -> the sender listens while sending and if a collision occurs -> sends a jamming signal telling all nodes a collision occured -> chooses a random time to retransmit -> the steps repeat (listens for a carrier signal...) -> the hosts can detect if collisions have occured by comparing the data sent with the data received or by signal amplitude. -> Carrier sense multiple access with collision avoidance CSMA/CA -> used by 802.11 WLAN networks. -> uses similar methods to CSMA/CD to detect if the media is clear -> since collision can not be detected in wireless environments, CSMA/CA attempts to avoid them. -> each device includes the time duration it needs for the transmission, this way other devices know how long the medium will be unavailable. -> process -> the device listens to the channel (carrier) to see if it is idle (available) -> sends a RTS (request-to-send) message to the AP to request dedicated access to the network -> receives a clear-to-send CTS message from the AP granting access to send -> if the client doesn't receive the CTS, it waits arandom amount of time before restarting the process -> after it receives the CTS, the client starts transmitting data. -> the transmissions are acknowledged. If a client does not receive an acknowledgement, it assumes a collision occured and restarts the process.

ref: https://arxiv.org/ftp/arxiv/papers/1610/1610.00635.pdf https://www.firewall.cx/networking-topics/ethernet/ethernet-frame-formats/202-ieee-8023-snap-frame.html http://www.cnt4all.com/2017/02/IEEE-802.3-LLC-frame-IEEE-802.3-SNAP-frame.html https://community.cisco.com/t5/switching/ether-frames-802-3-naming-conventions/td-p/2076323 ccna materials https://en.wikipedia.org/wiki/Ethernet_frame