Ethernet

These protocols comprise the TCP/IP protocol stack and since the Internet was built using these protocols, Ethernet is now the predominant LAN technology in the world.

Internet Engineering Task Force (IETF) maintains the functional protocols and services for the TCP/IP protocol suite in the upper layers. However, the functional protocols and services at the OSI Data Link layer and Physical layer are described by various engineering organizations (IEEE, ANSI, ITU) or by private companies (proprietary protocols). Since Ethernet is comprised of standards at these lower layers, generalizing, it may best be understood in reference to the OSI model. The OSI model separates the Data Link layer functionalities of addressing, framing and accessing the media from the Physical layer standards of the media. Ethernet standards define both the Layer 2 protocols and the Layer 1 technologies. Although Ethernet specifications support different media, bandwidths, and other Layer 1 and 2 variations, the basic frame format and address scheme is the same for all varieties of Ethernet.


Ethernet – Layer 1 and Layer 2

Ethernet operates across two layers of the OSI model. The model provides a reference to which Ethernet can be related but it is actually implemented in the lower half of the Data Link layer, which is known as the Media Access Control (MAC) sublayer, and the Physical layer only.
Ethernet at Layer 1 involves signals, bit streams that travel on the media, physical components that put signals on media, and various topologies. Ethernet Layer 1 performs a key role in the communication that takes place between devices, but each of its functions has limitations.



As the figure shows, Ethernet at Layer 2 addresses these limitations. The Data Link sublayers contribute significantly to technological compatibility and computer communications. The MAC sublayer is concerned with the physical components that will be used to communicate the information and prepares the data for transmission over the media..

The Logical Link Control (LLC) sublayer remains relatively independent of the physical equipment that will be used for the communication process.


Logical Link Control – Connecting to the Upper Layers

Ethernet separates the functions of the Data Link layer into two distinct sublayers: the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer. The functions described in the OSI model for the Data Link layer are assigned to the LLC and MAC sublayers. The use of these sublayers contributes significantly to compatibility between diverse end devices.

For Ethernet, the IEEE 802.2 standard describes the LLC sublayer functions, and the 802.3 standard describes the MAC sublayer and the Physical layer functions. Logical Link Control handles the communication between the upper layers and the networking software, and the lower layers, typically the hardware. The LLC sublayer takes the network protocol data, which is typically an IPv4 packet, and adds control information to help deliver the packet to the destination node. Layer 2 communicates with the upper layers through LLC.


MAC – Getting Data to the Media

Media Access Control (MAC) is the lower Ethernet sublayer of the Data Link layer. Media Access Control is implemented by hardware, typically in the computer Network Interface Card (NIC).

The Ethernet MAC sublayer has two primary responsibilities:
• Data Encapsulation
• Media Access Control


Data Encapsulation

Data encapsulation provides three primary functions:
• Frame delimiting
• Addressing
• Error detection

The data encapsulation process includes frame assembly before transmission and frame parsing upon reception of a frame. In forming the frame, the MAC layer adds a header and trailer to the Layer 3 PDU. The use of frames aids in the transmission of bits as they are placed on the media and in the grouping of bits at the receiving node.

The framing process provides important delimiters that are used to identify a group of bits that make up a frame. This process provides synchronization between the transmitting and receiving nodes.

The encapsulation process also provides for Data Link layer addressing. Each Ethernet header added in the frame contains the physical address (MAC address) that enables a frame to be delivered to a destination node.

An additional function of data encapsulation is error detection. Each Ethernet frame contains a trailer with a cyclic redundancy check (CRC) of the frame contents. After reception of a frame, the receiving node creates a CRC to compare to the one in the frame. If these two CRC calculations match, the frame can be trusted to have been received without error.


Media Access Control

The MAC sublayer controls the placement of frames on the media and the removal of frames from the media. As its name implies, it manages the media access control. This includes the initiation of frame transmission and recovery from transmission failure due to collisions.


Ethernet Collision Management

Legacy Ethernet

In 10BASE-T networks, typically the central point of the network segment was a hub. This created a shared media. Because the media is shared, only one station could successfully transmit at a time. This type of connection is described as a half-duplex communication.



As more devices were added to an Ethernet network, the amount of frame collisions increased significantly. During periods of low communications activity, the few collisions that occur are managed by CSMA/CD, with little or no impact on performance. As the number of devices and subsequent data traffic increase, however, the rise in collisions can have a significant impact on the user's experience.

Current Ethernet

A significant development that enhanced LAN performance was the introduction of switches to replace hubs in Ethernet-based networks. This development closely corresponded with the development of 100BASE-TX Ethernet. Switches can control the flow of data by isolating each port and sending a frame only to its proper destination (if the destination is known), rather than send every frame to every device.



The switch reduces the number of devices receiving each frame, which in turn reduces or minimizes the possibility of collisions. This, and the later introduction of full-duplex communications (having a connection that can carry both transmitted and received signals at the same time), has enabled the development of 1Gbps Ethernet and beyond.


MAC Address Structure

The MAC address value is a direct result of IEEE-enforced rules for vendors to ensure globally unique addresses for each Ethernet device. The rules established by IEEE require any vendor that sells Ethernet devices to register with IEEE. The IEEE assigns the vendor a 3-byte code, called the Organizationally Unique Identifier (OUI).


IEEE requires a vendor to follow two simple rules:
• All MAC addresses assigned to a NIC or other Ethernet device must use that vendor's assigned OUI as the first 3 bytes.
• All MAC addresses with the same OUI must be assigned a unique value (vendor code or serial number) in the last 3 bytes.

The MAC address is often referred to as a burned-in address (BIA) because it is burned into ROM (Read-Only Memory) on the NIC. This means that the address is encoded into the ROM chip permanently - it cannot be changed by software.

However, when the computer starts up, the NIC copies the address into RAM. When examining frames, it is the address in RAM that is used as the source address to compare with the destination address. The MAC address is used by the NIC to determine if a message should be passed to the upper layers for processing.


Hexadecimal Numbering and Addressing

Hexadecimal ("Hex") is a convenient way to represent binary values. Just as decimal is a base ten numbering system and binary is base two, hexadecimal is a base sixteen system.

The base 16 numbering system uses the numbers 0 to 9 and the letters A to F. The figure shows the equivalent decimal, binary, and hexadecimal values for binary 0000 to 1111. It is easier for us to express a value as a single hexadecimal digit than as four bits.



Understanding Bytes

Given that 8 bits (a byte) is a common binary grouping, binary 00000000 to 11111111 can be represented in hexadecimal as the range 00 to FF. Leading zeroes are always displayed to complete the 8-bit representation. For example, the binary value 0000 1010 is shown in hexadecimal as 0A.


Summary:

Ethernet is an effective and widely used TCP/IP Network Access protocol. Its common frame structure has been implemented across a range of media technologies, both copper and fiber, making the most common LAN protocol in use today.

As an implementation of the IEEE 802.2/3 standards, the Ethernet frame provides MAC addressing and error checking. Being a shared media technology, early Ethernet had to apply a CSMA/CD mechanism to manage the use of the media by multiple devices. Replacing hubs with switches in the local network has reduced the probability of frame collisions in half-duplex links. Current and future versions, however, inherently operate as full-duplex communications links and do not need to manage media contention to the same detail.

OSI Physical Layer

Upper OSI layer protocols prepare data from the human network for transmission to its destination. The Physical layer controls how data is transmitted on the communication media.

The role of the OSI Physical layer is to encode the binary digits that represent Data Link layer frames into signals and to transmit and receive these signals across the physical media - copper wires, optical fiber, and wireless - that connect network devices.

The delivery of frames across the local media requires the following Physical layer elements:
• The physical media and associated connectors
• A representation of bits on the media
• Encoding of data and control information
• Transmitter and receiver circuitry on the network devices



At this stage of the communication process, the user data has been segmented by the Transport layer, placed into packets by the Network layer, and further encapsulated as frames by the Data Link layer. The purpose of the Physical layer is to create the electrical, optical, or microwave signal that represents the bits in each frame. These signals are then sent on the media one at a time.

There are three basic forms of network media on which data is represented:
• Copper cable
• Fiber
• Wireless



The representation of the bits - that is, the type of signal - depends on the type of media. For copper cable media, the signals are patterns of electrical pulses. For fiber, the signals are patterns of light. For wireless media, the signals are patterns of radio transmissions.

Different physical media support the transfer of bits at different speeds. Data transfer can be measured in three ways:
• Bandwidth
• Throughput
• Goodput

Bandwidth

The capacity of a medium to carry data is described as the raw data bandwidth of the media. Digital bandwidth measures the amount of information that can flow from one place to another in a given amount of time. Bandwidth is typically measured in kilobits per second (kbps) or megabits per second (Mbps).

Throughput

Throughput is the measure of the transfer of bits across the media over a given period of time. Due to a number of factors, throughput usually does not match the specified bandwidth in Physical layer implementations such as Ethernet.

Many factors influence throughput. Among these factors are the amount of traffic, the type of traffic, and the number of network devices encountered on the network being measured. In a multi-access topology such as Ethernet, nodes are competing for media access and its use. Therefore, the throughput of each node is degraded as usage of the media increases.

Goodput

A third measurement has been created to measure the transfer of usable data. Goodput is the measure of usable data transferred over a given period of time, and is therefore the measure that is of most interest to network users.



As shown in the figure, goodput measures the effective transfer of user data between Application layer entities, such as between a source web server process and a destination web browser device.

Unshielded Twisted Pair (UTP) Cable
Unshielded twisted-pair (UTP) cabling, as it is used in Ethernet LANs, consists of four pairs of color-coded wires that have been twisted together and then encased in a flexible plastic sheath.



As seen in the figure, the color codes identify the individual pairs and wires in the pairs and aid in cable termination.

The twisting has the effect of canceling unwanted signals. When two wires in an electrical circuit are placed close together, external electromagnetic fields create the same interference in each wire. The pairs are twisted to keep the wires in as close proximity as is physically possible. When this common interference is present on the wires in a twisted pair, the receiver processes it in equal yet opposite ways. As a result, the signals caused by electromagnetic interference from external sources are effectively cancelled.

This cancellation effect also helps avoid interference from internal sources called crosstalk. Crosstalk is the interference caused by the magnetic field around the adjacent pairs of wires in the cable. When electrical current flows through a wire, it creates a circular magnetic field around the wire.

UTP Cable Types
UTP cabling, terminated with RJ-45 connectors, is a common copper-based medium for interconnecting network devices, such as computers, with intermediate devices, such as routers and network switches.

Different situations may require UTP cables to be wired according to different wiring conventions. This means that the individual wires in the cable have to be connected in different orders to different sets of pins in the RJ-45 connectors. The following are main cable types that are obtained by using specific wiring conventions:
• Ethernet Straight-through
• Ethernet Crossover
• Rollover



Using a crossover or straight-through cable incorrectly between devices may not damage the devices, but connectivity and communication between the devices will not take place. This is a common error in the lab and checking that the device connections are correct should be the first troubleshooting action if connectivity is not achieved.


Fiber Media
Fiber-optic cabling uses either glass or plastic fibers to guide light impulses from source to destination. The bits are encoded on the fiber as light impulses. Optical fiber cabling is capable of very large raw data bandwidth rates. Most current transmission standards have yet to approach the potential bandwidth of this media.

Optical fiber media implementation issues include:
• More expensive (usually) than copper media over the same distance (but for a higher capacity)
• Different skills and equipment required to terminate and splice the cable infrastructure
• More careful handling than copper media

At present, in most enterprise environments, optical fiber is primarily used as backbone cabling for high-traffic point-to-point connections between data distribution facilities and for the interconnection of buildings in multi-building campuses. Because optical fiber does not conduct electricity and has low signal loss, it is well suited for these uses.


Single-mode and Multimode Fiber
Fiber optic cables can be broadly classified into two types: single-mode and multimode.



Single-mode optical fiber carries a single ray of light, usually emitted from a laser. Because the laser light is uni-directional and travels down the center of the fiber, this type of fiber can transmit optical pulses for very long distances.

Multimode fiber typically uses LED emitters that do not create a single coherent light wave. Instead, light from an LED enters the multimode fiber at different angles. Because light entering the fiber at different angles takes different amounts of time to travel down the fiber, long fiber runs may result in the pulses becoming blurred on reception at the receiving end.

It is recommended that an Optical Time Domain Reflectometer (OTDR) be used to test each fiber-optic cable segment. This device injects a test pulse of light into the cable and measures back scatter and reflection of light detected as a function of time. The OTDR will calculate the approximate distance at which these faults are detected along the length of the cable.

A field test can be performed by shining a bright flashlight into one end of the fiber while observing the other end of the fiber. If light is visible, then the fiber is capable of passing light. Although this does not ensure the performance of the fiber, it is a quick and inexpensive way to find a broken fiber.


Wireless Media
Wireless media carry electromagnetic signals at radio and microwave frequencies that represent the binary digits of data communications. As a networking medium, wireless is not restricted to conductors or pathways, as are copper and fiber media.



Wireless data communication technologies work well in open environments. However, certain construction materials used in buildings and structures, and the local terrain, will limit the effective coverage. In addition, wireless is susceptible to interference and can be disrupted by such common devices as household cordless phones, some types of fluorescent lights, microwave ovens, and other wireless communications.

The Wireless LAN
A common wireless data implementation is enabling devices to wirelessly connect via a LAN. In general, a wireless LAN requires the following network devices:

• Wireless Access Point (AP) - Concentrates the wireless signals from users and connects, usually through a copper cable, to the existing copper-based network infrastructure such as Ethernet.
• Wireless NIC adapters - Provides wireless communication capability to each network host.

As the technology has developed, a number of WLAN Ethernet-based standards have emerged. Care needs to be taken in purchasing wireless devices to ensure compatibility and interoperability.

Standards include:

IEEE 802.11a - Operates in the 5 GHz frequency band and offers speeds of up to 54 Mbps. Because this standard operates at higher frequencies, it has a smaller coverage area and is less effective at penetrating building structures. Devices operating under this standard are not interoperable with the 802.11b and 802.11g standards described below.

IEEE 802.11b - Operates in the 2.4 GHz frequency band and offers speeds of up to 11 Mbps. Devices implementing this standard have a longer range and are better able to penetrate building structures than devices based on 802.11a.

IEEE 802.11g - Operates in the 2.4 GHz frequency band and offers speeds of up to 54 Mbps. Devices implementing this standard therefore operate at the same radio frequency and range as 802.11b but with the bandwidth of 802.11a.

IEEE 802.11n - The IEEE 802.11n standard is currently in draft form. The proposed standard defines frequency of 2.4 Ghz or 5 GHz. The typical expected data rates are 100 Mbps to 210 Mbps with a distance range of up to 70 meters.

The benefits of wireless data communications technologies are evident, especially the savings on costly premises wiring and the convenience of host mobility. However, network administrators need to develop and apply stringent security policies and processes to protect wireless LANs from unauthorized access and damage.

Data Link Layer

To support our communication, the OSI model divides the functions of a data network into layers.

To recap:
• The Application layer provides the interface to the user.
• The Transport layer is responsible for dividing and managing communications between the processes running in the two end systems.
• The Network layer protocols organize our communication data so that it can travel across internetworks from the originating host to a destination host.

For Network layer packets to be transported from source host to destination host, they must traverse different physical networks. These physical networks can consist of different types of physical media such as copper wires, microwaves, optical fibers, and satellite links. Network layer packets do not have a way to directly access these different media.

It is the role of the OSI Data Link layer to prepare Network layer packets for transmission and to control access to the physical media.

The Data Link layer performs two basic services:
• Allows the upper layers to access the media using techniques such as framing
• Controls how data is placed onto the media and is received from the media using techniques such as media access control and error detection

As with each of the OSI layers, there are terms specific to this layer:



Frame - The Data Link layer PDU
Node - The Layer 2 notation for network devices connected to a common medium
Media/medium (physical)* - The physical means for the transfer of information between two nodes
Network (physical)** - Two or more nodes connected to a common medium
The Data Link layer is responsible for the exchange of frames between nodes over the media of a physical network.

The Data Link layer exists as a connecting layer between the software processes of the layers above it and the Physical layer below it. As such, it prepares the Network layer packets for transmission across some form of media, be it copper, fiber, or the atmosphere.



In many cases, the Data Link layer is embodied as a physical entity, such as an Ethernet network interface card (NIC), which inserts into the system bus of a computer and makes the connection between running software processes on the computer and physical media. The NIC is not solely a physical entity, however. Software associated with the NIC enables the NIC to perform its intermediary functions of preparing data for transmission and encoding the data as signals to be sent on the associated media.


The two common LAN sublayers are:

Logical Link Control
Logical Link Control (LLC) places information in the frame that identifies which Network layer protocol is being used for the frame. This information allows multiple Layer 3 protocols, such as IP and IPX, to utilize the same network interface and media.

Media Access Control
Media Access Control (MAC) provides Data Link layer addressing and delimiting of data according to the physical signaling requirements of the medium and the type of Data Link layer protocol in use.


Some network topologies share a common medium with multiple nodes. At any one time, there may be a number of devices attempting to send and receive data using the network media. There are rules that govern how these devices share the media.

Contention-based Access for Shared Media
Also referred to as non-deterministic, contention-based methods allow any device to try to access the medium whenever it has data to send. To prevent complete chaos on the media, these methods use a Carrier Sense Multiple Access (CSMA) process to first detect if the media is carrying a signal. If a carrier signal on the media from another node is detected, it means that another device is transmitting. When the device attempting to transmit sees that the media is busy, it will wait and try again after a short time period. If no carrier signal is detected, the device transmits its data.

CSMA is usually implemented in conjunction with a method for resolving the media contention. The two commonly used methods are:

CSMA/Collision Detection
In CSMA/Collision Detection (CSMA/CD), the device monitors the media for the presence of a data signal. If a data signal is absent, indicating that the media is free, the device transmits the data. If signals are then detected that show another device was transmitting at the same time, all devices stop sending and try again later. Traditional forms of Ethernet use this method.

CSMA/Collision Avoidance
In CSMA/Collision Avoidance (CSMA/CA), the device examines the media for the presence of a data signal. If the media is free, the device sends a notification across the media of its intent to use it. The device then sends the data. This method is used by 802.11 wireless networking technologies.


Full Duplex and Half Duplex
In point-to-point connections, the Data Link layer has to consider whether the communication is half-duplex or full-duplex.

Half-duplex communication means that the devices can both transmit and receive on the media but cannot do so simultaneously. Ethernet has established arbitration rules for resolving conflicts arising from instances when more than one station attempts to transmit at the same time.

In full-duplex communication, both devices can transmit and receive on the media at the same time. The Data Link layer assumes that the media is available for transmission for both nodes at any time. Therefore, there is no media arbitration necessary in the Data Link layer.


The topology of a network is the arrangement or relationship of the network devices and the interconnections between them. Network topologies can be viewed at the physical level and the logical level.

The physical topology is an arrangement of the nodes and the physical connections between them. The representation of how the media is used to interconnect the devices is the physical topology.

A logical topology is the way a network transfers frames from one node to the next. This arrangement consists of virtual connections between the nodes of a network independent of their physical layout. These logical signal paths are defined by Data Link layer protocols. The Data Link layer "sees" the logical topology of a network when controlling data access to the media. It is the logical topology that influences the type of network framing and media access control used.

Logical and physical topologies typically used in networks are:
• Point-to-Point
• Multi-Access
• Ring



A point-to-point topology connects two nodes directly together. In data networks with point-to-point topologies, the media access control protocol can be very simple. All frames on the media can only travel to or from the two nodes. The frames are placed on the media by the node at one end and taken off the media by the node at the other end of the point-to-point circuit.

A logical multi-access topology enables a number of nodes to communicate by using the same shared media. Data from only one node can be placed on the medium at any one time. Every node sees all the frames that are on the medium, but only the node to which the frame is addressed processes the contents of the frame.

In a logical ring topology, each node in turn receives a frame. If the frame is not addressed to the node, the node passes the frame to the next node. This allows a ring to use a controlled media access control technique called token passing.


Data Link Layer Protocols – The Frames

Remember that although there are many different Data Link layer protocols that describe Data Link layer frames, each frame type has three basic parts:
• Header
• Data
• Trailer

All Data Link layer protocols encapsulate the Layer 3 PDU within the data field of the frame. However, the structure of the frame and the fields contained in the header and trailer vary according to the protocol.

The Data Link layer protocol describes the features required for the transport of packets across different media. These features of the protocol are integrated into the encapsulation of the frame. When the frame arrives at its destination and the Data Link protocol takes the frame off the media, the framing information is read and discarded.

Addressing the Network

Addressing is a key function of Network layer protocols that enables data communication between hosts on the same network or on different networks. Internet Protocol version 4 (IPv4) provides hierarchical addressing for packets that carry our data.

Designing, implementing and managing an effective IPv4 addressing plan ensures that our networks can operate effectively and efficiently.

These addresses are used in the data network as binary patterns. Inside the devices, digital logic is applied for their interpretation. For us in the human network, a string of 32 bits is difficult to interpret and even more difficult to remember. Therefore, we represent IPv4 addresses using dotted decimal format.

If you want to know how to convert between 8-bit binary and decimal numbers, go to counting binary.

Within the address range of each IPv4 network, we have three types of addresses:

Network address - The address by which we refer to the network
Broadcast address - A special address used to send data to all hosts in the network
Host addresses - The addresses assigned to the end devices in the network

Network Address:
The network address is a standard way to refer to a network. Within the IPv4 address range of a network, the lowest address is reserved for the network address. This address has a 0 for each host bit in the host portion of the address.

Sample:
10.0.0.0
172.16.0.0
192.168.1.0

Broadcast Address:
The IPv4 broadcast address is a special address for each network that allows communication to all the hosts in that network. To send data to all hosts in a network, a host can send a single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s.

Sample:
10.0.0.255
172.16.0.255
192.168.1.255

Host Address:
As described previously, every end device requires a unique address to deliver a packet to that host. In IPv4 addresses, we assign the values between the network address and the broadcast address to the devices in that network.

Sample:
10.0.0.1 to 10.0.0.254
172.16.0.1 to 172.16.0.254
192.168.1.1 to 192.168.1.254

Network Prefixes
The prefix length is the number of bits in the address that gives us the network portion. For example, in 172.16.4.0 /24, the /24 is the prefix length - it tells us that the first 24 bits are the network address. This leaves the remaining 8 bits, the last octet, as the host portion.
Networks are not always assigned a /24 prefix. Depending on the number of hosts on the network, the prefix assigned may be different. Having a different prefix number changes the host range and broadcast address for each network.

Notice that the network address could remain the same, but the host range and the broadcast address are different for the different prefix lengths. In this figure you can also see that the number of hosts that can be addressed on the network changes as well.

See the figure for an example of the address assignment for the 172.16.20.0 /25 network.



In the first box, we see the representation of the network address. With a 25 bit prefix, the last 7 bits are host bits. To represent the network address, all of these host bits are '0'. This makes the last octet of the address 0. This makes the network address 172.16.20.0 /25.

In the second box, we see the calculation of the lowest host address. This is always one greater than the network address. In this case, the last of the seven host bits becomes a '1'. With the lowest bit of host address set to a 1, the lowest host address is 172.16.20.1.

The third box shows the calculation of the broadcast address of the network. Therefore, all seven host bits used in this network are all '1s'. From the calculation, we get 127 in the last octet. This gives us a broadcast address of 172.16.20.127.

The fourth box presents the calculation of the highest host address. The highest host address for a network is always one less than the broadcast. This means the lowest host bit is a '0' and all other host bits as '1s'. As seen, this makes the highest host address in this network 172.16.20.126.

In an IPv4 network, the hosts can communicate one of three different ways:

Unicast - the process of sending a packet from one host to an individual host. It is used for the normal host-to-host communication in both a client/server and a peer-to-peer network.

Broadcast - the process of sending a packet from one host to all hosts in the network. It is used for the location of special services/devices for which the address is not known or when a host needs to provide information to all the hosts on the network.

Some examples for using broadcast transmission are:
• Mapping upper layer addresses to lower layer addresses
• Requesting an address
• Exchanging routing information by routing protocols

Multicast - the process of sending a packet from one host to a selected group of hosts. It reduces traffic by allowing a host to send a single packet to a selected set of hosts.
Some examples of multicast transmission are:
• Video and audio distribution
• Routing information exchange by routing protocols
• Distribution of software
• News feeds

Private Addresses
A networks that are accessible on the Internet, there are blocks of addresses that are used in networks that require limited or no Internet access.
The private address blocks are:
• 10.0.0.0 to 10.255.255.255 (10.0.0.0 /8)
• 172.16.0.0 to 172.31.255.255 (172.16.0.0 /12)
• 192.168.0.0 to 192.168.255.255 (192.168.0.0 /16)

Network Address Translation (NAT)
With services to translate private addresses to public addresses, hosts on a privately addressed network can have access to resources across the Internet.

NAT allows the hosts in the network to "borrow" a public address for communicating to outside networks. While there are some limitations and performance issues with NAT, clients for most applications can access services over the Internet without noticeable problems.

Public Addresses
The vast majority of the addresses in the IPv4 unicast host range are public addresses. These addresses are designed to be used in the hosts that are publicly accessible from the Internet. Even within these address blocks, there are many addresses that are designated for other special purposes.

Assigning Addresses within a Network
As you have already learned, hosts are associated with an IPv4 network by a common network portion of the address. Within a network, there are different types of hosts.

Some examples of different types of hosts are:
• End devices for users
• Servers and peripherals
• Hosts that are accessible from the Internet
• Intermediary devices

Each of these different device types should be allocated to a logical block of addresses within the address range of the network.

Addresses for Servers and Peripherals
Any network resource such as a server or a printer should have a static IPv4 address, as shown in the figure. The client hosts access these resources using the IPv4 addresses of these devices. Therefore, predictable addresses for each of these servers and peripherals are necessary.

Addresses for Hosts that are Accessible from Internet
In most internetworks, only a few devices are accessible by hosts outside of the corporation. For the most part, these devices are usually servers of some type. As with all devices in a network that provide network resources, the IPv4 addresses for these devices should be static.

Addresses for Intermediary Devices
Most intermediary devices are assigned Layer 3 addresses. Either for the device management or for their operation. Devices such as hubs, switches, and wireless access points do not require IPv4 addresses to operate as intermediary devices. However, if we need to access these devices as hosts to configure, monitor, or troubleshoot network operation, they need to have addresses assigned.

Routers and Firewalls
Unlike the other intermediary devices mentioned, routers and firewall devices have an IPv4 address assigned to each interface. Each interface is in a different network and serves as the gateway for the hosts in that network. Typically, the router interface uses either the lowest or highest address in the network. This assignment should be uniform across all networks in the corporation so that network personnel will always know the gateway of the network no matter which network they are working on.


Defining the network and host portions
To define the network and host portions of an address, the devices use a separate 32-bit pattern called a subnet mask, as shown in the figure. We express the subnet mask in the same dotted decimal format as the IPv4 address. The subnet mask is created by placing a binary 1 in each bit position that represents the network portion and placing a binary 0 in each bit position that represents the host portion.

The prefix and the subnet mask are different ways of representing the same thing - the network portion of an address.

a /24 prefix is expressed as a subnet mask as 255.255.255.0 (11111111.11111111.11111111.00000000). The remaining bits (low order) of the subnet mask are zeroes, indicating the host address within the network.

The subnet mask is configured on a host in conjunction with the IPv4 address to define the network portion of that address.

For example, let's look at the host 172.16.20.35/27:

Address
172.16.20.35
10101100.00010000.00010100.00100011

subnet mask
255.255.255.224
11111111.11111111.11111111.11100000

network address
172.16.20.32
10101100.00010000.00010100.00100000

Because the high order bits of the subnet masks are contiguous 1s, there are only a limited number of subnet values within an octet. You will recall that we only need to expand an octet if the network and host division falls within that octet. Therefore, there are a limited number 8 bit patterns used in address masks.

The AND Operation
ANDing is one of three basic binary operations used in digital logic. The other two are OR and NOT. While all three are used in data networks, AND is used in determining the network address. Therefore, our discussion here will be limited to logical AND. Logical AND is the comparison of two bits that yields the following results:
1 AND 1 = 1
1 AND 0 = 0
0 AND 1 = 0
0 AND 0 = 0

An example of AND operation: