CIS 81 Protocol Scenarios for Layers 2 and 3 Beta Date: 9/1/05 - - PDF document

CIS 81 Protocol Scenarios for Layers 2 and 3

Beta Date: 9/1/05 Written by Rick Graziani Cabrillo College graziani@cabrillo.edu I have tried to catch as many of the typos and other issues (the joy of ‘copy and paste’ within the document, but if you find any errors, please let me know at graziani@cabrillo.edu). Topology

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB 10.10.30.9/16 Def.Gate: 10.10.0.1 MAC: 00-01-AA

1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1 Web Server www.rideawave.org 10.10.10.10/16 Def.Gate: 10.10.0.1 MAC: 00-AB-CD

Switch A Switch C Switch B Watsonville Router

Ethernet 0 Serial 0

1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

ISP A Router

Serial 0 Serial 1

San Jose Router

Serial 0 Ethernet 0

ISP B Router

Serial 0 Serial 1 192.168.10.1/24 MAC: 00-AA-03 10.10.0.1 MAC:00-0C-CC 172.16.10.1/16 172.16.10.2/16 172.30.1.1/16 172.30.1.2/16 10.44.0.1/16 10.44.0.2/16

A B C D E F G

Watsonville Routing Table

Network Exit Int. Next Hop 172.16.0.0 S0 Connected 192.168.1.0 E0 Connected Default S0 172.16.10.2

ISP A Routing Table

Network Exit Int. Next Hop 10.44.0.0 S1 Connected 172.16.0.0 S0 Connected 10.10.0.0/16 S1 10.44.0.2 192.168.10.0 S0 172.16.10.1

San Jose Routing Table

Network Exit Int. Next Hop 10.10.0.0/16 E0 Connected 172.30.0.0 S0 Connected Default S0 172.30.1.1

ISP B Routing Table

Network Exit Int. Next Hop 10.44.0.0 S0 Connected 172.30.0.0 S1 Connected 10.10.0.0/16 S1 172.30.1.2 192.168.10.0 S0 10.44.0.1

Switch A MAC Address Table

MAC Address Source Port

Switch B MAC Address Table

MAC Address Source Port

Switch C MAC Address Table

MAC Address Source Port T1/PPP T1/PPP T1/PPP

Host A ARP Table

IP Address MAC Address

Host E ARP Table

IP Address MAC Address

Host F ARP Table

IP Address MAC Address

Host D ARP Table

IP Address MAC Address

Watsonville Router ARP Table (E0)

IP Address MAC Address

San Jose Router ARP Table (E0)

IP Address MAC Address

This topology diagram is available on my web site as a separate document. Step-by-step Do not get intimidated by the assumed complexity of this network topology or of the numerous protocols involved. We will go through these scenarios one step at a time to piece everything

• together. This document is not to have you memorize the steps, but understand the process by

learning the various protocols involved and when they are used.

1

Scenario A: Intra-network communications – Host A pinging Host D

Assumptions

• Hosts: All ARP tables are empty
• Switches: All MAC Address tables are empty

Host A issues the command: C:\> ping 192.168.10.33 (Windows)

• r

# ping 192.168.10.33 (Linux/Unix) Step 1: ICMP Echo Request Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

ICMP message is encapsulated in an IP packet. Host A (TCP/IP stack) completes the information for ICMP Echo Request and IP including:

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 192.168.10.33
• Protocol Field: 1 (ICMP)

Step 2: Ethernet Encapsulation Et (Layer Et D Addr (M hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

IP Packet is now ready to be encapsulated in an Ethernet frame. Host A knows the Source MAC address for the Ethernet frame, it’s own NIC MAC address, but needs a Destination MAC

• Address. This IP packet is temporarily buffered in Host A’s memory.

2

Destination Host or Default Gateway What is the Destination MAC address?

• The Destination MAC address is either the Destination MAC Address of the host with the

Destination IP Address in the packet or that of the Default Gateway. This is depending upon whether the Destination IP Address in the IP packet is on the same network as this host.

• The sending host needs to determine whether the packet’s Destination IP Address is on

the same network as itself (the Source IP Address in the IP Packet) or on a different network.

• The sending host knows its own network address, by doing an “AND” operation
• n its IP Address and the Network (Subnet) Mask.
• Using the same subnet mask (if the hosts were on the same network, they would

have the same mask), the sending host performs an AND operation on the Destination IP Address.

• If the results from the two AND operations are the same (both hosts have the same

network address). The sending host then knows that the destination host is on its same network.

• The Ethernet Destination Address in the frame will be that of the destination host,

the host with the Destination IP Address in the IP packet.

• If the results from the two AND operations are NOT the same (both hosts have different

network addresses), then the sending host knows that the destination host is on a different network.

• The Ethernet Destination Address in the frame will be that of the default gateway

(router). At this point the IP Address of the “next hop”, is either the final destination host itself or the default

• gateway. Now, we need to find the MAC Destination Address of that IP Address.

Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

If the source and destination IP addresses in the IP packet are on the same network, then the Ethernet Destination MAC Address will be the MAC Address

• f the same device as the destination IP address.

Router

Ethernet 0 Serial 0 If the source and destination IP addresses in the IP packet are on different networks, then the Ethernet Destination MAC Address wiil be the MAC Address of the default gateway (router).

3

In this example, the destination host is on the same network, 192.168.10.0. So, the Ethernet Destination MAC Address will be that of the destination host, the Destination IP Address in the packet. Et (Layer Et D Addr

(M

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

A B C D E

Host A ARP Table

IP Address MAC Address

hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

Step 3: ARP (Address Resolution Protocol) Host A knows the Destination IP Address of Host D (192.168.10.33), but needs to know the MAC Address of Host D. Host A will now look in it’s ARP table. Host A ARP Table

IP Address MAC Address

The ARP Table does not contain this information. To view the ARP table use the command: arp -a (Windows and Linux/Unix)

4

ARP Request Host A issues an ARP Request, asking the device with the IP Address of 192.168.10.33 to reply with its MAC address. So, before the ping (ICMP Echo Request) can even be sent out, Host A must first send out an ARP Request. (This is why the first ping will sometimes take longer or even timeout.) The ICMP Echo Request is buffered by Host A.

E

Et D Addr (M

thernet Header Ethernet Data – 28 byte ARP request/reply

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type ARP headers , i.e. op field Sender’s Ethernet Address (MAC) Sender’s IP Address Target’s Ethernet Address (MAC) Target’s IP Address

Host A (TCP/IP stack and OS) completes the information for ARP and Ethernet including:

• ARP
• p field : ARP request = 1
• Sender’s MAC Address: 00-00-A9
• Sender’s IP Address: 192.168.10.10
• Target’s MAC Address: Blank
• Target’s IP Address: 192.168.10.33
• Ethernet header
• Destination MAC Address: Broadcast (FF-FF-FF-FF-FF-FF)
• Source MAC Address: 00-00-A9
• Type: 0x806 (ARP)

The ARP Request is sent out as a Layer 2 broadcast, to all devices on the network. Step 4: Transmission of the ARP Request, Switches and Hubs Host A now transmits the ARP Request.

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

A B C D E

Host A ARP Table

IP Address MAC Address

5

Switch: A “learning bridge” Switch

• 1. Learn (Source MAC Address)
• 2. Filter or Flood (Destination MAC Address)

The first thing the switch does when it receives a frame, is to examine the Source MAC address

• f the frame. If this Source MAC address is not in its MAC Address Table it will add it, including

the port number where the frame entered the switch. If the MAC address already exists in the switch’s MAC Address Table, and the port number is the same as the one in which the frame entered the switch, then the switch will reset the timeout period for that table entry. This timeout period is typically 5 minutes (300 seconds). If the Source MAC address is in the table, but the port number is different, then the switch will remove the old entry and replace it with this “newer” information. Switch A receives the frame with the ARP Request on Port 1. Since the Source MAC address is not in the MAC Address Table, it adds this information along with the incoming port number. Switch A MAC Address Table

MAC Address Source Port 00-00-A9 2

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34

Switch A

A B

Switch: Filter or Flood? Switch A now has to make a decision whether to forward the frame out a single port towards the Destination host (filter), or flood it out all ports. A switch makes this decision by searching its MAC Address Table for the Destination MAC Address in the Ethernet frame. If the address exists in the table, then it forwards it out only that single port, otherwise it floods the frame out all ports except for the port it came in on. In this case, the Destination MAC address is a Broadcast address, (FF-FF-FF-FF-FF-FF). Frames with broadcast addresses are always flooded out all ports. In this example, Switch A floods the broadcast out all ports, except the port it came in on. A hub is a Layer 1 device and does not have a MAC Address Table. The hub will automatically flood all frames, including this

• ne, out all ports except the incoming port.

6

Other results:

• Host B receives the frame. Sees the Destination MAC address is a broadcast address

and receives the reads the frame. Host B examines the Ethernet Frame Type as 0x806, ARP Request, strips off the Ethernet header and passes the ARP message to the ARP process (part of the OS and TCP/IP stack). Host B’s ARP process examines the Target IP Address in the ARP message (192.168.10.33), realizes that it is not it’s IP address (192.168.10.37), and ends its ARP process.

• Switch B receives the ARP Request and performs the same steps as Switch A.
• Switch B learns the MAC Address 00-00-A9 coming in on Port 1, and adds it to

its MAC Address Table. Switch B MAC Address Table

MAC Address Source Port 00-00-A9 1

• Switch B floods the broadcast frame out all ports except for Port 1.
• Hosts C and E receive the ARP Request and performs the same steps as Host B with the

same results.

• The Watsonville Router receives the ARP Request on its Ethernet 0 port. The router

follows the same steps as Host B to see if the ARP Request if for the IP Address of its Ethernet 0 port, which is not. Routers do not forward Layer 2 (Ethernet) broadcasts.

Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

A B C D E

7

Step 5: Transmission of the ARP Reply, Switches and Hubs Host D receives the ARP Request and performs the same steps as hosts B, C, and E. However, Host D recognizes that the Target IP Address in the ARP message (192.168.10.33), is it’s own IP address (192.168.10.33). Host D must now issue an ARP Reply. Before Host D issues the ARP Reply, many operating system implementations will take this

• pportunity to get the Sender’s MAC Address, 00-00-A9, and Sender’s IP Address,

192.168.10.10, from the ARP Request and add this information to their own ARP Table (in this case the ARP Table of Host D). Host D ARP Table

IP Address MAC Address 192.168.10.10 00-00-A9

Host D can now prepare the ARP Reply. Host D (TCP/IP stack and OS) completes the information for ARP including:

• ARP
• p field : ARP reply = 2
• Sender’s MAC Address: 00-00-C4
• Sender’s IP Address: 192.168.10.33
• Target’s MAC Address: 00-00-A9
• Target’s IP Address: 192.168.10.10

Ethernet Header

Ethernet Data – 28 byte ARP request/reply

Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type ARP headers , i.e. op field Sender’s Ethernet Address (MAC) Sender’s IP Address Target’s Ethernet Address (MAC) Target’s IP Address

The ARP Reply will be sent as a unicast frame directly to Host A. Host D (192.168.10.33) will send the ARP Reply to Host A (192.168.10.10). Instead of doing its own ARP Request, Host D is able to take the information from the ARP message to populate its ARP table with the IP Address and MAC Address of Host A. It can then encapsulate the ARP Reply in a unicast Ethernet frame directly to Host A. Host D ARP Table

IP Address MAC Address 192.168.10.10 00-00-A9

• Ethernet header
• Destination MAC Address: 00-00-A9
• Source MAC Address: 00-00-C4
• Type: 0x806 (ARP)

8

The ARP Reply: Hubs and Switches

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

A B C D E

When the Hub receives the frame with the ARP Reply, like all frames it receives it floods it out all ports, except the incoming port. Host C receives the frame, but noticing the Destination MAC Address in the frame does not match the one on its NIC card does not read in the rest of the frame. Switch B receives the frame and goes through the learning process, followed by the filter or flood

• process. In the learning process, Switch B examines the Source MAC address of the ARP Reply

and learns that 00-00-C4 is on its port 2. Switch B adds this entry to its MAC Address Table. Switch B MAC Address Table

MAC Address Source Port 00-00-A9 1 00-00-C4 2

192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5

DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

C D E

Switch B then examines the Destination MAC Address, 00-00-A9 and compares it to the entries in its MAC Address table finding the Source Port as “1”. Switch B filters this frame, by forwarding the frame only out of port 1.

9

Switch A receives the ARP Reply and goes through the learning process, followed by the filter or flood process just as with Switch B. In the learning process, Switch A examines the Source MAC address of the frame and learns that 00-00-C4 is on its port 5. Switch A adds this entry to its MAC Address Table.

1 2 3 4 5 1 2 3 4 5 Switch A Switch B

Switch A MAC Address Table

MAC Address Source Port 00-00-A9 2 00-00-C4 5

. Switch A then examines the Destination MAC Address, 00-00-A9 and compares it to the entries in its MAC Address table finding this MAC Address with the Source Port of “2”. Switch A filters this frame, by forwarding the frame only out port 2.

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34

Switch A

A B Host A receives the frame with the frame with the ARP Reply. The NIC examines the Destination MAC Address recognizing it as its own and reads in the rest of the frame. The OS examines the frame type as 0x806, strips of the Ethernet header and sends the ARP message to the ARP

• process. The ARP process examines the following information:
• ARP
• p field : ARP request = 2
• Sender’s MAC Address: 00-00-C4 (The information it was waiting for.)
• Sender’s IP Address: 192.168.10.33
• Target’s MAC Address: 00-00-A9
• Target’s IP Address: 192.168.10.10

There it is, the information it was requesting, the Sender’s MAC Address 00-00-C4, for the requested (Sender’s) IP Address of 192.168.10.33. Host A adds this information to its ARP Table. Host A ARP Table

IP Address MAC Address 192.168.10.33 00-00-C4

10

Step 6: Host A Sends Out the Ping (ICMP Echo Request) Et (Layer Et D Addr

(

hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess MAC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

Now with the Destination MAC Address information, Host A (TCP/IP stack and OS) can complete the information in the Ethernet header, and finally send out that ping (Echo Request).

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 192.168.10.33
• Protocol Field: 1 (ICMP)
• Ethernet header
• Destination MAC Address: 00-00-C4 (The information it received in the ARP)
• Source MAC Address: 00-00-A9
• Type: 0x800 (IP)

The ICMP Echo Request is transmitted by Host A. Switch A receives the frame.

• Examines the Source MAC Address comparing it to entries in its MAC Address Table.

The Source MAC Address of 00-00-A9 is already in the table with a Source Port of 2, so it resets the 5 minute timer for this entry. Switch A MAC Address Table

MAC Address Source Port 00-00-A9 2 00-00-C4 5

• Switch A compares the Destination MAC Address in the frame to see whether to filter or

flood the frame. Since the Destination MAC Address of 00-00-C4 is in the table with a Source Port of 1, it filters the frame by only forwarding it out port 5.

11

Switch B receives the frame.

• Examines the Source MAC Address comparing it to entries in its MAC Address Table.

The Source MAC Address of 00-00-A9 is already in the table, so it resets the 5 minute timer for this entry. Switch B MAC Address Table

MAC Address Source Port 00-00-A9 1 00-00-C4 2

• Switch B compares the Destination MAC Address in the frame to see whether to filter or

flood the frame. Since the Destination MAC Address of 00-00-C4 is in the table, it filters the frame by only forwarding it out port 2. Host D receives the Ethernet frame with the ICMP Echo Request, and the NIC examines the Destination MAC Address recognizing it as its own and reads in the rest of the frame. The OS examines the frame type as 0x800, IP, strips of the Ethernet header and sends it to the IP

• process. The IP process processes the information in the IP header including making sure the

Destination IP Address is that of Host D (192.168.10.33). The protocol field in the IP header is “1”, so the OS strips off the IP header and sends it to the ICMP process. The ICMP process sees that Type = 8 and Code = 0, meaning this is an Echo Request. Host D can now return the ICMP Echo Reply (unless it is configured to ignore Echo Requests). Step 7: Host D Returns the Ping (ICMP Echo Reply) Host D sends out the ICMP Echo Reply, with a ICMP Type = 0 and Code = 0. Et (Layer Et D Addr

(

hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess MAC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

Host A (TCP/IP stack and OS) completes the ICMP and IP information:

• ICMP
• Type: 0
• Code: 0
• IP
• Source IP Address: 192.168.10.33
• Destination IP Address: 192.168.10.10
• Protocol Field: 1 (ICMP)

12

Of course this IP packet must be encapsulated in the Ethernet Frame. Host D checks its ARP table looking for a MAC address for the IP address of 192.168.10.33. This information was entered in the ARP Table when Host D received the ARP Request earlier. If for some reason it is not there, Host D will have to issue its own ARP Request. Host D ARP Table

IP Address MAC Address 192.168.10.10 00-00-A9

• Ethernet header
• Destination MAC Address: 00-00-A9
• Source MAC Address: 00-00-C4
• Type: 0x800 (IP)

Step 8: Transmission of the ICMP Echo Reply, Switches and Hubs The ICMP Echo Reply is transmitted by Host D. The ICMP Echo Reply is sent as a unicast frame directly to Host A. Host D (192.168.10.33) will send the ICMP Echo Reply to Host A (192.168.10.10).

• ICMP
• Type: 0
• Code: 0
• IP
• Source IP Address: 192.168.10.33
• Destination IP Address: 192.168.10.10
• Protocol Field: 1 (ICMP)
• Ethernet header
• Destination MAC Address: 00-00-A9
• Source MAC Address: 00-00-C4
• Type: 0x800 (IP)

The ICMP Echo Reply: Hubs and Switches

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B 1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

A B C D E

When the Hub receives the frame with the ICMP Echo Reply, like all frames it receives it floods it

• ut all ports. Host C receives the frame, but noticing the Destination MAC Address in the frame

does not match the one on its NIC card, it does not read in the rest of the frame.

13

Switch B receives the frame with the ICMP Echo Reply and goes through the learning process, followed by the filter or flood process. In the learning process, Switch B examines the Source MAC address of the frame. Since this address and port are already in the MAC Address Table, it resets the 5 minute timer for this entry. Switch B MAC Address Table

MAC Address Source Port 00-00-A9 1 00-00-C4 2

Switch B then examines the Destination MAC Address, 00-00-A9 and compares it to the entries in its MAC Address table finding the Source Port as “1”. Switch B filters this frame, by forwarding it out only port 1. Switch A receives the frame with ICMP Echo Reply and goes through the learning process, followd the filter or flood process. In the learning process, Switch A examines the Source MAC address of the frame. Since this address and port are already in the MAC Address Table, it resets the 5 minute timer for this entry Switch A MAC Address Table

MAC Address Source Port 00-00-A9 2 00-00-C4 5

. Switch A then examines the Destination MAC Address, 00-00-A9 and compares it to the entries in its MAC Address table finding the Source Port as “2”. Switch A filters this frame, by sending it

• nly out port 2.

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34

Switch A

A B

14

Host A receives the Ethernet frame with the ICMP Echo Reply, and the NIC examines the Destination MAC Address recognizing it as its own and reads in the rest of the frame. The OS examines the frame type as 0x800, IP, strips of the Ethernet header and sends it to the IP

• process. The IP process processes the information in the IP header including making sure the

Destination IP Address is that of Host A (192.168.10.10). The protocol field in the IP header is “1”, so the OS strips off the IP header and sends it to the ICMP process. The ICMP process sees that Type = 0 and Code = 0, meaning this is an Echo Reply. Host A can now display the results. C:\>ping 192.168.10.33 Pinging 192.168.10.33 with 32 bytes of data: Reply from 192.168.10.33: bytes=32 time=2ms TTL=64 Reply from 192.168.10.33: bytes=32 time<1ms TTL=64 Reply from 192.168.10.33: bytes=32 time<1ms TTL=64 Reply from 192.168.10.33: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.10.33: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 2ms, Average = 0ms Microsoft Windows XP automatically sends 4 ICMP Echo Requests, one ping every four seconds. (Cisco IOS transmits five pings, one every two seconds.) Notice that the first ping (ICMP Echo Request) took longer at 2ms, compared to 1ms for the other pings. This is because the OS needed to do the ARP Request before sending out the first ping. If the Echo Reply is not received within a specific timeout period (OS dependent), it is possible for the first couple of pings to timeout.

15

Summary

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

A

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

D

ping (Echo Request) ARP Request ARP Reply Layer 2 broadcast ping (Echo Request) ARP Table checked, no entry, MAC Address, forund for Destination IP Address ARP Table updated with Destination IP Address and MAC Address Echo Reply ARP Table updated with Destination IP Address and MAC Address Buffered

Switches

• 1. Learn (Source MAC Address and Port)
• 2. Filter or Flood (Destination MAC Address and Port)

Hubs

• 1. Flood out all ports except incoming port

16

Additional protocols and processes:

• TCP or UDP: What if TCP or UDP was used as the transport protocol?
• DNS: What would happen if a domain name was used instead of an IP Address?
• 802.11: What if one of the systems was wireless and used 802.11?
• Path MTU Discovery
• And more!

17

Scenario B: Inter-network communications – Host A pinging Host F

Note: Some of the detail has that was discussed in Scenario A: Intra-network communications, has been left out. Please refer to this scenario for additional information. Assumptions

• Hosts: All ARP tables are empty
• Switches: All MAC Address tables are empty

Host A issues the command: C:\> ping 10.10.10.10 (Windows)

• r

# ping 10.10.10.10 (Linux/Unix) Step 1: ICMP Echo Request Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

ICMP message is encapsulated in an IP packet. Host A (TCP/IP stack) completes the information for ICMP Echo Request and IP including:

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)

Step 2: Ethernet Encapsulation Et (Layer

Et D

Addr (M hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

IP Packet is now ready to be encapsulated in an Ethernet frame. Host A knows the Source MAC address for the Ethernet frame, it’s own NIC MAC address, but needs a Destination MAC Address.

18

Step 2: Ethernet Encapsulation Destination Host or Default Gateway What is the Destination MAC address?

• The Destination MAC address is either the Destination MAC Address of the host with the

Destination IP Address in the packet or that of the Default Gateway. This is depending upon whether the Destination IP Address in the IP packet is on the same network as this host.

• The sending host needs to determine whether the packet’s Destination IP Address is on

the same network as itself (the Source IP Address in the IP Packet) or on a different network.

• The sending host knows its own network address, by doing an “AND” operation
• n its IP Address and the Network (Subnet) Mask.
• Using the same subnet mask (if the hosts were on the same network, they would

have the same mask), the sending host performs an AND operation on the Destination IP Address.

• If the results from the two AND operations are the same (both hosts have the same

network address). The sending host then knows that the destination host is on its same network.

• The Ethernet Destination Address in the frame will be that of the destination host,

the host with the Destination IP Address in the IP packet.

• If the results from the two AND operations are NOT the same (both hosts have different

network addresses), then the sending host knows that the destination host is on a different network.

• The Ethernet Destination Address in the frame will be that of the default gateway

(router). At this point the IP Address of the “next hop”, is either the final destination host itself or the default

• gateway. Now, we need to find the MAC Destination Address of that IP Address.

In this example, the destination host is on a different network, 10.10.0.0. So, the Ethernet Destination MAC Address will be that of the default gateway, the Destination IP Address of the router, 192.168.10.1.

19

Et (Layer Et D Addr (M

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34

Switch A Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16

A B

hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

Step 3: ARP (Address Resolution Protocol) Host A knows the IP Address of the default gateway (192.168.10.1), but needs to know the MAC address of that interface. Host A will now look in it’s ARP table. Host A ARP Table

IP Address MAC Address

The ARP Table does not contain this information. To view the ARP table use the command: arp -a (Windows and Linux/Unix)

20

ARP Request Host A issues an ARP Request, asking the device with the IP Address of 192.168.10.1 to reply with its MAC address. So, before the ping (ICMP Echo Request) can even be sent out, Host A must first send out an ARP Request. (This is why the first ping will sometimes take longer or even timeout.) The ICMP Echo Request is buffered by Host A.

E

Et D Addr (M

thernet Header Ethernet Data – 28 byte ARP request/reply

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type ARP headers , i.e. op field Sender’s Ethernet Address (MAC) Sender’s IP Address Target’s Ethernet Address (MAC) Target’s IP Address

Host A (TCP/IP stack and OS) completes the information for ARP and Ethernet including:

• ARP
• p field : ARP request = 1
• Sender’s MAC Address: 00-00-A9
• Sender’s IP Address: 192.168.10.10
• Target’s MAC Address: Blank
• Target’s IP Address: 192.168.10.1
• Ethernet header
• Destination MAC Address: Broadcast (FF-FF-FF-FF-FF-FF)
• Source MAC Address: 00-00-A9
• Type: 0x806 (ARP)

The ARP Request is sent out as a Layer 2 broadcast, to all devices on the network. Step 4: Transmission of the ARP Request, Switches and Hubs Host A now transmits the ARP Request.

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9 192.168.10.15/24 Def.Gate: 192.168.1.1 MAC: 00-00-DB

1 2 3 4 5 1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34 DNS Server 192.168.10.111/24 Def.Gate: 192.168.1.1 MAC: 00-00-E1

Switch A Switch B Watsonville Router

Ethernet 0 Serial 0

1 2 3 4 5 Hub

192.168.10.33/24 Def.Gate: 192.168.1.1 MAC: 00-00-C4

ISP A Router

Serial 0 Serial 1 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16 172.16.10.2/16 10.44.0.1/16

A B C D E

T1/PPP T1/PPP

Host A ARP Table

IP Address MAC Address 192.168.10.33 00-00-C4

21

Switch: A “learning bridge” For complete details refer to Scenario A: Intra-network communications. The ARP Request is encapsulated in an Ethernet (Layer 2) frame with a broadcast Destination MAC Address. Switches will forward this frame out all ports except the incoming port. The switch will also update its own MAC Address Table with the Source MAC Address and incoming port of the frame if it is not in the table. If it is in the table it will reset the timer for that entry. The result is that all devices on this network will see the ARP Request. (Layer 2 broadcasts are

• ne reason to segment or subnet a network into multiple networks or subnets.) All these devices,

except the one with the Target IP Address in the ARP message, will ignore this ARP Request. Step 5: Transmission of the ARP Reply, Switches and Hubs The Watsonville router (default gateway) will also receive the frame with the ARP Request. The Watsonville router recognizes that the Target IP Address in the ARP message (192.168.10.1), is it’s own IP address (192.168.10.1). The router must now issue an ARP Reply. Before the Watsonville router issues the ARP Reply, many operating system implementations will take this opportunity to get the Sender’s MAC Address, 00-00-A9, and Sender’s IP Address, 192.168.10.10, from the ARP Request and add this information to their own ARP Table (in this case the ARP Table of Watsonville router’s Ethernet 0 interface.) The router will now issue the ARP Reply, returning the MAC Address in the ARP Request Target IP Address.

E

Et D Addr (M

thernet Header Ethernet Data – 28 byte ARP request/reply

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type ARP headers , i.e. op field Sender’s Ethernet Address (MAC) Sender’s IP Address Target’s Ethernet Address (MAC) Target’s IP Address

Host D (TCP/IP stack and OS) completes the information for ARP including:

• ARP
• p field : ARP reply = 2
• Sender’s MAC Address: 00-00-C4
• Sender’s IP Address: 192.168.10.33
• Target’s MAC Address: 00-00-A9
• Target’s IP Address: 192.168.10.10

22

The ARP Reply will be sent as a unicast frame directly to Host A. Watonsville router’s Ethernet 0 interface (192.168.10.1) will send the ARP Reply to Host A (192.168.10.10). Instead of doing its

• wn ARP Request, the router is able to take the information from the ARP message to populate

its ARP table with the IP Address and MAC Address of Host A. It can then encapsulate the ARP Reply in a unicast Ethernet frame directly to Host A. Watsonville Router ARP Table (E0)

IP Address MAC Address 192.168.10.10 00-00-A9 Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16

• Ethernet header
• Destination MAC Address: 00-00-A9
• Source MAC Address: 00-00-C4
• Type: 0x806 (ARP)

The frame with the ARP Reply is transmitted out the Ethernet 0 port of the Watsonville router. This frame is sent as a unicast directly to Host A at 00-00-A9. Switch A will examine the frame, and update its MAC Address Table from the Source MAC Address in the frame, the router’s Ethernet address, and port number, if it does not already exist in the table. If it does exist in the table, it will reset the timer for that entry. Switch A will have the MAC Address 00-00-A9 with port 2 in its MAC Address Table when it learned this information during the ARP Request. Switch A will filter this frame, and forward the unicast only out port 2.

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

1 2 3 4 5

192.168.10.37/24 Def.Gate: 192.168.1.1 MAC: 00-00-34

Switch A Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16

A B

Host A ARP Table

IP Address MAC Address 192.168.10.33 00-00-C4

Switch A MAC Address Table

MAC Address Source Port 00-00-A9 2 00-AA-03 1

23

Step 6: Host A Sends out the Ping (ICMP Echo Request) Host A now updates its ARP Table with the MAC Address, 00-AA-03, and IP Address, 192.168.10.1, of the Watsonville Router. Host A ARP Table

IP Address MAC Address 192.168.10.1 00-AA-03

Et (Layer Et D Addr

(M

hernet Header 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr.

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type Source IP Add.

• Dest. IP Add.

Protocol field Type 0 or 8 Code Check- sum ID Seq. Num. Data FCS

Now with the Destination MAC Address information, Host A (TCP/IP stack and OS) can complete the information in the Ethernet header, and finally send out that ping (Echo Request).

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)
• Ethernet header
• Destination MAC Address: 00-AA-03 (The information it received in the ARP)
• Source MAC Address: 00-00-A9
• Type: 0x800 (IP)

The frame with the Echo Request is sent out the NIC and forwarded by Switch A to the Ethernet 0 interface of the Watsonville router. (Remember, the switch must go through the stages of 1. learning and 2 filter or flood. In this case Switch A has the Destination MAC Address and port in its table and can filter the frame.) Step 7: Watsonville Router receives the Echo Request The Watsonville router receives the frame on its Ethernet 0 interface. The router’s NIC sees that the Destination MAC Address of the frame matches the router’s interface, so it reads in the rest of the frame. The Ethernet header and trailer are stripped, and the IP packet is sent to the router’s routing process. The router now compares the Destination IP Address, 10.10.10.10, to entries in its routing table. Details of the lookup process and structure of the routing table, along with routing protocol theory and technologies are discussed in later courses including CIS 82, CIS 83, and CIS 185. For now, we will keep it simple. The purpose of the router is to read the Destination IP Address of the packet and decide which interface to forward the packet. This interface can be a next hop router, or the destination host itself.

24

Watsonville Router

Ethernet 0 Serial 0

ISP A Router

Serial 0 Serial 1 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16 172.16.10.2/16 10.44.0.1/16

Watsonville Routing Table

Network Exit Int. Next Hop 172.16.0.0 S0 Connected 192.168.1.0 E0 Connected Default S0 172.16.10.2

ISP A Routing Table

Network Exit Int. Next Hop 10.44.0.0 S1 Connected 172.16.0.0 S0 Connected 10.10.0.0/16 S1 10.44.0.2 192.168.10.0 S0 172.16.10.1 T1/PPP

The Watsonville router looks for the best match in its routing table for the Destination IP Address 10.10.10.10. In this case there is not a match except for the Default route. The routing table shows that these packets are to be sent out of the Serial 0 interface, towards the next hop router with the interface of 172.16.0.2. It is important to remember that the Source IP Address and Destination IP Address of the packet does not change. The packet is encapsulated into a new Layer 2 frame, in this case a PPP frame (which will be discussed in later classes). This serial link is a what is known as a point-to-point serial link. This is like a pipe, what goes in one end, can only come out the other end. There are

• nly two ends to this pipe.

The PPP frame’s Destination Address is a Layer 2 broadcast, because there is only one recipient at the other end of this serial link (pipe).

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)
• PPP header
• Destination Address: FF-FF-FF

25

Step 8: ISP A Router receives the Echo Request The ISP A router receives the PPP frame, strips off the PPP header and performs the same lookup process in its routing table for the Destination IP Address in the packet that Watsonville router had performed. ISP A Router

Serial 0 Serial 1

ISP B Router

Serial 0 Serial 1 172.16.10.2/16 172.30.1.1/16 10.44.0.1/16 10.44.0.2/16

ISP A Routing Table

Network Exit Int. Next Hop 10.44.0.0 S1 Connected 172.16.0.0 S0 Connected 10.10.0.0/16 S1 10.44.0.2 192.168.10.0 S0 172.16.10.1

ISP B Routing Table

Network Exit Int. Next Hop 10.44.0.0 S0 Connected 172.30.0.0 S1 Connected 10.10.0.0/16 S1 172.30.1.2 192.168.10.0 S0 10.44.0.1 T1/PPP T1/PPP

The ISP A router looks for the best match in its routing table for the Destination IP Address 10.10.10.10. In this case there is a better match than the default. The routing table shows that packets for the 10.10.0.0/16 network are to be sent out of the Serial 1 interface, towards the next hop router with the interface of 10.44.0.2. The packet is encapsulated into a new Layer 2 frame, in this case another PPP frame. The PPP frame’s Destination Address is a Layer 2 broadcast.

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)
• PPP header
• Destination Address: FF-FF-FF

26

Step 9: ISP B Router receives the Echo Request The ISP B router receives the PPP frame, strips off the PPP header and performs the same lookup process in its routing table for the Destination IP Address in the packet that previous routers have performed. San Jose Router

Serial 0 Ethernet 0

ISP B Router

Serial 0 Serial 1 10.10.0.1 MAC:00-0C-CC 172.30.1.1/16 172.30.1.2/16 10.44.0.2/16

San Jose Routing Table

Network Exit Int. Next Hop 10.10.0.0/16 E0 Connected 172.30.0.0 S0 Connected Default S0 172.30.1.1

ISP B Routing Table

Network Exit Int. Next Hop 10.44.0.0 S0 Connected 172.30.0.0 S1 Connected 10.10.0.0/16 S1 172.30.1.2 192.168.10.0 S0 10.44.0.1 T1/PPP

The ISP B router looks for the best match in its routing table for the Destination IP Address 10.10.10.10. The routing table shows that packets for the 10.10.0.0/16 network are to be sent out

• f the Serial 1 interface, towards the next hop router with the interface of 172.30.1.2.

The packet is encapsulated into a new Layer 2 frame, in this case another PPP frame. The PPP frame’s Destination Address is a Layer 2 broadcast.

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)
• PPP header
• Destination Address: FF-FF-FF

27

Step 10: San Jose Router receives the Echo Request The ISP B router receives the PPP frame, strips off the PPP header and performs the same lookup process in its routing table for the Destination IP Address in the packet that previous routers have performed.

10.10.30.9/16 Def.Gate: 10.10.0.1 MAC: 00-01-AA

1 2 3 4 5

Web Server www.rideawave.org 10.10.10.10/16 Def.Gate: 10.10.0.1 MAC: 00-AB-CD

Switch C San Jose Router

Serial 0 Ethernet 0 10.10.0.1 MAC:00-0C-CC

F G

San Jose Routing Table

Network Exit Int. Next Hop 10.10.0.0/16 E0 Connected 172.30.0.0 S0 Connected Default S0 172.30.1.1

The San Jose router looks for the best match in its routing table for the Destination IP Address 10.10.10.10. The routing table shows that this router’s Ethernet 0 interface is directly connected to the 10.10.0.0/16 network, the destination network of the packet.

28

Step 11: ARP Request The San Jose Router knows that its Ethernet interface is on the same network as the destination host, 10.10.0.0/16. The router’s OS (Cisco IOS) acts like any host on that network with a packet to send another host on the same network. The router checks its Ethernet 0 ARP Table for an entry with the IP Address 10.10.10.10 and a MAC Address. The ARP Table does not contain an entry so the router must issue an ARP Request. San Jose Router ARP Table (E0)

IP Address MAC Address

The ARP Request is encapsulated into a Layer 2 Ethernet frame with broadcast Destination MAC

• Address. The ARP Request is asking the device with the IP Address 10.10.10.10 to reply with its

MAC Address. San Jose router (TCP/IP stack and OS) completes the information for ARP and Ethernet including:

• ARP
• p field : ARP request = 1
• Sender’s MAC Address: 00-0C-CC
• Sender’s IP Address: 10.10.0.1
• Target’s MAC Address: Blank
• Target’s IP Address: 10.10.10.10
• Ethernet header
• Destination MAC Address: Broadcast (FF-FF-FF-FF-FF-FF)
• Source MAC Address: 00-0C-CC
• Type: 0x806 (ARP)

The frame with the ARP Request is sent out as a Layer 2 broadcast, to all devices on the network. Step 12: Switch C Receives Frame with ARP Request Switch C receives the frame with the ARP Request and:

• 1. Learns the Source MAC Address of the incoming frame and adds it to its MAC Address

Table

• 2. Floods the frame out all ports, except for the incoming port, because the Destination

MAC Address is a broadcast address. Switch C MAC Address Table

MAC Address Source Port 00-0C-CC 1

29

Step 13: Host G Receives Frame with ARP Request Host G receives the frame. Sees the Destination MAC address is a broadcast address and receives the reads the frame. Host G examines the Ethernet Frame Type as 0x806, ARP Request, strips off the Ethernet header and passes the ARP message to the ARP process (part

• f the OS and TCP/IP stack). Host G’s ARP process examines the Target IP Address in the

ARP message (10.10.10.10), realizes that it is not it’s IP address (10.10.30.9), and ends its ARP process. Step 14: Hosts F Receives Frame with ARP Request Host F receives the ARP Request and performs the same steps as Hosts G. However, Host F recognizes that the Target IP Address in the ARP message (10.10.10.10), is it’s own IP address (10.10.10.10). Host F must now issue an ARP Reply. Before Host F issues the ARP Reply, most operating systems’ implementation will take this

• pportunity to get the Sender’s MAC Address, 00-0C-CC, and Sender’s IP Address, 10.10.0.1,

from the ARP Request and add this information to their own ARP Table (in this case the ARP Table of Host F).

E

Et D Addr (M

thernet Header Ethernet Data – 28 byte ARP request/reply

hernet estination ess AC) Ethernet Source Address (MAC) Frame Type ARP headers , i.e. op field Sender’s Ethernet Address (MAC) Sender’s IP Address Target’s Ethernet Address (MAC) Target’s IP Address

Host D (TCP/IP stack and OS) completes the information for ARP including:

• ARP
• p field : ARP reply = 2
• Sender’s MAC Address: 00-AB-CD
• Sender’s IP Address: 10.10.10.10
• Target’s MAC Address: 00-0C-CC
• Target’s IP Address: 10.10.0.1

The ARP Reply will be sent as a unicast frame directly to router’s Ethernet 0 interface. Host F (10.10.10.10) will send the ARP Reply to the router (10.10.0.1). Instead of doing its own ARP Request, Host F is able to take the information from the ARP message to populate its ARP table with the IP Address and MAC Address of 10.10.0.1. It can then encapsulate the ARP Reply in a unicast Ethernet frame directly to the San Jose router. Host F ARP Table

IP Address MAC Address 10.10.0.1 00-0C-CC

• Ethernet header
• Destination MAC Address: 00-0C-CC
• Source MAC Address: 00-AB-CD
• Type: 0x806 (ARP)

30

Step 15: Switch C Forwards Frame with ARP Reply Switch C receives the frame with the ARP Reply and:

• 1. Learns the Source MAC Address, 00AB-CD, of the incoming frame and adds it to its

MAC Address Table

• 2. Finds the Destination MAC Address, 00-0C-CC, in its MAC Address Table and forwards

the frame only out of port1. Switch C MAC Address Table

MAC Address Source Port 00-0C-CC 1 00-AB-CD 2

Step 16: San Jose Router forwards ICMP Echo Request San Jose router’s Ethernet 0 interface receives the frame with the ARP Request and adds this information to its ARP Table. The router can now forward the packet with the ICMP Echo Request to Host F at 10.10.10.10.

• ICMP
• Type: 8
• Code: 0
• IP
• Source IP Address: 192.168.10.10
• Destination IP Address: 10.10.10.10
• Protocol Field: 1 (ICMP)
• Ethernet header
• Destination MAC Address: 00-AB-CD
• Source MAC Address: 00-0C-CC
• Type: 0x800 (IP)

The ICMP Echo Request is forwarded out the Ethernet 0 interface of the router, received by Switch C, where it is forwarded out port 2 (after going through the learning and filter or flood process), and received by Host F. Host F receives the Ethernet frame with the ICMP Echo Request, and the NIC examines the Destination MAC Address recognizing it as its own and reads in the rest of the frame. The OS examines the frame type as 0x800, IP, strips of the Ethernet header and sends it to the IP

• process. The IP process processes the information in the IP header including making sure the

Destination IP Address is that of Host F (10.10.10.10). The protocol field in the IP header is “1”, so the OS strips off the IP header and sends it to the ICMP process. The ICMP process sees that Type = 8 and Code = 0, meaning this is an Echo Request. Host F can now return the ICMP Echo Reply (unless it is configured to ignore Echo Requests).

31

Step 17: Summary of ICMP Echo Reply Now that Host F has received the ICMP Echo Request, it will now issue an ICMP Echo Reply. Since protocols and processes have previously been discussed with the ICMP Echo Request going from Host A to Host F, we will only summary the return trip of the Echo Reply. ICMP Echo Reply encapsulated within an IP packet

• ICMP
• Type: 0
• Code: 0
• IP
• Source IP Address: 10.10.10.10
• Destination IP Address: 192.168.10.10
• Protocol Field: 1 (ICMP)

Host F Transmits Echo Reply Host F has the ICMP Echo Reply to send to Host A. It needs to encapsulate the Echo Reply in an Ethernet frame, with the Destination MAC Address of the San Jose router. Host F had added the MAC Address and IP Address of the San Jose router’s Ethernet 0 interface when it received the Echo Request. So, Host F does not need to do an ARP Request for the router’s interface and can encapsulate the Echo Reply within the Ethernet Frame with the Destination MAC Address of San Jose router’s Ethernet 0 interface. Switch C Switch C receives the frame on port 2 and forwards the unicast frame out port 1. The Source MAC Address and port of Host F were already in the MAC Address Table, so it reset the 5 minute timer for that entry. The Destination MAC Address of San Jose router’s Ethernet interface was also in the MAC Address Table, so the switch could filter the frame, by sending it only out port 1. Routers: San Jose, ISP B, ISP A, and Watsonville Each of these routers will receive the frame with the ICMP Echo Reply. The frame will enter one interface, have the Layer 2 frame stripped (either Ethernet or PPP), and then the router will search for the packet’s Destination IP Address in the routing table. The router will then encapsulate the IP packet into another Layer 2 frame, PPP, and forward the packet on to the next router. Watsonville Router When the Watsonville router receives the packet with the ICMP Echo Reply, it knows that its Ethernet interface is on the same network as the destination host, 192.168.10.10. The router’s OS (Cisco IOS) acts like any host on that network with a packet to send another host on the same network. The router checks its Ethernet 0 ARP Table for an entry with the IP Address 192.168.10.10 and a MAC Address. If the ARP does not contain this entry, then the router will have to do an ARP Request, wait for the ARP Reply, and add the entry to its ARP Table before forwarding the packet with the ICMP Echo Reply towards Host A.

32

Once the routers has the IP Address, 192.168.10.10 and the MAC Address, 00-00-A9, in it ARP Table, it can now encapsulate the packet into an Ethernet frame and forward the packet on to Host A.

• ICMP
• Type: 0
• Code: 0
• IP
• Source IP Address: 10.10.10.10
• Destination IP Address: 192.168.10.10
• Protocol Field: 1 (ICMP)
• Ethernet header
• Destination MAC Address: 00-00-A9 (MAC Address of Host F)
• Source MAC Address: 00-AA-03 (MAC Address of Watsonville router E0)
• Type: 0x800 (IP)

Switch A, Switch B, and the Hub The frame with the ICMP Echo Reply is a unicast frame. When Switch A receives the frame on port 1and will first examine the Source MAC Address. If this entry is not in its MAC address table it will add it, if it is in the table it will update the timer for that entry. The Switch will now examine the Destination MAC Address in the frame. If it is not in the MAC Address Table it will flood it out all ports except for the incoming port. If it is in the table, it will filter the frame, by forwarding it out only port 2 towards Host A. If Switch B receives the frame it will go through the same process. If the hub receives the frame it will flood it out all ports except the incoming port. If any hosts, except for Host A, receive the frame due to flooding by the switches or hub, they will examine the Destination MAC Address in the frame, realize it does not match its NIC card’s MAC Address and disregard the rest of the frame. Host A receives the Ethernet frame with the ICMP Echo Reply, and the NIC examines the Destination MAC Address recognizing it as its own and reads in the rest of the frame. The OS examines the frame type as 0x800, IP, strips of the Ethernet header and sends it to the IP

• process. The IP process processes the information in the IP header including making sure the

Destination IP Address is that of Host A (192.168.10.10). The protocol field in the IP header is “1”, so the OS strips off the IP header and sends it to the ICMP process. The ICMP process sees that Type = 0 and Code = 0, meaning this is an Echo Reply. Host A can now display the results. C:\>ping 10.10.10.10 Pinging 10.10.10.10 with 32 bytes of data: Reply from 10.10.10.10: bytes=32 time=38ms TTL=64 Reply from 10.10.10.10: bytes=32 time=16ms TTL=64 Reply from 10.10.10.10: bytes=32 time=17ms TTL=64 Reply from 10.10.10.10: bytes=32 time=16ms TTL=64

33

Summary

192.168.10.10/24 Def.Gate: 192.168.1.1 MAC: 00-00-A9

A

ping (Echo Request) ARP Request ARP Reply Layer 2 broadcast ping (Echo Request) ARP Table checked, no entry, MAC Address, forund for Default Gateway Address ARP Table updated with IP Address and MAC Address of Default Gateway Buffered

Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16 Destination IP Address searched in routing table. ARP Table updated with IP Address and MAC Address of Default Gateway

34

Watsonville Router

Ethernet 0 Serial 0 192.168.10.1/24 MAC: 00-AA-03 172.16.10.1/16 Destination IP Address searched in routing table.

ISP A Router

Serial 0 Serial 1

San Jose Router

Serial 0 Ethernet 0

ISP B Router

Serial 0 Serial 1 10.10.0.1 MAC:00-0C-CC 172.16.10.2/16 172.30.1.1/16 172.30.1.2/16 10.44.0.1/16 10.44.0.2/16 Destination IP Address searched in routing table. Destination IP Address searched in routing table. Destination IP Address searched in routing table. ping (Echo Request) PPP Frame ping (Echo Request) ping (Echo Request) PPP Frame PPP Frame

35

San Jose Router

Serial 0 Ethernet 0 10.10.0.1 MAC:00-0C-CC 172.30.1.2/16 Destination IP Address searched in routing table. Web Server www.rideawave.org 10.10.10.10/16 Def.Gate: 10.10.0.1 MAC: 00-AB-CD ping (Echo Request) ARP Request ARP Reply Layer 2 broadcast ping (Echo Request) ARP Table checked, no entry, MAC Address, forund for Host F ARP Table updated with IP Address and MAC Address of Host F Ethernet Frame

F

Buffered ARP Table updated with IP Address and MAC Address of router in ARP Message

36

37