Both IP MAC ? Ports?

crabeater

I understand that IP addresses are inserted in the NETWORK layer, but some references are made to the MAC address being added at the DATA LINK layer to the stream of bits to be sent from the NIC.

As described by the 802.3 standard, are the source & destination address (Preamble, SFD, DA, SA, Len, Data, Pad, FCS) MAC or IP?

Clearly in an "IP Datagram" the source & destination are IP addreses. Is this encapsulated in the "Data" field above?

About PORTS (ie FTP ports 20 & 21) - these are simply memory addresses where data is placed for access by applications? Or software pointers to memory?

Can some one clear this up for an old HW guy? Thanks.

Webmaster

crabeater wrote:

Clearly in an "IP Datagram" the source & destination are IP addreses. Is this encapsulated in the "Data" field above?

Exactly. And when the data link frames reach a destination the data is unwrapped again. (as depicted here)

About PORTS (ie FTP ports 20 & 21) - these are simply memory addresses where data is placed for access by applications?

You could look at it like that. But simply put: it's like an extension of the address, for example an apartment's address can be 123-B Whateverstreet (123 being the IP address, - B being the port). The combination of an IP address and a port is called a Socket. A single IP node can have many sockets, all providing a separate entrance for a different purpose. They exist to allow different kind of traffic to travel the same road (and use the same entrance/exit) but with a different destination (IN the OSI model, different application/service/communication protocol, but on the same host) I.e. a webserver can listen to different kinds of traffic on the same IP address, ie. 192.168.0.1:25 (that is IP address 192.168.0.1 port 25) for SMTP, 192.168.0.1:80 for HTTP, 192.168.0.1:110 for POP3, 192.168.0.1:3389 for RDP traffic etc. etc.etc.

I hope this clears it up,

Johan

crabeater

OK, let's see if this is straight:
1. A NIC puts a data stream on the network.
2. "Higher" devices look at the FCS first (if bad, why use the data?)
3. If FCS good, then is the MAC address local? If yes, deliver it.
4. If MAC is not local (not on this side of the router), look at the datagram to find the IP address and forward it (let's say we are using OSPF routers).
5. The next segment has a device that recognizes the MAC, starts passing the datagram up the OSI levels to the application.

Do I have it right now? TechNotes page 15, about collision domains, could be a good diagram for this example.

Thanks
C

Webmaster

Actually no, that's not entirely correct. More importanly, try starting with the basic concepts and stop thinking like a 'hardware guy'/programmer
You are making it difficult for yourself to go this far, without understanding vital concepts (no pun intended). You are asking very good questions, just a bit to soon.

The fun thing with doing what you are trying to do in your previous post is that you can always go further into detail. The bad thing of doing that right now is that you will miss the point/bigger picture. I think you are overestimating the Network+ exam.

Having said that, and I hope you don't take me wrong, let's go into that scenario some more

A NIC puts bits on the medium (physical layer activity), 'every' other NIC on the same cable segment (which might be extended with hub, repeaters, bridges) picks up those bits from the medium to determine if its address is in the header of the layer 2 frame. If it is, the NIC belongs to the intended target host and processes the frame up the OSI model until it is completely reassembled for the target application/service.

4. If MAC is not local (not on this side of the router), look at the datagram to find the IP address and forward it (let's say we are using OSPF routers).

In this example, when a router is used, traffic is always send to a local mac address. If you study that OSI model well, you will see that it all starts at layer 7 of the source host and flows down the osi model. That means when the whole data link layer business and MAC stuff occurs, tasks related to IP are already done.
That sounds more confusing than it is... but the thing is that routing is a layer 3 activity. A client who needs to send traffic to a server on the other side of the router (hence in another network) will send that traffic to the default gateway (the IP address of the interface of the router in the same network as the client). When that NIC puts traffic on the medium, it already knows that it should send it that traffic to the router's interface. The client will use ARP (address resolution protocol) to resolve the IP address of the default gateway to a MAC address. However, every other client on the same cable segment (and colission domain) still hears that traffic, only the router picks it up though and processes it up in the OSI model. When those frames are passed up the osi model from layer 2 (data link) to layer 3 (network layer) the router will examine the IP addressing info (after reassembling the IP packet from several layer 2 frames) of the packet and look at its routing table to see what to do with it. If there is a route for the target the router will forward the layer 3 packet. In case the route points to another router, the same things occur again, if the target is another interface on the same router (which means that the destination address belongs to a host residing in the network that router interface connects to), the router will use ARP again to resolve the destination IP address to a MAC address and will broadcast the traffic on the target network (for the destination host to pick it up when it recognizes its MAC address).

I hope this shed some light on it,

Johan

crabeater

"some light"? No, you have done a good job of explaining it. In my post I tried to cut corners in the description (1-5) to keep it short, but we seem to agree with what I was trying to say (my boss always complained I made notes too long), PLUS you helped by adding some details.

Anyway, while you think I am getting too detailed, I have, many times in my 30 years of troubleshooting, had to look at the serial data on the transmission wire to find where I was losing bits, either at random or from degrading of the signal due to whatever problem - knowing details has allowed me to find things others didn't.

So thanks for the posting. I would guess that the FCS (whether you call it CRC or ECC) is the first thing checked since otherwise the datagram would be thrown away, and I did not word the next comment right - should have said that every NIC on the segment is checking FCS, then MAC to see if it belongs to (is the Destination Address) THAT NIC.

I chose the "up the layers" from 1 to 7 approach because sometimes taking things apart provides a better explanation than putting them together.

You have really helped with getting this - anyplace else where the books don't make things clear, will have me asking for clarity again.

Putting the ARP where it belonged was a good touch.


Anytime you see another opportunity to have "fun", please go for it.

Webmaster

You're welcome, I'm glad it was useful.

I guess I could have worded my comments about going in to detail better, but I was mainly trying to say that going into this level of detail is way too much for the Network+ exam.

Neverthless, feel free to ask for clarification whenever you need (keeps me sharp, although this level of detail is more appropriate for Cisco exams). There are plenty of things I won't have such a detailed answer too, but I'm sure I can at least point you in the right direction.

Johan