Ethernet is a frame-based computer networking technology for local area networks (LANs). It defines wiring and signaling for the physical layer, and frame formats and protocols for the media access control (MAC)/data link layer of the OSI model. Ethernet is mostly standardized as IEEE's 802.3. It has become the most widespread LAN technology in use during the 1990s to the present, and has largely replaced all other LAN standards such as token ring, FDDI, and ARCNET.
Ethernet was originally developed as one of the many pioneering projects at Xerox PARC. A common story states that Ethernet was invented in 1973, when Robert Metcalfe wrote a memo to his bosses at PARC about Ethernet's potential. But Metcalfe claims Ethernet was actually invented over a period of several years. In 1976, Metcalfe and his assistant David Boggs published a paper titled, Ethernet: Distributed Packet-Switching For Local Computer Networks.
Metcalfe left Xerox in 1979 to promote the use of personal computers and local area networks (LANs), forming 3Com. He convinced DEC, Intel, and Xerox to work together to promote Ethernet as a standard (DIX). The standard was first published on September 30 1980. It competed with two largely proprietary systems, token ring and ARCNET, but those soon found themselves buried under a tidal wave of Ethernet products. In the process, 3Com became a major company.
Metcalfe sometimes jokingly credits Jerry Saltzer for 3Com's success. Saltzer cowrote an influential paper suggesting that token-ring architectures were theoretically superior to Ethernet-style technologies. This result, the story goes, left enough doubt in the minds of computer manufacturers that they decided not to make Ethernet a standard feature, which allowed 3Com to build a business around selling add-in Ethernet network cards. Metcalfe and Saltzer worked on the same floor at MIT's Project MAC while Metcalfe was doing his Harvard dissertation, in which he worked out the theoretical foundations of Ethernet.
Ethernet is based on the idea of peers on the network sending messages in what was essentially a radio system, captive inside a common wire or channel, sometimes referred to as the ether. (This is an oblique reference to the luminiferous aether through which 19th century physicists believed light traveled.) Each peer has a globally unique 48-bit key known as the MAC address factory-assigned to the network interface card, to ensure that all systems in an Ethernet have distinct addresses. Due to the ubiquity of Ethernet, many manufacturers build the functionality of an ethernet card directly into PC motherboards.
It has been observed that Ethernet traffic has self-similar properties, with important consequences for traffic engineering.
CSMA/CD shared medium Ethernet
A scheme known as carrier sense multiple access with collision detection (CSMA/CD) governs the way the computers share the channel. Originally developed in the 1960s for the ALOHAnet in Hawaii using radio, the scheme is relatively simple compared to token ring or master controlled networks. When one computer wants to send some information, it obeys the following algorithm:
- Start - If the wire is idle, start transmitting, else go to step 4
- Transmitting - If detecting a collision, continue transmitting until the minimum packet time is reached (to ensure that all other transmitters and receivers detect the collision) then go to step 4.
- End successful transmission - Report success to higher network layers; exit transmit mode.
- Wire is busy - Wait until wire becomes idle
- Wire just became idle - Wait a random time, then go to step 1, unless maximum number of transmission attempts has been exceeded
- Maximum number of transmission attempt exceeded - Report failure to higher network layers; exit transmit mode
This works something like a dinner party, where all the guests talk to each other through a common medium (the air). Before speaking, each guest politely waits for the current guest to finish. If two guests start speaking at the same time, both stop and wait for short, random periods of time. The hope is that by each choosing a random period of time, both guests will not choose the same time to try to speak again, thus avoiding another collision. Exponentially increasing back-off times are used when there is more than one failed attempt to transmit.
Ethernet originally used a shared coaxial cable winding around a building or campus to every attached machine. Computers were connected to an Attachment Unit Interface (AUI) transceiver, which in turn connected to the cable. While a simple passive wire was highly reliable for small Ethernets, it was not reliable for large extended networks, where damage to the wire in a single place, or a single bad connector could make the whole Ethernet segment unusable.
Since all communications happen on the same wire, any information sent by one computer is received by all, even if that information was intended for just one destination. The network interface card filters out information not addressed to it, interrupting the CPU only when applicable packets are received unless the card is put into "promiscuous mode". This "one speaks, all listen" property is a security weakness of shared-medium Ethernet, since a node on an Ethernet network can eavesdrop on all traffic on the wire if it so chooses. Use of a single cable also means that the bandwidth is shared, so that network traffic can slow to a crawl when, for example, the network and nodes restart after a power failure.
Ethernet repeaters and hubs
As Ethernet grew, the Ethernet hub was developed to make the network more reliable and the cables easier to connect.
For signal degradation and timing reasons, Ethernet segments have a restricted size which depends on the medium used. For example, 10BASE5 coax cables have a maximum length of 500 metres (1,640 feet). A greater length can be obtained by using an Ethernet repeater, which takes the signal from one Ethernet cable and repeats it onto another cable. Repeaters can be used to connect up to five Ethernet segments, three of which can have attached devices. This also alleviates the problem of cable breakages: when an Ethernet coax segment breaks, all devices on that segment are unable to communicate; repeaters allowed the other segments to continue working.
Like most other high-speed busses, Ethernet segments must be terminated with a resistor at both ends. For coaxial cable, each end of the cable must have a 50-ohm resistor and heatsink attached, called a terminator and affixed to a male N or BNC connector. If this is not done, the result is the same as if there is a break in the cable: the AC signal on the bus will be reflected, rather than dissipated, when it reaches the end. This reflected signal is indistinguishable from a collision, and so no communication can take place. A repeater electrically isolates the segments connected to it, regenerating and retiming the signal. Most repeaters have an "auto-partition" function, which partitions (removes from service) a segment when it has too many collisions or collisions that last too long, so that the other segments are not affected by the broken one. The repeater reconnects the segment when it detects activity without collisions.
People recognized the usefulness of cabling in a star topology, and network vendors started creating repeaters having multiple ports. Multi-port repeaters are now known as hubs. Hubs can be connected to other hubs and/or a coax backbone.
The first hubs were known as "multiport transceivers" or "fanouts". The best-known example is DEC's DELNI . These devices allow multiple hosts with AUI connections to share a single tranceiver. They also allow creation of a small standalone Ethernet segment without using a coax cable.
Network vendors such as DEC and SynOptics sold hubs which connected many 10BASE-2 thin coaxial segments.
The development of Ethernet on unshielded twisted-pair cables (UTP), beginning with StarLAN and continuing with 10BASE-T eventually made Ethernet over coax obsolete. These variations allowed unshielded twisted-pair Cat-3/Cat-5 cable and RJ45 telephone connectors to connect endpoints to hubs, replacing coaxial and AUI cables. Hubs made Ethernet networks more reliable by preventing problems with one cable or device from affecting other devices on the network. Twisted-pair Ethernet resolves the termination problem by making every segment point-to-point, so termination can be built into the hardware rather than requiring a special external resistor.
Despite the physical star topology, hubbed Ethernet networks are half-duplex and still use CSMA/CD, with only minimal cooperation from the hub in dealing with packet collisions. Every packet is sent to every port on the hub, so bandwidth and security problems aren't addressed. The total throughput of the hub is limited to the speed of a single link, either 10 or 100 megabits/sec, minus the overhead for preambles, inter-frame gaps, headers, trailers, and padding. Collisions also reduce the total throughput, especially when the network is heavily loaded. In the worst case when there are lots of hosts with long cables that transmit many short frames, excessive collisions that seriously reduce throughput can happen with loads as low as 50%. A more typical configuration can tolerate higher loads before collisions seriously reduce throughput.
Bridging and Switching
While repeaters could isolate some aspects of Ethernet segments, such as cable breakages, they still forward all traffic to all Ethernet devices. This creates significant limits on how many machines can communicate on an Ethernet network. To alleviate this, bridging was created to communicate at the data link layer while isolating the physical layer. With bridging, only well-formed packets are forwarded from one Ethernet segment to another; collisions and packet errors are isolated. Bridges learn where devices are, by watching MAC addresses, and do not forward packets across segments when they know the destination address is not located in that direction. Control mechanisms like spanning-tree protocol enable a collection of bridges to work together in coordination.
Early bridges examined each packet one by one, and were significantly slower than hubs (repeaters) at forwarding traffic, especially when handling many ports at the same time. In 1989 the networking company Kalpana introduced their EtherSwitch, the first Ethernet switch. An Ethernet switch does bridging in hardware, allowing it to forward packets at full wire speed.
Most modern Ethernet installations use Ethernet switches instead of hubs. Although the wiring is identical to hubbed Ethernet, switched Ethernet has several advantages over shared medium Ethernet including greater bandwidth and better isolation from misbehaving devices. Switched networks typically have a star topology, even though they may still implement a single Ethernet shared medium from the viewpoint of attached machines, if they use the half-duplex option. Full-duplex Ethernet in the 10BASE-T and later standards is not a shared-medium system.
Initially, Ethernet switches work like Ethernet hubs, with all traffic being echoed to all ports. However, as the switch "learns" the end-points associated with each port, it ceases to send non-broadcast traffic to ports other than the intended destination. In this way, Ethernet switching can allow the full wire speed of Ethernet to be used by any given pair of ports on a single switch.
Since packets are typically only delivered to the port they are intended for, traffic on a switched Ethernet is slightly less public than on shared-medium Ethernet. Despite this, switched Ethernet should still be regarded as an insecure network technology, because it is easy to subvert switched Ethernet systems by means such as ARP spoofing and MAC flooding, as well as for network administrators to use monitoring functions to copy traffic from the network.
When only a single device (anything but a hub) is connected to a switch port, full-duplex Ethernet becomes possible. With only two devices on the Ethernet segment, collision detection is not required and both devices can transmit at the same time. This doubles the aggregate bandwidth of the link (although the bandwidth for each direction remains the same), but more importantly the lack of collisions allows nearly the entire bandwidth to be used.
It is essential that both the switch port and the device connected to it use the same duplex setting. Most 100BASE-TX and 1000BASE-T devices support auto-negotiation, where they signal the speed and duplex to use. However, if auto-negotiation is disabled or not supported, the duplex must be set by auto-detection or manually on both the switch port and the device to prevent duplex mismatch, a common cause of problems with Ethernet (the device set to half-duplex will report late collisions and the device set to full-duplex will report runts). Many low-end switches lack the ability for manual speed and duplex setting, so ports always try to auto-negotiate. When auto-negotiation is enabled but does not succeed (e.g., because the other device does not support it), auto-detection sets the port to half-duplex. The speed can be automatically sensed, so connecting a 10BASE-T device to a 10/100 switch port with auto-negotiation enabled will correctly result in a half-duplex 10BASE-T connection. But connecting a device configured for full duplex 100 Mb operation to a switch port configured to auto-negotiate (or vice versa) will result in a duplex mismatch.
Ethernet frame types and the EtherType field
Frames are the format of data packets on the wire.
There are several types of Ethernet frame:
- Original Ethernet Version I (no longer used)
- The Ethernet Version 2 or Ethernet II frame, the so-called DIX frame (named after DEC, Intel, and Xerox), this is the most common today, as it is often used directly by the Internet Protocol.
- Novell's homegrown Variation of IEEE 802.3 ("raw 802.3 frame") without LLC
- IEEE 802.2 LLC frame
- IEEE 802.2 LLC/SNAP frame
In addition, Ethernet frames may optionally contain a IEEE 802.1Q tag to identify what VLAN it belongs to and its IEEE 802.1p priority (quality of service). This doubles the potential number of frame types.
The different frame types have different formats and MTU values, but can coexist on the same physical medium.
The most common Ethernet Frame format, type II
The original Xerox Version 1 Ethernet had a 16 bit length field, although the maximum length of a packet was 1500 bytes. This length field was soon re-used in Xerox's Version 2 Ethernet as a label field, with the convention that values between 0 and 1500 indicated the use of the original Ethernet format, but higher values indicated what became known as an EtherType, and the use of the new frame format. This is now supported in the IEEE 802 protocols using the SNAP header.
IP Internet Protocol (IPv4)
Address Resolution Protocol (ARP)
Reverse Address Resolution Protocol (RARP)
||Appletalk Address Resolution Protocol (AARP)
||(identifies IEEE 802.1Q tag)
Novell IPX (alt)
Internet Protocol, Version 6 (IPv6)
PPPoE Discovery Stage
PPPoE Session Stage
Type field (EtherType) for some common protocols
IEEE 802.2 defined the 16 bit field after the MAC addresses as a length field again. As Ethernet I framing is no longer used, this allows software to determine whether a frame is an Ethernet II frame or an IEEE 802.2 frame, allowing the coexistence of both standards on the same physical medium. All 802.2 frames have a logical link control (LLC) header. By examining this header, it is possible to determine whether it is followed by a SNAP (subnetwork access protocol) header. (Some protocols, particularly those designed for the OSI networking stack, operate directly on top of 802.2 LLC, which provides both datagram and connection-oriented network services.) The LLC header includes two additional eight-bit address fields (called service access points or SAPs in OSI terminology); when both source and destination SAP are set to the value 0xAA, the SNAP service is requested.
Novell's "raw" 802.3 frame format was based on early IEEE 802.3 work. Novell used this as a starting point to create the first implementation of its own IPX Network Protocol over Ethernet. They did not use any LLC header but started the IPX packet directly after the length field. In principle this is not interoperable with the other later variants of 802.x Ethernet, but since IPX has always FF at the first byte (while LLC has not), this mostly coexists on the wire with other Ethernet implementations (with the notable exception of some early forms of DECnet which got confused by this).
Novell Netware used this frame type by default until the mid nineties, and since Netware was very widespread back then (while IP was not) at some point in time most of the world's Ethernet traffic ran over "raw" 802.3 carrying IPX. Since Netware 4.10 Netware now defaults to IEEE 802.2 with LLC (Netware Frame Type Ethernet_802.2) when using IPX. There is a classic series of Usenet postings by Novell's Don Provan that have found their way into numerous FAQs and are widely considered the definitive answer to the Novell Frame Type jungle.
Mac OS uses 802.2/SNAP framing for the AppleTalk protocol suite on Ethernet ("EtherTalk") and Ethernet 2 framing for TCP/IP.
The 802.2 variants of Ethernet are not in widespread use on common networks currently, with the exception of large corporate Netware installations that have not yet migrated to Netware over IP. In the past, many corporate networks supported 802.2 Ethernet to support transparent translating bridges between Ethernet and IEEE 802.5 Token Ring or FDDI networks. The most common framing type used today is Ethernet Version 2, as it is used by most Internet Protocol-based networks, with its EtherType set to 0x0800.
There exists an Internet standard for encapsulating IP version 4 traffic in IEEE 802.2 frames with LLC/SNAP headers. It is almost never implemented on Ethernet (although it is used on Token Ring and FDDI networks). IP traffic can not be encapsulated in IEEE 802.2 LLC frames without SNAP because, although there is an LLC protocol type for IP, there is no LLC protocol type for ARP. IP Version 6 over Ethernet is also standardized based on IEEE 802.2 with LLC/SNAP.
The IEEE 802.1Q tag, if present, is placed between the Source Address and the EtherType or Length fields. The first two bytes of the tag are the Tag Protocol Identifier (TPID) value of 0x8100. This is located in the same place as the EtherType/Length field in untagged frames, so an EtherType value of 0x8100 means the frame is tagged, and the true EtherType/Length is located after the tag. The TPID is followed by two bytes containing the Tag Control Information (TCI) (the IEEE 802.1p priority (quality of service) and VLAN id). The tag is followed by the rest of the frame, using one of the types described above.
Varieties of Ethernet
Other than the framing types mentioned above, most of the other differences between Ethernet varieties have all been variations on speed and wiring. Therefore, in general, network protocol stack software will work identically on most of the following types.
The following sections provide a brief summary of all the official ethernet media types. In addition to these official standards, many vendors have implemented proprietary media types for various reasons—often to support longer distances over fiber optic cabling.
Many Ethernet cards and switch ports support multiple speeds, using auto-negotiation to set the speed and duplex for the best values supported by both connected devices. If auto-negotiation fails, a multiple speed device will sense the speed used by its partner, but will assume half-duplex. A 10/100 Ethernet port supports 10BASE-T and 100BASE-TX. A 10/100/1000 Ethernet port supports 10BASE-T, 100BASE-TX, and 1000BASE-T.
Some early varieties of Ethernet
- Xerox Ethernet -- the original, 3-Mbit/s Ethernet implementation, which in turn had two versions, Version 1 and Version 2, during its development. The version 2 framing format is still in common use.
- 10BROAD36 -- Obsolete. An early standard supporting ethernet over longer distances. It utilized broadband modulation techniques similar to those employed in cable modem systems, and operated over coaxial cable.
- 1BASE5 -- Also known as StarLAN, was the first implementation of Ethernet on twisted pair wiring. It operated at 1 Mbit/s and was a commercial failure.
10 Mbit/s (10 Mbps) Ethernet
10BASE5 (also called Thickwire or Yellow Cable) -- this is the original 10Mbit/s implementation of Ethernet. The early IEEE standard uses a single 50-ohm coaxial cable of a type designated RG-8, of maximum length 500 metres. Transceivers could be connected by a so-called "vampire tap", which was attached by drilling into the cable to connect to the core and screen, or using N connectors at the end of a cable segment. An AUI cable then connected the transceiver to the Ethernet device. Largely obsolete, though due to its widespread deployment in the early days, some systems may still be in use. It requires precise termination at each end of the cable.
10BASE2 (also called Thinwire or Cheapernet) -- 50-ohm RG-58 coaxial cable, of maximum length 200 metres, connects machines together, each machine using a T-adaptor to connect to its NIC, which has a BNC connector. Requires termination at each end. For many years this was the dominant 10 Mb/s Ethernet standard.
StarLAN 10 -- First implementation of Ethernet on twisted pair wiring at 10 Mbit/s. Later evolved into 10BASE-T.
10BASE-T -- runs over 4 wires (two twisted pairs) on a cat-3 or cat-5 cable up to 100 metres in length. A hub or switch sits in the middle and has a port for each node.
- FOIRL -- Fiber-optic inter-repeater link. The original standard for ethernet over fibre.
- 10BASE-F -- A generic term for the family of 10 Mbit/s ethernet standards using fiber optic cable up to 2 kilometers in length: 10BASE-FL, 10BASE-FB and 10BASE-FP. Of these only 10BASE-FL is in widespread use.
- 10BASE-FL -- An updated version of the FOIRL standard.
- 10BASE-FB -- Intended for backbones connecting a number of hubs or switches, it is now obsolete.
- 10BASE-FP -- A passive star network that required no repeater, it was never implemented
100BASE-T -- A term for any of the three standards for 100 Mbit/s ethernet over twisted pair cable up to 100 meters long. Includes 100BASE-TX, 100BASE-T4 and 100BASE-T2.
100BASE-TX -- Similar star-shaped configuration to 10BASE-T. It also uses two pairs, but requires cat-5 cable to achieve 100Mbit/s.
- 100BASE-T4 -- 100 Mbit/s ethernet over cat-3 cabling (as used for 10BASE-T installations). Uses all four pairs in the cable. Now obsolete, as cat-5 cabling is the norm. Limited to half-duplex.
- 100BASE-T2 -- No products exist. 100 Mbit/s ethernet over cat-3 cabling. Supports full-duplex, and uses only two pairs. It is functionally equivalent to 100BASE-TX, but supports old cable.
100BASE-FX -- 100 Mbit/s ethernet over multimode fibre. Maximum length is 400 meters for half-duplex connections (to ensure collisions are detected) or 2 kilometers for full-duplex.
1000BASE-T -- 1 Gbit/s over cat-5e or cat-6 copper cabling.
1000BASE-SX -- 1 Gbit/s over multi-mode fiber (up to 550 m).
1000BASE-LX -- 1 Gbit/s over multi-mode fiber (up to 550 m). Optimized for longer distances (up to 10 km) over single-mode fiber.
- 1000BASE-LH -- 1 Gbit/s over single-mode fiber (up to 100 km). A long-haul solution.
1000BASE-CX -- A short-haul solution (up to 25 m) for running 1 Gbit/s Ethernet over special copper cable. Predates 1000BASE-T, and now obsolete.
The new 10 gigabit Ethernet standard encompasses seven different media types for LAN, MAN and WAN. It is currently specified by a supplementary standard, IEEE 802.3ae, and will be incorporated into a future revision of the IEEE 802.3 standard.
- 10GBASE-CX4 -- designed to support short distances over copper cabling, it uses InfiniBand 4x connectors and CX4 cabling and allows a cable length of up to 15 m.
- 10GBASE-SR -- designed to support short distances over deployed multi-mode fiber cabling, it has a range of between 26 m and 82 m depending on cable type. It also supports 300 m operation over a new 2000 MHz.km multi-mode fiber.
- 10GBASE-LX4 -- uses wavelength division multiplexing to support ranges of between 240 m and 300 m over deployed multi-mode cabling. Also supports 10 km over single-mode fiber.
- 10GBASE-LR and 10GBASE-ER -- these standards support 10 km and 40 km respectively over single-mode fiber.
- 10GBASE-SW , 10GBASE-LW and 10GBASE-EW . These varieties use the WAN PHY, designed to interoperate with OC-192 / STM-64 SONET/SDH equipment. They correspond at the physical layer to 10GBASE-SR, 10GBASE-LR and 10GBASE-ER respectively, and hence use the same types of fiber and support the same distances. (There is no WAN PHY standard corresponding to 10GBASE-LX4.)
- 10GBase-T -- Uses unshielded twisted-pair wiring. 10GBase-T should be ready by the Northern Hemisphere summer of 2006.
10 gigabit Ethernet is very new, and it remains to be seen which of the standards will gain commercial acceptance.
These networking standards are not part of the IEEE 802.3 Ethernet standard, but support the ethernet frame format, and are capable of interoperating with it.
100BaseVG -- An early contender for 100 Mbit/s ethernet. It runs over Category 3 cabling. Uses four pairs. Commercial failure.
- TIA 100BASE-SX -- Promoted by the Telecommunications Industry Association . 100BASE-SX is an alternative implementation of 100 Mbit/s ethernet over fiber; it is incompatible with the official 100BASE-FX standard. Its main feature is interoperability with 10BASE-FL, supporting autonegotiation between 10 Mbit/s and 100 Mbit/s operation -- a feature lacking in the official standards due to the use of differing LED wavelengths. It is targeted at the installed base of 10 Mbit/s fiber network installations.
- TIA 1000BASE-TX -- Promoted by the Telecommunications Industry Association , it was a commercial failure, and no products exist. 1000BASE-TX uses a simpler protocol than the official 1000BASE-T standard, but requires Category 6 cabling.
Last updated: 10-29-2005 02:13:46