3.1 Evolution to Switched LANs: From Hubs to Dedicated Links

• Shared (Hub-based) Ethernet: In early Ethernet implementations, devices were connected to a hub. A hub is essentially a multi-port repeater operating at the Physical Layer. Any electrical signal (frame) received on one port was simply regenerated and broadcast to all other connected ports. This design meant:
• All devices shared the same total bandwidth.
• The entire hub and all its connected devices constituted a single collision domain. Any collision affected all devices on that hub, significantly reducing efficiency as network traffic increased. Devices could only operate in half-duplex mode.
• Switched Ethernet (Modern LANs): Modern LANs primarily use Ethernet switches. A switch is an intelligent networking device that operates primarily at Layer 2 (Data Link Layer). Unlike a hub, a switch learns which specific devices (identified by their MAC addresses) are connected to which of its individual ports. This intelligence allows a switch to:
• Forward frames only to the specific output port where the destination device resides.
• Effectively create dedicated, collision-free communication segments (each port becomes its own collision domain).
• Allow devices to operate in full-duplex mode (simultaneous sending and receiving) on each port, maximizing bandwidth.

3.2 L2 Addressing (MAC Addresses) and ARP

• 3.2.1 MAC Address (Media Access Control Address): The Hardware Identifier
• Definition: A MAC address is a unique hardware identifier assigned to every Network Interface Card (NIC) by its manufacturer. It's often referred to as a physical address, hardware address, or burned-in address (BIA) because it's typically hardcoded into the NIC's firmware.
• Structure: A MAC address is 48 bits long (6 bytes). It is conventionally represented as 12 hexadecimal digits, grouped into pairs separated by colons or hyphens (e.g., 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E).
• Global Uniqueness: MAC addresses are designed to be globally unique. The first 24 bits (the first 3 bytes) form the Organizationally Unique Identifier (OUI), which is assigned by the IEEE to NIC manufacturers. The remaining 24 bits are assigned by the manufacturer to uniquely identify each specific NIC produced.
• Scope: MAC addresses are used exclusively for local delivery of frames within a single LAN segment (e.g., within an Ethernet network connected by switches). They are not routable across the entire Internet; that is the function of IP addresses (Network Layer).
• Nature: MAC addresses provide a flat, non-hierarchical addressing scheme.
• 3.2.2 ARP (Address Resolution Protocol): Bridging Layer 2 and Layer 3
• Necessity of ARP: Devices on a LAN communicate using MAC addresses (Layer 2), but applications and higher-layer protocols (like IP) use logical IP addresses (Layer 3). When a device (e.g., Host A) wants to send an IP packet to another device (e.g., Host B) on the same local network, it knows Host B's IP address but needs to find its MAC address to correctly encapsulate the IP packet into an Ethernet frame. This is where ARP comes in.

3.3 Ethernet Frame Structure (IEEE 802.3): The Data Link Unit

An Ethernet frame is the specific format in which data is encapsulated at the Data Link Layer for transmission over an Ethernet network. The most common standard is IEEE 802.3.

Key Fields in an Ethernet II / IEEE 802.3 Frame:
- Preamble (7 bytes): Consists of an alternating pattern of 0s and 1s (10101010 10101010...). Purpose: Used by the receiving NIC for synchronization. It allows the receiver to synchronize its clock with the sender's clock, preparing it to receive the actual frame data accurately.
- Start Frame Delimiter (SFD - 1 byte): A specific byte sequence (10101011) that immediately follows the Preamble. Purpose: Signals the actual start of the Ethernet frame itself, indicating that the bits that follow are the frame's header.
- Destination MAC Address (6 bytes): The 48-bit MAC address of the intended recipient NIC on the local LAN. Can be a unicast, multicast, or broadcast address.
- Source MAC Address (6 bytes): The 48-bit MAC address of the sending NIC.
- Length/Type Field (2 bytes): This field has a dual purpose:
- Length (IEEE 802.3 raw frame): If the value in this field is 1500 (decimal) or less, it indicates the length of the Data (payload) field in bytes.
- Type (Ethernet II frame / EtherType): If the value is 1536 (0x0600 hexadecimal) or greater, it indicates the higher-layer protocol type encapsulated within the Data field (e.g., 0x0800 for IPv4, 0x0806 for ARP, 0x86DD for IPv6). This is also known as the EtherType. Ethernet II frames are more common on the Internet.
- Data Field (Payload - 46 to 1500 bytes): Contains the actual data (e.g., an IP datagram, an ARP message, etc.) being carried from the Network Layer.
- Minimum Payload Size (46 bytes): To ensure that a collision can be detected and the jamming signal is sent before the entire frame has been transmitted and cleared the network. If the actual payload is less than 46 bytes, padding bytes are added to meet this minimum length.
- Maximum Payload Size (1500 bytes): This is the standard Maximum Transmission Unit (MTU) for Ethernet. Any higher-layer packet exceeding this size must be fragmented by the Network Layer.
- Frame Check Sequence (FCS - 4 bytes): Contains a 32-bit Cyclic Redundancy Check (CRC-32) value. Purpose: Calculated by the sender over the entire frame (from Destination MAC to the end of the Data field, excluding Preamble/SFD and FCS itself). The receiver performs the same CRC calculation; if the calculated value doesn’t match the received FCS, it indicates an error, and the frame is typically discarded. CRC-32 provides strong error detection capabilities.

3.4 Learning Switches (Ethernet Switches): The Intelligent Connectors

Ethernet switches are the foundational devices of modern LANs, providing dedicated, collision-free communication segments. Their intelligence stems from their ability to "learn" MAC addresses and forward frames selectively.

Core Mechanisms of a Learning Switch:
- A switch maintains a Switching Table (also known as a MAC Address Table or Forwarding Information Base - FIB) that stores mappings between MAC addresses and the specific ports on the switch where those devices are connected. Each entry typically includes: (MAC Address, Port Number, Time-to-Live/Age).

1. Learning:
2. When an Ethernet frame arrives at any port on the switch, the switch examines the Source MAC Address in the frame's header.
3. It then records (or updates, if already present) an entry in its switching table: (Source MAC Address, Incoming Port Number). This process allows the switch to build its knowledge base of which devices are connected to which of its ports.
4. Each entry also has a Time-to-Live (TTL) or aging timer. If an entry is not used for a certain period, it expires and is removed, allowing the switch to adapt if devices move or are disconnected.
5. Forwarding/Filtering:
6. When a frame arrives, the switch examines the Destination MAC Address in the frame's header.
7. It then consults its switching table to determine the appropriate action:
   • Selective Forwarding (Known Unicast, Different Port): If the destination MAC address is found in the switching table, and the associated port number is different from the port on which the frame arrived, the switch forwards the frame only to that specific output port. This is the primary benefit of a switch: it directs traffic efficiently and creates separate collision domains.
   • Filtering (Known Unicast, Same Port): If the destination MAC address is found in the switching table, and the associated port number is the same as the port on which the frame arrived, the switch filters (discards) the frame. This is because the frame originated from and is destined for a device on the same local segment connected to that port; it doesn’t need to be forwarded further by the switch.
8. Flooding:
9. Unknown Unicast Destination: If the destination MAC address is NOT found in the switching table (meaning the switch has not yet learned the location of that specific device, or its entry has expired), the switch floods the frame. This means it sends the frame out of all its ports except the one it arrived on. This ensures the frame reaches its intended destination (assuming it’s connected to the LAN). When the destination device eventually replies, the switch will learn its MAC address and update its table.
10. Broadcast Frames: Frames with a destination MAC address of FF:FF:FF:FF:FF:FF (the broadcast address) are always flooded to all ports (except the incoming one) because they are intended for all devices on the local LAN.
11. Multicast Frames: Frames with a multicast destination MAC address are typically also flooded by default, similar to broadcast. However, more advanced switches can implement protocols like IGMP Snooping to intelligently forward multicast traffic only to ports where devices have expressed interest in receiving that specific multicast group.

Benefits of Ethernet Switches over Legacy Hubs:
- Elimination of Collisions: Each port on a switch operates in its own dedicated collision domain. This allows connected devices to operate in full-duplex mode, transmitting and receiving simultaneously without collisions.
- Increased Aggregate Bandwidth: By selectively forwarding frames, switches allow multiple conversations to occur simultaneously on different ports, significantly increasing the overall effective throughput of the LAN.
- Reduced Congestion: Traffic is localized to the necessary segments, preventing unnecessary broadcasts that consume bandwidth across the entire network.
- Enhanced Security (Basic): By directing traffic only to the intended recipient, switches offer a higher degree of privacy than hubs, where all traffic is visible to all connected devices on the segment (though advanced sniffing techniques can still circumvent this).
- Improved Scalability: Switches allow for easier expansion of LANs by connecting more devices without severely degrading performance.