Linux Network - Data Link Layer

Table of contents

1. Understanding Ethernet

 2. Ethernet frame format

3. Know the MAC address

4. Understand MTU

5. Communication principles of Ethernet LAN

 6. Other important agreements

1.DNS protocol

2. Domain name introduction 

 3.ICMP protocol

4.NAT technology 

5.Defects of NAT technology

6.NAT and proxy server 

---

1. Understanding Ethernet

1. "Ethernet" is not a specific network, but a technical standard; it includes both data link layer content and some physical layer content. For example: stipulating network topology and access control methods , transmission rate, etc.;
2. For example, the network cable in Ethernet must use twisted pair; the transmission rate is 10M, 100M, 1000M, etc.;
3. Ethernet is currently the most widely usedLAN technology; parallel to Ethernet are Token Ring Network, Wireless LAN, etc.;

 2. Ethernet frame format

 The frame format of Ethernet is as follows:

The source address and destination address refer to the hardware address of the network card (also called the MAC address). The length is 48 bits and is fixed when the network card leaves the factory;
There are three frame protocol type fields. values, corresponding to IP, ARP, and RARP respectively;
The end of the frame is the CRC check code.

How to separate header and payload:

Use fixed-length headers.

How to properly deliver the payload upward:

There are 2 bits of type in the header field, representing the different upper layer protocols delivered.

0800: IP protocol, 0806: ARP protocol, 0836: RARP protocol.

3. Know the MAC address

1. MAC addresses are used to identify connected nodes in the data link layer;
2. The length is 48 bits and 6 bytes. It is generally represented by a hexadecimal number plus a colon (for example: 08:00:27:03:fb:19)
3. The network card is determined when it leaves the factory and cannot be modified. The mac address is usually unique (the mac address in the virtual machine is not the real mac address and may conflict; some network cards also support user configuration of the mac address).

Compare IP and MAC addresses:

The IP address describes the overall starting point and end point of the road.
The MAC address describes the starting point and end point of each section on the road;

4. Understand MTU

MTU is equivalent to the limit on package size when sending express delivery. This limit isrestriction caused by the physical layer corresponding to different data links.

1. The data length in the Ethernet frame stipulates a minimum of 46 bytes and a maximum of 1500 bytes. The length of the ARP packet is less than 46 bytes, and PAD18 bytes must be added at the end;
2. The maximum value of 1500 is called the maximum transmission unit (MTU) of Ethernet, and different network types have different MTUs; 
3. If a data packet is routed from the Ethernet to the other party's link, and the length of the data packet is greater than the MTU of the other party's link, the data packet needs to be fragmented;
4. The MTU of different data link layer standards is different;

 The impact of MTU on IP protocol:

Due to the limitation of the data link layer MTU, larger IP data packets need to be subpackaged:

1. Divide larger IP packets into multiple small packets and label each small packet;
2. The 16-bit identifier (id) of the IP protocol header of each packet is the same;
3. In the 3-bit flag field of the IP protocol header of each packet, the second bit is 0, indicating that fragmentation is allowed, and the third bit indicates the end mark (whether this is the last small packet, if so, it is set to 1, otherwise it is set to 0 );
4. When arriving at the opposite end, these small packets will be reassembled in order, assembled together and returned to the transport layer;
5. Once any of these packets is lost, reassembly at the receiving end will fail. But the IP layer will not be responsible for retransmitting the data;

The impact of MTU on UDP protocol:

1. Once the data carried by UDP exceeds 1472 (1500 - 20 (IP header) - 8 (UDP header)), it will be divided into multiple IP datagrams at the network layer.
2. The loss of any one of these multiple IP datagrams will cause the network layer reassembly at the receiving end to fail. This means that if the UDP datagram is fragmented at the network layer, the probability of the entire data being lost greatly increases.

The impact of MTU on the TCP protocol:

A datagram of TCP cannot be infinitely large, and is still subject to the MTU. The maximum message length of a single datagram of TCP is called MSS (MaxSegment Size);
TCP is establishing During the connection process, the communicating parties will conduct MSS negotiation.
In the most ideal case, the MSS value is exactly the maximum length at which IP will not be fragmented (this length is still subject to MTU of the data link layer).
When both parties send SYN, they will write the MSS value they can support in the TCP header.
Then both parties know After the MSS value of the other party, choose the smaller one as the final MSS.
The MSS value is in the 40-byte variable length option of the TCP header (kind=2);

View hardware address and MTU:

Use the ifconfig command to view the IP address, mac address, and MTU;

5. Communication principles of Ethernet LAN

The IP layer enables packets to find their destination subnet in a complex network. So what happens when the packet is sent to the destination host in the subnet? The process of routing and forwarding is actually forwarding in one subnet. Sending a message to the target host in a subnet is what the data link layer should do.

LAN communication principle:

When sending a group message to the internal LAN, the destination host will naturally receive it, unpack it and deliver it upwards. When the non-destination host compares the target MAC address and finds that it is not sent to itself, it will be discarded directly at the data link layer.

 How to obtain the MAC address of the destination host:

We know the principle of LAN communication, then we need to construct an Ethernet frame, but the header field of the Ethernet protocol needs to know the MAC address of the target host. So how do we know the MAC address of the target host?

ARP protocol: Although we introduce the ARP protocol here, it needs to be emphasized that ARP is not a pure data link layer protocol, but a protocol between the data link layer. and the protocol between the network layer;

The ARP protocol establishes the mapping relationship between the host IP address and the MAC address.

1. During network communication, the application program of the source host knows the IP address and port number of the destination host, but does not know the hardware address of the destination host;
2. The data packet is first received by the network card and then processed by the upper layer protocol. If the hardware address of the received data packet does not match the local machine, it will be discarded directly;
3. Therefore, the hardware address of the destination host must be obtained before communication;

The principle of ARP to convert IP address to MAC address:

1. The source host sends an ARP request, asking "What is the hardware address of the host with IP address 192.168.0.1", and broadcasts this request to the local network segment (the hardware address in the header of the Ethernet frame is filled in FF:FF:FF:FF:FF :FF means broadcast);
2. The destination host receives the broadcast ARP request, finds that the IP address matches the local host, and then sends an ARP reply packet to the source host and fills in its own hardware address. in the response packet;
3. Each host maintains an ARP cache table, which can be viewed with the arp -a command. The entries in the cache table have an expiration time (usually 20 minutes). If an entry is not used again within 20 minutes, the entry will become invalid and an ARP request will be sent next time to obtain the hardware address of the destination host.

ARP datagram format:

• Note that the source MAC address and destination MAC address appear once each in the Ethernet header and the ARP request. This is redundant when the link layer is Ethernet, but it may be necessary if the link layer is other types of networks. .
• Hardware type refers to the link layer network type, 1 is Ethernet;
• The protocol type refers to the address type to be converted, 0x0800 is the IP address;
• The hardware address length is 6 bytes for Ethernet addresses;
• The protocol address length is 4 bytes for IP addresses;
• An op field of 1 indicates an ARP request, and an op field of 2 indicates an ARP reply.

 6. Other important agreements

1.DNS protocol

DNS is a complete system that maps domain names to IPs

DNS background:

TCP/IP is a program that uses IP address and port number to identify a host on the network. However, IP addresses are inconvenient to remember.
So people invented a method called The host name is a string, and the hosts file is used to describe the relationship between the host name and the IP address.

For example: Domain name: www.baidu.com IP: 110.242.68.3.

Initially, this hosts file is managed through the Internet Information Center (SRI-NIC).
If a new computer wants to connect to the network, or the IP of a computer changes, it is necessary Go to the information center to apply for changing the hosts file.
Other computers also need to regularly download and update new versions of the hosts file to access the Internet correctly. 

hosts file:

This was too much trouble, so the DNS system was created.

1. The system management organization of an organization maintains the corresponding relationship between the IP and host name of each host in the system. 
2. If a new computer is connected to the network, register this information in the database;
3. When the user enters a domain name, the DNS server will be automatically queried, and the DNS server will retrieve the database and obtain the corresponding IP address.

Linux hosts file:

2. Domain name introduction 

The primary domain name is a hierarchical name used to identify the host name and the organization to which the host belongs.

www.baidu.com

Domain name uses . connection

1. com: First-level domain name. Indicates that this is an enterprise domain name. The same level includes "net" (network provider), "org" (non-profit organization), etc.
2. baidu: second-level domain name, company name.
3. www: is just a common usage. In the past, when people used domain names, they often named them in a format similar to ftp.xxx.xxx/www.xxx.xxx to indicate the protocols supported by the host.

 3.ICMP protocol

ICMP protocol is a network layer protocol
A newly built network often needs to conduct a simple test first to verify whether the network is smooth; but the IP protocol does not provide reliable Transmission. If a packet is lost, the IP protocol cannot notify the transport layer whether the packet is lost and the reason for the packet loss.

ICMP functions:

ICMP is the protocol that provides this function; the main functions of ICMP include:

1. Confirm whether the IP packet successfully reaches the target address.
2. Notify the reason why the IP packet was discarded during transmission.
3. ICMP also works based on the IP protocol. However, it is not a function of the transport layer, so people still attribute it to a network layer protocol;
4. ICMP can only be used with IPv4. If it is IPv6, you need to use ICMPv6;

ping command:

1. Note that what is pinged here is the domain name, not the URL! A domain name can be resolved into an IP address through DNS.
2. The ping command not only verifies network connectivity, but also counts response time and TTL (Time To Live in IP packets, lifetime).
3. The ping command will first send an ICMP Echo Request to the peer;
4. After the peer receives it, it will return an ICMP Echo Reply;

4.NAT technology 

NAT technology background

We discussed before that the problem of insufficient number of IP addresses in the IPv4 protocol
NAT technology is currently the main means to solve the problem of insufficient IP addresses and is an important function of routers;< /span>

1. NAT can convert private IP to global IP during external communication. It is a technical method to convert private IP and global IP into each other:
2. Many schools, families, and companies use each terminal to set a private IP, and set a global IP on the router or necessary server;
3. The global IP is required to be unique, but the private IP is not required; the presence of the same private IP in different LANs has no impact at all;

1. The NAT router replaces the source address from 10.0.0.10 to the global IP 202.244.174.37;
2. When the NAT router receives external data, it will replace the target IP from 202.244.174.37 back to 10.0.0.10;
3. Inside the NAT router, there is an automatically generated table used for address translation;
4. When 10.0.0.10 sends data to 163.221.120.9 for the first time, the mapping relationship in the table will be generated; 

There is a problem. If the private IP address network segment and the port numbers of some processes of two hosts are the same, if the packet is forwarded by the router only by replacing the IP address, then the IP + port number obtained It's the same. If the host in the public IP area wants to forward the packet back, it cannot distinguish between these two identical IP+ports. So when replacing, the port will also be replaced. In order to enable the public network side to return to the private network side. Then the table maintained internally by the NAT router must not only be able to map the IP+port mapping relationship together. This table is the NATP table.

This association is also automatically maintained by the NAT router. For example, in the case of TCP, this entry will be generated when a connection is established; after the connection is disconnected, this entry will be deleted.

5.Defects of NAT technology

Since NAT relies on this translation table, it has many limitations:

1. Unable to establish connection from outside NAT to internal server;
2. The generation and destruction of the swap table requires additional overhead;
3. Once the NAT device is abnormal during the communication process, all TCP connections will be disconnected even if the device exists;

6.NAT and proxy server 

Routers often have the function of NAT devices. They transfer through NAT devices to complete the communication process between subnet devices and other subnet devices.
The proxy server seems to be similar to the NAT device. It's a bit similar. The client sends a request to the proxy server, and the proxy server forwards the request to the server that actually requested the request; after the server returns the result, the proxy server sends the result back to the client. 

So what are the differences between NAT and proxy servers?

1. From an application point of view, NAT equipment is one of the basic network equipment, which solves the problem of insufficient IP. Proxy servers are closer to specific applications, such as FQ (fanqiang) through proxy servers, and accelerators like Xunyou are also Use a proxy server.
2. In terms of underlying implementation, NAT works at the network layer and directly replaces IP addresses. Proxy servers often work at the application layer.
3. In terms of scope of use, NAT is generally deployed at the exit of the LAN, and the proxy server can be done on the LAN, WAN, or across networks.
4. From the perspective of deployment location, NAT is generally integrated on hardware devices such as firewalls and routers, while the proxy server is a software program that needs to be deployed on the server.

Proxy server is a widely used technology. 

1.FQ: Proxy in WAN:

 This kind of agent is generally called a forward agent:

2. Load balancing: Proxy in LAN:

This is generally called a reverse proxy.