Category Archives: Cloud

Cloud Blob Storage Race-to-Zero: Azure Reserved Pricing Is Here

Posted on by

If you thought Azure Blob Storage was inexpensive before, how would you like a further 38% discount just to be sure?

In November 2019, Microsoft announced that they would be introducing Reserved Price Discounting for 6 new services, including Blob Storage in GPv2 Accounts:

https://azure.microsoft.com/en-us/blog/save-more-on-azure-usage-announcing-reservations-for-six-more-services/

The pricing is also now available in the Azure Pricing Calculator:

What does this mean?

You can now reserve capacity in advance, the same way you can reserve VM Instances. The new model allows you to reserve capacity for either 1 or 3 years, with a 38% discount on your current costs for 3 years.

This is great for users who have a predictable consumption need.. such as Backup users 🙂

What to look out for:

1, Ensure that your subscription type is eligible for the pricing. These types are currently covered:

“Enterprise Agreement (offer numbers: MS-AZR-0017P or MS-AZR-0148P): For an Enterprise subscription, the charges are deducted from the enrollment’s monetary commitment balance or charged as overage.

Individual subscription with pay-as-you-go rates (offer numbers: MS-AZR-0003P or MS-AZR-0023P): For an individual subscription with pay-as-you-go rates, the charges are billed to the credit card or invoice payment method on the subscription.”

2, The pricing is available in minimum increments of 100TB (i.e. Do not bother if you have a couple of TBs in Azure).

Full details are available here. Please review this in order to understand your particular circumstances:

https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-blob-reserved-capacity

Networking Primer – Part 8: Summary

Posted on by

Holy cow, when starting to write this series I in no way expected it to turn into a 12 part, 3 month process.  I have covered so much, but there is so much more that could have been covered.  It’s been a challenge to keep pulling back and remembering that this is just a primer. To recap what we’ve covered by post:

Part Description
Part 1: Introduction Introduction to series content and objectives.
Part 2: Defining Networking with OSI and TCP/IP Suite Defining networking background, terminology and models.
Part 3: Application, Presentation and Session Layers Describes the tope 3 layers of the OSI model.
Part 4: Transport Layer, TCP and UDP A dip into the world of connection-orientated vs connectionless protocols.
Part 5.1: Network Layer – IP Addressing IP Addresses, what they are and how they are used.
Part 5.2: Network Layer – DNS and DHCP Converting IP addresses to names we can read and handing them out on a network.
Part 5.3: Network Layer – IP Routing Getting IP packets from one node to another.
Part 6.1: Data Link Layer, Ethernet and MAC Ethernet Frames for shifting local traffic.
Part 6.2: Media Access Control – CSMA/CD, CSMA/CA Getting access to the wire, fibre or air.
Part 6.3: Layer 2 Switching – Loops, Spanning Tree and Topologies Fitting LAN switches together,
Part 6.4: VLANs and other ANs (Area Networks) Security and Isolation with VLANs
Part 7: Physical Layer, Electrons, Photons and All Things Quantum Physical media and nerdiness.
Part 8: Summary Summary.

I’ve really enjoyed refreshing all my own knowledge on these basic concepts and hope you have too. Future series are to be more specifically focussed on network virtualisation and other areas of the data centre.

Networking Primer – Part 7: Physical Layer, Electrons, Photons and All Things Quantum

Posted on by

Our 7th and Final OSI Layer is the Physical Layer. Unless you are planning to work with or design specialist hardware there isn’t much interaction required with this layer from an administrative point of view. We’ll cover some of the basics here but not in-depth.  This layer strays directly into the realms of science, more specifically physics and even more specially quantum physics.  This is most definitely the geekiest post in this series.

Most modern computers store, process and transmit data in its simplest form, binary. It makes sense to encode data in the form of binary as even the most complex information can be broken down and represented as combinations of simple 0s and 1s. This simple representation maps very conveniently across to physical properties.  The physical technologies we use today work on the premise of data being represented by one of two states, there or not there (on or off).  The electronic components inside a computer are able to create and detect physical state. To simplify this to the highest level, electrical current is either present or not present inside a component on a circuit board. If it is present, that represents a 1 and if it is not, the represents a 0.

Signalling and Media

This is much easier to visualise in networking terms. If you have two nodes connected with a copper wire, the sending node is able to transmit electrical pulses down the wire and the receiving node is able to decode this as a stream of 0’s and 1’s. Another way of thinking of this is like the ships of World War 2 that used big lights to send messages to each other in the form of morse code. This is referred to as signalling and the whole focus of layer 1 is to define the protocols for converting data to signals along with sending/receiving them.  Anything that is able to exist (and be detected) in one of two physical states can be used as a transmission device.

Morse Code Signalling Lamp

Our transmission media doesn’t necessarily have to be electrons flowing down an electrically conducting wire. It could just as well be photons of light travelling down a fibre optic cable. It could also photons travelling through the air as part of radio magnetic waves (i.e. Wifi). When implementing the physical network, consideration must be given to the properties of the physical media, each of them will have different speed, throughput, cost and flexibility attributes. For instance, Fibre optic technologies generally cost more than their electron shuffling equivalents, but today they represent the fastest possible method moving signals from one place to another. They do this at the speed of light (299,792,458 metres per second) and that is essentially the fastest anything can travel as it’s the cosmological speed limit of the entire universe. Electrical current still moves down wires pretty fast, in fact almost at the speed of light, but slightly less due to other physical factors that cause some interference and resistance to the movement.

From a WiFi perspective it’s strange to think that we have electromagnetic waves running through us and all around us at all times. The transmission element in the radio wave is of course also the photon, after all, light is just an electromagnetic wave oscillating at a different (and visible) frequency than radio. I particularly like the picture below which visualised the electromagnetic wave of WiFi propagating across a city.

Here's What Wi-Fi Would Look Like If We Could See It

You can find more cool WiFi visualisation here:

Here’s What Wi-Fi Would Look Like If We Could See It

Wow, time to make our way out of the land of geek.  This is as much as we’ll cover here as this is a Primer and not a physics course.

DevOps, Automation & The Race to the CLI. A New Cycle?

Posted on by

DevOps and Automation have certainly taken some mind share in the IT community and it seems to be becoming a universally accepted truth, that we need to automate operations in order to keep up with the rapid pace of development in the data center.  There is clearly a trend of moving away from GUI based configuration, towards using the CLI (Command Line Interface), scripting and agile programming in order to achieve operational objectives in our environments.  This is also evidenced in a seemingly ubiquitous substitution of job descriptions. The “System Administrator” role appears to be disappearing and a new “DevOps Engineer” role is supplanting it in many places. What’s unusual is that other than the job title, the job descriptions seem to be very much the same with additional scripting skills coming to the fore.

Minority Report UI

Even the King of the GUI, Microsoft, has seen this trend and with Windows Server 2012, dumped the Full Fat GUI approach in favour of using PowerShell as the primary point of interaction with the OS. Windows Server installs as the Core version (no GUI) by default now and it is expected that using a GUI would be the exception to the norm. I have to say that that’s not necessarily a bad thing, PowerShell is probably one of the initiatives that Microsoft has got right in recent years and those seem to be few and far between.

There are many obvious benefits to these text-based configuration approaches and it is inevitable things will continue in that direction. As workloads in the data center continue to become more transient with instances span-up and discarded frequently, it’s going to become a mandatory requirement to perform similar repeatable operations for many similar objects with scripting or similar tools.

Being around IT as long as I have though, I can’t help but wonder if this is just another “cycle”. It’s taken us 30 years to move away from the Centralised, Text Driven Mainframes of last century, but we are definitely heading back in that direction.  IT tends to be cyclical in nature and I’d hazard a guess that once we’ve all got to grips with DevOps, there will be a new generation of graphical tools in the distant but imaginable future. We are after all a primarily visual species.  If and when  DevOps fully takes hold, is it here to stay or just the returning curve of a technology cycle?

Networking Primer – Part 6.4: VLANs and other ANs (Area Networks)

Posted on by

Previous: Part 6.3: Layer 2 Switching – Loops, Spanning Tree and Topologies

I probably should have covered this a little earlier in the series, regardless we’ll do it now. Networks are loosely categorised by the area they cover. This is usually compacted into a useful xAN acronym where x stands for the scope, A stands for Area and N stands for Network. The following table lists the different scopes:

Scope Description
LAN – Local Area Network Usually restricted to a single building or even sub-parts of the building in some cases. This type of network is most relevant to everything we have discussed at Layer 2 of the OSI stack. Primarily related to wired network connectivity.
WLAN – Wireless Local Area Network Very similar to LAN, but focussed on wireless connectivity as opposed to wired. Usually restricted to a single building or even sub-parts of the building in some cases. This type of network is most relevant to everything we have discussed at Layer 2 of the OSI stack.
WAN – Wide Area Network The largest scope of network that could potential span the entire globe.
MAN – Metropolitan Area Network Still large but restricted in size to Metropolitan area such as a city or large suburb.
CAN – Campus Area Network Multibuilding networks deployed across educational or similar institutional campuses.
PAN – Personal Area Network Used for devices in your immediate personal space or within a few meters. Smart phones and other Bluetooth driven devices sit in this category.

One acronym missing from the above table is VLAN – Virtual Local Area Network. Let’s put some focus on it now.

VLAN – Virtual Local Area Network
The reason I’ve missed it from the table is because a VLAN doesn’t really fit into a physical scope. It’s actually a logical segmentation construct that sits inside an existing Local Area Network or LAN.

Remember the importance of the Port as a management entity as stated in the previous post? This comes into play again here with VLANs too. By assigning a VLAN to a port we effectively segment it from the rest of the ports in the environment that aren’t assigned to the same VLAN. Without VLANs, every device connected to every switch in the network sits in the same Broadcast domain. Once the switches have learned which ports are occupied by which MAC addresses, broadcasts are reduced, but they do still need to happen as network changes are made frequently. By assigning VLANs, we are logically splitting down the broadcast domain into multiple smaller broadcast domains. Another more dynamic way to establish VLAN membership is by MAC address. This means that whichever port in the network a device is plugged into, it will always be recognised as a member of the correct VLAN.

So why would we want segment at all? There are two reasons, Security and Network Efficiency.  From a security perspective, by creating this logical segmentation we stop nodes from receiving frames that they do not need to receive, as all broadcast traffic is isolated to the ports that belong to the correct VLAN. This is can prevent an eavesdropping or any other unwanted visibility of frames outside of the VLAN. We might want to segment different departments in this way. For example, the payroll department might sit on its own VLAN, as the data it transmits is financially sensitive. Do all the nodes in the other departments need to see those broadcasts? Probably not. Network Efficiency is pretty straight forward too. By segmenting the traffic into VLAN we also reduce the amount of traffic each node receives. This reduces the amount of bandwidth used by the node and also the amount of processing the node has to do, to work out if the unwanted frames are intended for it, before discarding them.

While VLANs are an excellent tool for subdividing broadcast domains, we can take this even further if required using PVLANs (Private VLANs). A detailed description of the PVLANs is out of scope for this primer, but as a high level summary we can say that they are used to subdivide VLANs into even smaller broadcast domains. We create some secondary VLANs and then implement some rules to restrict which ports in the Primary VLAN each sub-division can communicate with. A good example use case for this might be a hotel network, where we want all devices to be able to communicate with the internet connected router, but not with each other. More details can be found here : Private VLANs.

VMware is Goldmember in Openstack

Posted on by

It’s been a little surprising to me that there’s a decent amount of buzz in the market surrounding Openstack, but not many people are clear about what it actually is and VMware’s involvement in it.  In some discussions, it is occasionally wielded as the “Deathbringer” for all things VMware and a work-in-progress alternative to everything VMware does. More often than not, there is a reaction of surprise in those discussions when it comes to light that VMware is a member of the Openstack Foundation. Furthermore, it contributes enough resources, funds and activity to be a Gold Member of the Foundation.

Openstack Gold Member

So how does that work?

Well, first and foremost when compared to a product suite such as VMware’s vCloud Suite, it should be understood that Openstack is not a fully featured product stack that will cater for all of the functionality required to operate a private, hybrid or public cloud.  Openstack is a plug-and-play framework that defines a common list of APIs and interfaces to enable the provision and operation of cloud capabilities. The key word here is framework. This framework provides a definition and set of rules for how the components in a cloud should communicate and service each other.  Openstack doesn’t for example provide compute virtualisation, or network and storage virtualisation for that matter.  Yes, you still need a hypervisor in an Openstack implementation. There is definitely some confusion over this point and Openstack (open source cloud management) is often mentally bundled together with KVM (one open source hypervisor).  This is of course incorrect, KVM is not Openstack and vice versa. The hypervisor could be any number of those on the market today, remember it’s plug-and-play.  This is one example of where VMware has significant relevance to Openstack. You can use vSphere as the hypervisor in any Openstack system.

Alongside the compute virtualisation provided by vSphere, it’s also possible to use VMware technologies such as VSAN (Virtual SAN) to serve up storage along with NSX for network functionality. In fact, after VMware’s acquisition of Nicira, it became extremely important in terms of the development of Openstack networking projects. So it is clear to see there are definitely many areas of collaboration for VMware and Openstack.  It would be dismissive to fail to acknowledge that there are elements of competitive overlap between some VMware products and some Openstack, but these aren’t an all encompassing “Us vs Them” discussion. VMware’s approach to Openstack is very much one of being a good neighbour in a growing ecosystem. If every element of the stack is to be plug-and-play, VMware will make best efforts to ensure that it’s own components adhere to the API specifications and provide the richest set of functionality available to the market.

VMware’s Openstack membership is established and gaining momentum. VMware is a Gold Member of the Openstack Foundation and continues to increase activity and contributions in all relevant projects. Although a relatively late arrival to the foundation, VMware now sits in the Top 10 contributing companies for the whole project (rankings based on Source code commits).

Openstack Commit by Company

If you would like to know more about getting started with VMware and Openstack please read the following whitepaper:

http://www.vmware.com/files/pdf/techpaper/VMWare-Getting-Started-with-OpenStack-and-vSphere.pdf

Networking Primer – Part 6.3: Layer 2 Switching – Loops, Spanning Tree and Topologies

Posted on by

Previous: Networking Primer – Part 6.2: Media Access Control – CSMA/CD, CSMA/CA

We were briefly introduced to devices called Network Switches in the last post in this series. A switch essentially acts as a central connection point in a star topology  for many network nodes.It is similar to a Hub from a topological perspective but whereas a hub will take a frame in from one port and broadcast it out on all of the other ports, a switch has some built-in intelligence so it may forward the frame only to those ports which should receive the frame.  I like to think of a switch very much like it’s similar namesake, the switchboard, from the public telephony world.

Old Telephony Switchboard

In this older world, you picked up your phone to call the operator.  When the operator at the other end answered, you would tell her/him who you would like to call, they would cross reference the name with the relevant port number on the switchboard and plug in a cross-connecting wire between your incoming port to your outgoing call recipients. A network switch operates in a similar fashion although there are of course some notable differences.

Switch Ports

Ports are a very important entity in the switching process. Modern switches can contain 8, 16, 24 .. or even 1000’s of ports in large-scale enterprise level implementations. Port occupancy on a network switch can be very transient with desktops and laptops changing the port they are plugged into on a daily basis. To cope with this, the switch must be much more malleable and must have a mechanism for learning which device is occupying which port. It does this by maintaining a table of the source MAC addresses it receives from each port.  It is worth being aware that if a switch doesn’t know which port of the destination MAC address it will still broadcast to all the other ports in the same way a hub does.

I can’t emphasise the following enough, so it is worth re-iterating.. the Port is a very important entity in the switching process and is not only a node’s physical access point into the network.  It also represents a management construct that can be used to control the nodes security and resource permissions within the network.  The Port and it’s associated ID can be used to segment traffic as well as shape it (e,g, restrict bandwidth, etc).

Switching Topologies

A single switch device connecting all the nodes in a network is a pretty simple architecture to visualise and understand. This kind of set-up is however only found in small office environments. In larger environments, it may become impossible to cable all of the nodes into the same switch due to geographical, redundancy or resiliency factors.  In these environments, we need to introduce multiple interconnected switches.  Luckily most modern switches have the intelligence to connect to other switches in pretty much any configuration. We can daisy chain them together, make circular loops or any other artistic creation we wish.. all of these are possible:

Logical Topologies

When a switch is connected to another switch, it soon learns that the interconnecting port isn’t occupied by a single node and MAC address. They’ll learn that there is another switch there and that the port is possibly the destination for many devices. Any source MAC addresses coming in from that port will be stored in the table so that local nodes may send frames back to those devices via that port.  Given this flexibility, of connecting switches together in any configuration, it is possible to find ourselves with the problem of circular switching loops.

Switching Loops and the Spanning Tree Protocol

As stated above, if a switch receives a frame on a port and hasn’t yet learned the forwarding port of its MAC Address, it will broadcast it out on all of its ports with the exception of the one it receives it from. This is called a broadcast of an unknown unicast frame. A similar bulk multi-port forwarding operation may occur for general broadcast frames as well as multicast frames (frames for more than one destination node).  These multi-port broadcast have the potential to turn into infinite circular loops where there is a circular route to follow in an architecture.

Take the following example:

Switching Loops

A node connected to Switch B wants to communicate with a node connected to Switch C. It doesn’t know where the forwarding port for this node is so Switch B broadcasts to all ports including the ports interconnecting A, C, D & E. Switch A will send it to C, D & E. The frame will reach its destination on Switch C, but it may receive two copies of the frame, one from B one from A. Also now that D is in the mix, it’s possible D could broadcast it back to B, who in turn will broadcast it back to A. This is just one example of a switching loop.

The problem with these loops is that they’re often difficult to spot. The frame does get where it’s going, but multiple copies of it are being looped. This is only really apparent when the switches CPU seems to be increasing workload for no apparent reason. Enter STP or Spanning Tree Protocol. In Brief, STP learns the multiple possible routes a frame may take across the switching infrastructure. It then assesses these multiple routes using an algorithm to select the best one and blocks the rest, thus preventing any looping.

The Hierarchical Network Model

The Hierarchical Network Model is a network design model created by Cisco. It’s a very simple layered model created from medium or large network environments. The Layers are defined as follows:

  • Core Layer – composed of powerful high throughput switches and border routers to make up the backbone of the network
  • Distribution layer – a second tier layer used for aggregation the lower layer switches and connecting through to core.
  • Access Layer – the tier containing the front-end switches where the network devices/nodes gain access to the network.

The Hierarchy Network Model

 

This model is very widely deployed and has become somewhat of a defacto standard. It is worth remembering these layers and where they sit. In future blogs, I intend to address network virtualization and how it has shifted the dotted line and pulled some of the access layer into the hypervisor (more to come on this later).

 Next: Part 6.4: VLANs and other ANs (Area Networks)

Response To: Is Openstack Dead? at VirtualizationPractice.com

Posted on by

In recent months, I have heard a lot of buzz in the media about what’s happening with Openstack. Published today, I found this article on the virtualisation practice website an interesting and thought provoking read. In it, they actively question the viability of Openstack and its long-term future:

http://www.virtualizationpractice.com/openstack-dead-26869/

The article questions with some focus, the economic viability of the continued development of Openstack. It identifies that there appears to be a lack of a driving force behind the project  In other words, a lack of any major bankrolling entity that stands to benefit from the success of Openstack.  This is very bold article that will definitely shake some of the proponents of Openstack up.  I can hear the heckling streaming across the blog-vines as we speak.  While there are many valid points in this article stating that open stack is a “dead cloud walking” is perhaps extreme.

I personally don’t believe Openstack is dead. It does however have a significant number of challenges to overcome in the short to medium term.  Integration, lack of compatibility and the increasing number of diverging distros is clearly becoming a problem.  The many interested and involved parties pulling in their own unique direction may also  hinder progress.

So why do I believe there is life in Openstack?

I would say that there is a driving force behind the project. That driving force being the open source community. I would however question whether that driving force has the momentum, resources and capability to conquer the world of cloud in the short-term. I’ve heard a lot of chatter from various Openstack community members and conferences validating similarities between Openstack today and the early days of Linux.

There are two primary issues with this comparison that strike me as problematic. These issues make me believe that it will take a very long time for Openstack to gain any kind of significant traction.  The first is that the Linux project has had a very authoritative and dictatorial leadership model (in the form of Linus Torvalds). I believe this approach and the lack of “leadership by committee” was somewhat instrumental to the success it has achieved.

I think we can all agree that Linux has been very successful and is definitely here to stay, but what is the definition of success and how long are we willing to wait for it ?

Desktop OS Market Share 2014

Linux was originally developed as an alternative desktop operating system and the project started in 1991. Today in 2014, 23 years later it still retains less than 2% of that market.  It has made significantly better progress in the web server market (30%) and has pretty much killed the mobile device market in the form of android (80% of smartphone sales in 2013), but these later successes have only really come to pass in the last 2 to 3 years.

Ultimately, it’s taken Linux 20 years with that focussed single-minded leadership to generate that success.  Openstack is, to date, 4 years in the making.  This is not to say that Openstack must experience the same 20 year battle.  I do however find it difficult to perceive that it will be ready to garner any significant traction in the private or public cloud space within the next 5 (perhaps even 10) years.  It’s a complicated beast with many moving parts and even if it was fully ready to deploy and had feature parity with the commercial alternatives, it still requires monumental shifts of mindset in order for organisations to buy in to such a platform.  I’ll watch developments with interest.

Disclaimer: I’m a VMware employee and it should be clear that although VMware is an active Openstack community member there is also an element of competition between the respective stacks. These opinions are my own.

 

Networking Primer – Part 6.2: Media Access Control – CSMA/CD, CSMA/CA

Posted on by

Previous: Networking Primer – Part 6.1: Data Link Layer, Ethernet and MAC

I will start this post with a foreword that at least one of the protocols in the title, CSMA/CD, is obsolete. I’m including it here as it’s very useful to understand why we no longer need it, due to the changes in layer 2 topologies that have evolved over time. A little history can illuminate why we are where we are.

CSMA (Carrier Sense Multiple Access) is a methodology that deals with multiple computing nodes access the same physical media, whether that be a piece of wire, optical fibre or even the air.  It makes sense that there should be some rules around when each node can transmit/receive rather than a free-for-all where interference, possible corruption and inefficiency can occur. The media is being shared so access needs to be given through arbitration.

There are two sub-methodologies for CSMA. These being CSMA/CD (Collision Detection) and CSMA/CA (Collision Avoidance).

CSMA/CD history

As mentioned in the previous post, initially Ethernet systems were based on coax (coaxial cable). Networks were implemented in a bus sharing topology. All of the nodes in the network would share the same piece of coax and essentially have their NIC connected to a piece of coax that was piped directly into the main bus coax via a T-Bar connector, that looked like this:

Coax T-Bar

You can see a typical network bus topology here:

LAN Bus Topology

In order to ensure communication between the nodes could occur. CSMA/CD was used. In CSMA/CD, each node would step through a process to get the desired result. The process was as simple as:

  1. Listen to see if the wire is idle.
  2. If idle, transmit the data.
  3. If a collision occurred with another node transmission, wait a random period of time then try again.

In this topology, we have to be aware that the wire represents what we call a “collision domain”. While using a single collision domain (i.e. wire) was reasonably efficient for a small number of computers, it had many problems with reliability and scale. From a reliability perspective, if there was a break anywhere in the wire, it would take down the whole domain. Another common problem was the absence of or faulty terminators (labelled Terminating resistor above).  Without a functioning terminator on the end of the coax, the bus wouldn’t function. A secondary issue here was scale. The more nodes you added, the more collisions you’d see and the less well the network would function.

There were several approached developed to mitigate these issues, revolving around the idea of breaking networks down into smaller segments and therefore smaller collision domains.

Network Hubs

The coax bus topology was soon dumped in favour of using Twisted Pair (TP) cabling and a star/mesh based topology. In order to move away from the single wire bus topology, a new device needed to be introduced to act as the central connection point for the network, as each node would now have it’s own wire. Enter the hub. A hub is essentially a box with a bunch of ports on it. Each node can be plugged into a separate port on the using it’s own TP cable that has an RJ45 connector on each end. Using a star topology, with our nodes sitting on spokes around our hub, does resolve some of our reliability problems. If a wire breaks or is faulty, only the node sitting at the end of it is affected and not the whole network.

Hub Topology

The hub is, however, a very dumb piece of equipment. It takes frames in on any single port and then sends those frames out to every other port. From a collision perspective we still only have a single collision domain. This means that we still have to use CSMA/CD and we still have problems with scaling.

 Network Bridges

A network bridge is an additional network device that has a little more intelligence, but only a small step up from a hub. A bridge only has two ports, it sits between two network segments and learns which mac addresses sit on either side of it. If it sees a destination MAC address coming in from side A, and it knows that the destination node is on side A, it will drop the frame. Therefore, none of the nodes on side B will ever see it. We have reduced our network traffic by 50% on each side and also halved our collision domain.

Network Bridge

 

Network Switches

While Hubs and Bridges made significant strides in improving both reliability and reducing collision domains, it was clear that scale and management were still difficult for any network that was larger than a few 10’s of nodes. The network needed additional intelligence.  That intelligence came in the form of “Switching” and the new device to do that was the “Network Switch”.

The switch takes things much, much further. A switch has more than two ports, topologically it can be used instead of a hub. In the same way as they do to a hub, each of the nodes connects directly into the switch on a port. The switch is able to do the same sort of filtering that a bridge does, but it can do that on a per port basis. Rather than separating two network segments like a bridge, the switch is separating each and every node. When a frame comes in on one port, the switch is intelligent enough to send it out only on the port (or ports) where it needs to go to, to reach its destination. It has the intelligence to learn which MAC Addresses are sitting on which ports and updates its own internal tables as this changes.

Circling back to our title, bus using a switch we have effectively reduce our collision domain to a single wire per node. We therefore no longer need a methodology to arbitrate access to the media. Hence the obsolescence of CMSA/CD.

This is as deep as we’ll go on switching until the next post.

CMSA/CA – Carrier Sense Multiple Access – Collision Avoidance

CSMA/CD is very much the bull in a china shop, feet first approach to accessing physical media. CSMA/CA represents a more cautious approach with the goal of avoiding any collisions in the first place. It is still relevant and prevalent today due to the nature of WiFi networks.

In a WiFi network, the physical media is essentially the air (or radio waves running through it). As you can imagine, it would be very difficult to segment air in the same way as a wired network as there are no clear points in ingress/egress. We could try to use the CSMA/CD approach, but this isn’t effective in WiFi as each node communicates directly with the wireless AP (Access Point) and not with each other. This is called the hidden node problem, where collisions can’t be detected so the node never knows one has occurred. By using CSMA/CA, the WiFi network is able to work around the issue. With this methodology the AP mediates access to the media. A node requests permission to send, the AP gives the node a CTS (Clear To Send) acknowledgement and the node will send its entire payload across the channel. Only one node at a time has access to the channel.

Now we have successfully accessed or media and pushed our frame out of the source node, let’s look at how that’s moved across the LAN.

Next: Networking Primer – Part 6.3: Layer 2 Switching – Loops, Spanning Tree and Topologies

Networking Primer – Part 6.1: Data Link Layer, Ethernet and MAC

Posted on by

Previous:Networking Primer – Part 5.3: Network Layer – IP Routing

In previous posts we’ve covered logical addressing and moving IP packets of data across our network from source to destination. We’re now going to take a further shift towards the bits and bytes details of how that logical addressing and routing relates to the more tangible physical media that is used to transmit the data.  This is where the Data Link Layer becomes applicable.  “The Data Link Layer” is a bit of a mouthful, so this is often dropped and the OSI stack layer number is substituted, Layer 2. From this point forward I will use “Data Link Layer” and “Layer 2” as interchangeable terms which mean exactly the same thing.

The Data Link Layer breaks down into two sub-layers. Firstly, we have the upper sub-layer, called Logical Link Control (LLC) and beneath it we have the Media Access Control Layer.  The LLC Layer is responsible for establishing links (connections) between devices in the same local area. It also includes some error checking and handling. The MAC Layer encapsulates a set of protocols and rules for how those devices will gain access to the physical media in order to transmit/receive data.

Historically, there have been a number of competing protocols and topologies used at this layer.  In the 80’s and later Ethernet, FDDI and Token Ring approaches were all vying to become the standard for LAN (Local Area Network) traffic, but unquestionably due to its flexibility and reduced cost, Ethernet has won that battle.  Most LANs are built on Ethernet today, although more recently with the rise of mobile devices, it has become a shoulder to shoulder partner with the WLAN (Wireless LAN) which provides WiFi access to networks.

Ethernet

Ethernet is predicated on the concept of giving network nodes access to a shared physical media, where all nodes in the network can either send or receive data. In its original incarnation, coax (coaxial cable) was used as Ethernet’s shared physical media combined with a Bus topology. As more and more devices were added to the network, the coax based approach did not scale well and became difficult retain reliable service. The coax approach was superseded by the use non-shared physical media interconnected via network devices which we have yet to introduce such as Hubs, Bridges and Switches.  Before we get to the topologies we should look some of the other functions and terminology.

As with our upper layers, when the data is passed down to this layer we add another additional outer wrapper that includes all of the relevant metadata we need to work with Layer 2 functions. We are effectively adding some header information and may also break down our data further if that is required by the underlying devices. In the network layer, we have so far referred to our chunks of data as Packets (IP Packets), at this layer we refer to our chunks of data as Frames (Ethernet Frames). To re-iterate the clear distinction here: Network Layer = Packets, Data Link Layer = Frames. This is useful terminology to get clear.

We’re ready to send our frame out onto the physical media but how will the other nodes know whether or not they’re the intended recipient? Answer, MAC addressing.

MAC Addresses

IP Addresses are a logical constructs that can be allocated, de-allocated, moved and re-used. To physically tie our node to the network, IP addresses are not used. We have a different addressing mechanism at Layer 2, this is the MAC (Media Access Control) Address.  The physical component that interacts with the network from our node is the NIC (Network Interface Card). Historically, at the time of manufacture each NIC was allocated a unique MAC Address from a world-wide pool, so it could be differentiated on any network. The MAC Address is a 48-bit address that is most commonly displayed in hexadecimal format (e.g. 28:CF:E9:1F:B4:79). While it is not as humanly readable as an IP address is, it’s still a better representation than the underlying 48 0’s and 1’s that we’d have to remember without it.  Do the following to check your local MAC Address:

  • Go to your Start Menu and search for and run “Windows Powershell”. This may be in a slightly different location depending on your version of windows. At the Powershell prompt: Type “IPCONFIG /ALL” and see the results. You should see something like this:

    IPCONFIG-ALL-MAC

    The MAC address is listed here against, “Physical Address”.

  • Open up a terminal window and type IFCONFIG. On a Mac you will see a result that looks like this:

    IFCONFIG-MAC

    I’ve highlighted some of the same information that you could also see on the Windows tab. 

When our frame leaves our node via our NIC onto the shared media, the layer 2 wrapper includes both a source and destination MAC Address.  This is all good but there’s a problem we have missed here, we know the destination IP address, but where did we get the destination MAC address from? Well there isn’t a DNS style server that stores and provides this. As the nodes are all on the same physical media (sometimes referred to as “broadcast domain”) we can simply ask all the nodes, but we need some protocols to do that. This is where ARP (Address Resolution Protocol) joins the party.

ARP (Address Resolution Protocol)

ARP is simply a mechanism for finding and storing relationships between IP and MAC addresses.

Each node retains a local ARP table/cache which lists relationships between IP and MAC Addresses. When a frame is being sent, the sender cross references the IP address with its local ARP cache. If the IP/MAC combination isn’t listed, an ARP request is broadcast to all nodes on the network to find it. In plain English, the source node is asking “What’s the MAC for this IP address I have?”. All nodes pick this request up, and if they are the intended node, they’ll reply with a “That’s me and here’s my MAC address.” response. The response is cached for future reference.

Side note: There is also a protocol called RARP (Reverse Address Resolution Protocol) which does exactly the opposite. It was used so that nodes could find their own IP address, if they only knew their MAC. This protocol is now obsolete and has since been superseded BOOTP which was in turn superseded by DHCP functionality.

 In the same way that we can use IPCONFIG/IFCONFIG to display, alter IP configurations, we can use the ARP command to view, manipulate the ARP cache. Examples here:

  • Open a Powershell prompt and type “ARP -A”. You should see output similar to this:

    ARP Output Windows

    Very simple IP to MAC Mappings.

  • Open up a terminal window and type “ARP-A”. On a Mac you will see a result that looks like this:

    ARP Output Mac

The ARP cache is not always up to date, especially where IP address changes might be frequent, so it is worth familiarizing yourself with the ARP switch commands that are used to directly manipulate the cache during troubleshooting. For instance, “ARP -D” can be used to delete entries. There are also mechanisms for flushing the whole table.

Now we have all of our layer 2 addressing sorted, our frame is ready to go.

Next: Networking Primer – Part 6.2: Media Access Control – CSMA/CD, CSMA/CA