On Friday, March 21, 2003, at 11:02 am, Gareth Williams wrote:
On Friday 21 March 2003 09:06, Mike Beattie wrote:So, Gareth, in effect, a router can be anything that joins two networks and
controls the traffic between. If you used an 'ethernet bridge', you'd spill
all your LAN traffic onto your DSL line, as Helmut implied.
Um, would you? I thought the *purpose* of an ethernet bridge was to keep two
networks seperate, and only pass data between them that needed to be. An
ethernet bridge would, I'm fairly sure, *not* spill local traffic onto the
other side of the connection.
I seriously recommend the octopus book, O'Reilly's "Ethernet: The Definitive Guide", for more details :-) Chapter 18 "Ethernet Switching Hubs" should do it for you ;-) The purpose of a bridge is to transparently _join_ network segments.
You also need to separate IP from Ethernet - try the heavyweight "Internetworking with TCP/IP volume 1", Douglas Comer, Prentice Hall Publishers.
Ethernet repeaters are electrical devices that allow you to get over the cabling limits imposed by electrical property standards. They don't have anything to do with the contents of the Ethernet frames themselves, but they don't let you extend your network size over the collision domain. However, because of the electrical delay they introduce to the signal, there is a maximum number of repeaters you can use - often as low as 2. The maximum size of a collision domain (which is the effective maximum size of the network) is based on the physical layer round-trip propagation time, and the collision enforcement time (i.e. time to detect plus time to send a jamming signal)
For 10BASE5 (the original Ethernet - 10mbps with a 500m cable length), signals could travel c.2800 metres in 512 bit-times, so the maximum network size was defined to be 2800 metres.
10BASE-T networks (the familiar twisted pair ethernet) have a network size of 100 metres, but just to break my argument that wasn't set on round-trip times, but instead was determined by signal-quality, because one of the design goals was to use cheap cables ... hence the old name "Cheapernet".
In order to join two collision domains together, you need to use a slightly smarter device than a repeater - enter the Ethernet Switching Hub, or "bridge". Originally they had just two ports, and only became "hubs" when multiple ports were provided. Simultaneous signals can be received by a bridge, which will then queue them for output at a time when they won't cause a collision on the destination network. The bridge can learn the MAC addresses visible on each of it's interfaces (or be explicitly told), but this is an additional feature that adds some efficiency, and also grants some control over the network - with a suitable bridge, you can selectively break the rules that say you should pass all traffic through, thereby forcing some traffic to stay within it's collision domain, and to go no further.
BUT
All this is based on Ethernet - and your DSL line isn't Ethernet. So it is impossible to bridge your LAN (which is Ethernet) with the DSL link.
In order to get traffic from your Ethernet LAN to your DSL circuit-connected network, you need to use a network protocol that isn't wedded to the physical network it runs on. Enter Internet Protocol, IP. IP runs on many different physical networks - especially Ethernet and your DSL link. All of your Ethernet PCs can continue to use Ethernet to talk to each other, but in order to talk to the outside world, they have to use IP. In the local network, all the IP traffic is moved around in Ethernet frames, but that work is now done by low level networking software, and the IP software never knows about it.
(That's not quite true for ARP and RARP protocol, which match IP addresses to Ethernet MAC addresses. However, ARP and RARP are not strictly part of IP, they are "assistant" protocols suitable for use in an Ethernet environment. They are not used in other network types)
my machine may not know the MAC address of google, but it doesn't need to,
that's for upstream routers to figure out (as I think you went on to say?).
When the ethernet frame leaves my computer, it will be stamped with the MAC
address of it's "local" router / gateway, no? (and the IP packet contained
within will be addressed to google). The ethernet bridge just needs to know
the MAC address of the router/gateway on one side (at the ISP, for argument
sake), it gets an ethernet frame from the local side with that address, and
it passes it on out the other interface. It doesn't need to operate above
layer 2.
To restate that - as the IP packet leaves your computer, bound for Google, the IP networking software decides that as Google isn't on your local LAN (shame), the packet must be sent to your local router instead. So the IP packet is constructed with google's IP as the destination, and your IP address as the source, and passed to the Ethernet software for delivery to *the router*. In other words, the Ethernet frame has the router's MAC address as the destination, and yours as the source.
When the router picks up the ethernet frame on the LAN interface, it opens up the IP packet. A normal machine would then reject the packet, because the destination IP address does not match its own address, but this is what routers are for. It looks at Google's IP address, and decides that the packet should go out of the DSL interface. It then injects the IP packet (with minor changes) into it's external interface.
If that external interface were another ethernet, the new destination MAC would be the ISP, and the source MAC would be the router. The original MAC source would be discarded as unimportant. However, the external interface is a DSL link, so the router won't use Ethernet frames at all. Let's not go into what it will do, please :-)
Of course this kind of setup would suck if you wanted more than one localThis is a whole other level of indirection in your question, based on how smart both ends of the DSL link are, and how much routing they are prepared to do for you ...
client - then you would need to do IP masquerading, and the device in
question would need to speak IP (ie. operate at layer 3), I agree. And then
it is a gateway/router.
ps. out of interest, could someone please explain the difference (if any)
between NAT and IP masq? Are they the same thing? Thanks.
But, basically, NAT is a one-to-one translation of IP addresses in one range to IP addresses in another range. IP masquerade is a many-to-one translation of a range of IP addresses down to a single IP address, using different TCP port numbers to differentiate between the original IP addresses. Big networks use NAT, small networks hiding behind a limited-service upstream link use IP masquerading - often contrary to the policy and terms of the ISP itself. Hence the name :-)
-jim
