03.08Q: Is there an official "standard" punch down scheme for 10BaseT?
A: Get a copy of EIA/TIA-568, it covers all of that sort of stuff:
horizontal, vertical, connectors, patch cords, cross-connects, etc.
03.09Q: Is it safe to run Unshield Twisted Pair next to power cable?
A: According to EIA/TIA-569, the standard wiring practices for running
data cabling and companion to the above referenced EIA/TIA-568, you
should not run data cable parallel to power cables. However, in
reality, this should not be a problem with networks such as
10BaseT. 10BaseT uses differential signalling to pick the data
00 signals off the wire. Since any interference from nearby power
lines will usually affect all pairs equally, anything that is not
canceled-out by the twists in the UTP should be ignored by the
receiving network interface.
03.10Q: Can I make a cable to connect the AUI ports of two devices directly
to each other?
A: Yes and no. You can make the equivalent of a null modem cable by
connecting a two-pair, twisted pair cable connecting pins 3/10 at
each end to pins 5/12 (respectively) at the other. This connects
transmit-to receive (null modem). However, this will probably NOT
work with "standard" software because:
- There is no collision detect. If a collision occurs neither
device will back-off or and retry.
- There is no loopback (stations will not hear their own
transmissions which may cause diagnostics failures).
- There is no heartbeat (SQE test) provided, which may cause
If you want to use standard software, buy some transceivers. An AUI
null-modem will work for a laboratory, test environment under
03.11Q: Can I connect the 10BaseT interface of two devices directly
together, without using a hub?
A: Yes, but not more than 2 devices, and you also need a special
jumper cable between the two 10BaseT ports:
RJ45 pin RJ45 pin
1 <--[TX+]--------[RX+]--> 3
2 <--[TX-]--------[RX-]--> 6
3 <--[RX+]--------[TX+]--> 1
6 <--[RX-]--------[TX-]--> 2
03.12Q: Does my Ethernet coax have to be grounded? How?
A: Yes and no. The 10Base2 spec says the coax MAY be grounded at one
and only one point, while the 10Base5 spec says the coax SHALL be
grounded at one and only one point.
Grounding your coax is generally a good idea; it allows static
electricity to bleed off and, supposedly, makes for a safer
installation. Further, many local electrical codes will require
your network cabling to be grounded at some point. However, I have
personally seen many Ethernet networks work with absolutely NO
ground on the segment, and even a few unreliable segments become
reliable when the one and only ground was removed. I'm not saying
you should not ground your networks -- you should absolutely
install cabling according to your electrical codes.
On the other hand, if you do ground your cable, make sure you do so
only at one point. Multiple grounds on an Ethernet segment will
not only cause network errors, but also risk damage to equipment
and injury to people.
If you have a repeater on one end of the segment, this will usually
automatically ground that end of the segment (you may want to check
the repeater documentation and configuration to assure this is the
case -- most repeaters can be set-up to NOT ground). If you don't
have a repeater, you can get terminating resistors with ground
04.01Q: What is a "segment"?
A: A piece of network wire bounded by bridges, routers, repeaters or
04.02Q: What is a "subnet"?
A: Another overloaded term. It can mean, depending on the usage, a
segment, a set of machines grouped together by a specific protocol
feature (note that these machines do not have to be on the same
segment, but they could be) or a big nylon thing used to capture
04.03Q: What is a fan-out? Is this device still used?
A: Fanout (a.k.a. transceiver multiplexor, a.k.a. multiport trans-
ceiver, a.k.a. DELNI) allows multiple stations to connect to a
single transceiver or transceiver-like device. They are still
04.04Q: What means "AUI"?
A: Attachment Unit Interface, an IEEE term for the connection between
a controller and the transceiver.
04.05Q: What is a transceiver?
A: A transceiver allows a station to transmit and receive to/from the
common medium. In addition, Ethernet transceivers detect collisions
on the medium and provide electrical isolation between stations.
10Base2 and 10Base5 transceivers attach directly to the common bus
media, though the former usually use an internal transceiver
built-onto the controller circuitry with a "T" connector to access
the cable, while the latter use a separate, external transceiver
and an AUI (or transceiver) cable to connect to the controller.
10BaseF, 10BaseT and FOIRL also usually use internal transceivers.
Having said that, there also also external transceivers for
10Base2, 10BaseF, 10BaseT and FOIRL that can connect externally to
the controller's AUI port, either directly or via an AUI cable.
04.06Q: What means "MAU"?
A: Medium Access Unit, an IEEE term for a transceiver. MAU is also
commonly [mis]used to describe a Token-Ring Multi-Station Access
Unit (MSAU). Refer to HUB for an explanation of MSAU.
04.07Q: What exactly does a repeater?
A: A repeater acts on a purely electrical level to connect to
segments. All it does is amplify and reshape (and, depending on the
type, possibly retime) the analog waveform to extend network
segment distances. It does not know anything about addresses or
forwarding, thus it cannot be used to reduce traffic as a bridge
can in the example above.
04.08Q: What is a "hub"?
A: A hub is a common wiring point for star-topology networks, and is a
common synonym for concentrator (though the latter generally has
additional features or capabilities). Arcnet, 10BaseT Ethernet and
10BaseF Ethernet and many proprietary network topologies use hubs
to connect multiple cable runs in a star-wired network topology
into a single network. Token-Ring MSAUs (Multi-Station Access
Units) can also be considered a type of hub, but don't let a
token-ring bigot hear that. Hubs have multiple ports to attach
the different cable runs. Some hubs (such as 10BaseT and active
Arcnet) include electronics to regenerate and retime the signal
between each hub port. Others (such as 10BaseF or passive Arcnet)
simply act as signal splitters, similar to the multi-tap cable-TV
splitters you might use on your home antenna coax (of course,
10BaseF uses mirrors to split the signals between cables). Token-
Ring MSAUs use relays (mechanical or electronic) to reroute the
network signals to each active device in series, while all other
hubs redistribute received signals out all ports simultaneously,
just as a 10Base2 multi-port repeater would.
04.09Q: What exactly does a bridge?
A: A bridge will connect to distinct segments (usually referring to a
physical length of wire) and transmit traffic between them. This
allows you to extend the maximum size of the network while still
not breaking the maximum wire length, attached device count, or
number of repeaters for a network segment.
04.10Q: What does a "learning bridge"?
A: A learning bridge monitors MAC (OSI layer 2) addresses on both
sides of its connection and attempts to learn which addresses are
on which side. It can then decide when it receives a packet
whether it should cross the bridge or stay local (some packets may
not need to cross the bridge because the source and destination
addresses are both on one side). If the bridge receives a packet
that it doesn't know the addresses of, it will forward it by
04.11Q: What is a remote bridge?
A: A bridge as described above that has an Ethernet interface on one
side and a serial interface on the other. It would connect to a
similar device on the other side of the serial line. Most commonly
used in WAN links where it is impossible or impractical to install
network cables. A high-speed modem (or T1 DSU/CSU's, X.25 PAD's,
etc) and intervening telephone lines or public data network would
be used to connect the two remote bridges together.
04.13Q: Is there a maximum number of bridges allowed on a network?
A: Per IEEE 802.1 (d), the maximum number of concatenated brides in a
bridged LAN is 7. This number is rather arbitrary, however, and is
based on simulations of application performance with expected
In addition, the number assumes that all bridges are LOCAL (no
remote WAN connections), and that the default Hold Time of 1 second
is in place (this is the time after which a bridge will discard a
frame it is holding). This prevents extra-late frame delivery.
(i.e, a frame should never be delivered more than ~7 seconds after
is it sent).
I personally (Rich Seifert) find this to be much too long an
allowance. My "rule of thumb" for bridged LANs is to limit the
number of hops to 4, with not more than one of these being a WAN
linked remote bridge.
04.13Q: What exactly does a router?
A: Routers work much like bridges, but they pay attention to the upper
network layer protocols (OSI layer 3) rather than physical layer
(OSI layer 1) protocols. A router will decide whether to forward a
packet by looking at the protocol level addresses (for instance,
TCP/IP addresses) rather than the MAC address. Because routers
work at layer 3 of the OSI stack, it is possible for them to
transfer packets between different media types (i.e., leased lines,
Ethernet, token ring, X.25, Frame Relay and FDDI). Many routers
can also function as bridges.
04.14Q: So should I use a router or a bridge?
A: There is no absolute answer to this. Your network layout, type and
amount of hosts and traffic, and other issues (both technical and
non-technical) must be considered. Routing would always be
preferable to bridging except that routers are slower and usually
more expensive (due to the amount of processing required to look
inside the physical packet and determine which interface that
packet needs to get sent out), and that many applications use
non-routable protocols (i.e., NetBIOS, DEC LAT, etc.).
Rules of thumb:
Bridges are usually good choices for small networks with few, if
any, slow redundant links between destinations. Further, bridges
may be your _only_ choice for certain protocols, unless you have
the means to encapsulate (tunnel) the unroutable protocol inside
a routable protocol.
Routers are usually much better choices for larger networks,
particularly where you want to have a relatively clean WAN
backbone. Routers are better at protecting against protocol
errors (such as broadcast storms) and bandwidth utilization.
Since routers look deeper inside the data packet, they can also
make forwarding decisions based on the upper-layer protocols.
Occasionally, a combination of the two devices are the best way to
go. Bridges can be used to segment small networks that are
geographicly close to each other, between each other and the router
to the rest of the WAN.
04.15Q: Are there problems mixing Bridging & routing?
A: Only if you plan on having bridged links in parallel with routed
links. You need to be very careful about running bridges providing
links in parallel to a router. Bridges may forward broadcast
requests which will confuse the router there are lots of protocols
you may not think of filtering (e.g. ARP, Apple ARP over 802.3
etc. etc.). Also, DECnet routers have the same MAC address on all
ports. This will probably cause the bridge to think it is seeing
an Ethernet loop.
04.16Q: Who makes the fastest/easiest/most advanced bridges or routers?
A: The IETF runs bench marks on a wide selection of bridges and
routers. The results (and much of the testing itself) is handled
at Harvard University by Scott Bradner. [ed: anyone have the ftp
site address and path/filename for the benchmarks?]
04.17Q: What is a Kalpana EtherSwitch? Are there other devices like it?
A: A device that works sort of like a multisegment bridge, but with a
complicated internal bus that allows full crosspoint switching. A
Kalpana or other such switch is exactly equivalent to a fully
connected mess of simple bridges among the Ethernets. A 12-port
Kalpana or similar switch is obviously rather easier to use and
cheaper than the equivalent mesh of 132 simple bridges. However,
the EtherSwitch does not use the Spanning Tree Algorithm and,
therefore, cannot be used in situations where a bridging loop might
There are competing devices from other manufacturers, including
some that do implement the Spanning Tree Algorithm. For example,
Alantec has a multi-port bridge/router supporting 12 segments with
full spanning tree and snmp and it runs at about ethernet speeds.
04.18Q: What is a driver?
A: Typically the software that allows an Ethernet card in a computer
to decode packets and send them to the operating system and encode
data from the operating system for transmission by the Ethernet
card through the network. By handling the nitty-gritty hardware
interface chores, it provides a device-independent interface to the
upper layer protocols, thereby making them more universal and
[allegedly] easier to develop and use. There are many other
meanings to this word, but this is probably what you are looking
04.19Q: What is NDIS, packet driver, ODI.?
A: NDIS is a Microsoft/3com puppy that allows "stacking" of multiple
protocols for a single underlying driver. Essentially it allows a
single Ethernet card in a PC (it's not limited to Ethernet) to
speak many different network "languages", and usually at the same
A packet driver is another method of allowing multiple protocols to
access the network interface at the same time. Developed and
supported by FTP Software Inc, Clarkson University, BYU and, more
recently, Crynwr Software, the packet driver spec (PDS) is used to
provide a device independent interface to various TCP/IP
applications, and often in combination with concurrent Novell
ODI is Novell and Apple's equivalent of NDIS. There are
differences between the two specs, but not so much as to warrant
description in this text.
The next logical question is "which one should I use?" There is no
simple or obvious answer, except that you should use the one most
commonly required by your software.
05.01Q: What means SQE? What is it for?
A: SQE is the IEEE term for a collision. (Signal Quality Error)
05.02Q: What means SQE Test? What means heartbeat? What are they for?
A: SQE Test (a.k.a. heartbeat) is a means of detecting a transceiver's
inability to detect collisions. Without SQE Test, it is not
possible to determine if your collision detector is operating
properly. SQE Test is implemented by generating a test signal on
the collision pair from the transceiver (or its equivalent)
following every transmission on the network. It does not generate
any signal on the common medium.
The problem with SQE Test is that it is not part of the Ethernet
Version 1.0 specification. Therefore, Version 1.0 equipment may
not function with transceiver that generates the SQE Test signal.
Additionally, IEEE 802.3 specifications state that IEEE 802.3
compliant repeaters must not be attached to transceivers that
generate heartbeat. (This has to do with a jam signal that
prevents redundant collisions from occurring on the network).
Therefore, you must usually turn-off SQE Test (heartbeat) between
the transceiver and an 802.3 repeater.
05.03Q: What means "IPG"?
A: The InterPacket Gap (more properly referred to as the InterFrame
Gap, or IFG) is an enforced quiet time of 9.6 us between
transmitted Ethernet frames.
05.04Q: What means "promiscuous mode"?
A: Promiscuous mode is a condition where the network interface con-
troller will pass all frames, regardless of destination address, up
to the higher level network layers. Normally the network
controller will only pass up frames that have that device's
destination address. However, when put in promiscuous mode, all
frames are passed on up the network stack regardless of destination
address. Promiscuous mode is usually used by network monitoring
tools and transparent bridges (and, frequently, by network crackers
trying to snatch passwords, or other data they're normally not able
to see, off the wire).
05.05Q: What is a runt?
A: A packet that is below the minimum size for a given protocol. With
Ethernet, a runt is a frame shorter than the minimum legal length
of 60 bytes (at Data Link).
05.06Q: What causes a runt?
A: Runt packets are most likely the result of a collision, a faulty
device on the network, or software gone awry.
05.07Q: What is a jabber?
A: A blanket term for a device that is behaving improperly in terms of
electrical signalling on a network. In Ethernet this is Very Bad,
because Ethernet uses electrical signal levels to determine whether
the network is available for transmission. A jabbering device can
cause the entire network to halt because all other devices think it
05.08Q: What causes a jabber?
A: Typically a bad network interface card in a machine on the network.
In bizarre circumstances outside interference might cause it.
These are very hard problems to trace with layman tools.
05.09Q: What is a collision?
A: A condition where two devices detect that the network is idle and
end up trying to send packets at exactly the same time. (within 1
round-trip delay) Since only one device can transmit at a time,
both devices must back off and attempt to retransmit again.
The retransmission algorithm requires each device to wait a random
amount of time, so the two are very likely to retry at different
times, and thus the second one will sense that the network is busy
and wait until the packet is finished. If the two devices retry at
the same time (or almost the same time) they will collide again,
and the process repeats until either the packet finally makes it
onto the network without collisions, or 16 consecutive collision
occur and the packet is aborted.
05.10Q: What causes a collision?
A: See above. Ethernet is a CSMA/CD (Carrier Sense Multiple Access/
Collision Detect) system. It is possible to not sense carrier from
a previous device and attempt to transmit anyway, or to have two
devices attempt to transmit at the same time; in either case a
collision results. Ethernet is particularly susceptible to
performance loss from such problems when people ignore the "rules"
for wiring Ethernet.
05.11Q: How many collisions are too many?
A: This depends on your application and protocol. In many cases,
collision rates of 50% will not cause a large decrease in perceived
throughput. If your network is slowing down and you notice the
percentage of collisions is on the high side, you may want try
segmenting your network with either a bridge or router to see if
05.12Q: How do I reduce the number of collisions?
A: Disconnect devices from the network. Seriously, you need to cut-
down on the number of devices on the network segment to affect the
collision rate. This is usually accomplished by splitting the
segment into two pieces and putting a bridge or router in between
05.13Q: What is a late collision?
A: A late collision occurs when two devices transmit at the same time,
but due to cabling errors (most commonly, excessive network segment
length or repeaters between devices) neither detects a collision.
The reason this happens is because the time to propagate the signal
from one end of the network to another is longer than the time to
put the entire packet on the network, so the two devices that cause
the late collision never see that the other's sending until after
it puts the entire packet on the network. Late collisions are
detected by the transmitter after the first "slot time" of 64 byte
times. They are only detected during transmissions of packets
longer than 64 bytes. It's detection is exactly the same as for a
normal collision; it just happens "too late."
Typical causes of late collisions are segment cable lengths in
excess of the maximum permitted for the cable type, faulty
connectors or improper cabling, excessive numbers of repeaters
between network devices, and defective Ethernet transceivers or
Another bad thing about late collisions is that they occur for
small packets also, but cannot be detected by the transmitter. A
network suffering a measurable rate of late collisions (on large
packets) is also suffering lost small packets. The higher
protocols do not cope well with such losses. Well, they cope, but
at much reduced speed. A 1% packet loss is enough to reduce the
speed of NFS by 90% with the default retransmission timers. That's
a 10X amplification of the problem.
Finally, Ethernet controllers do not retransmit packets lost to
05.14Q: What is a jam?
A: When a workstation receives a collision, and it is transmitting, it
puts out a jam so all other stations will see the collision also.
When a repeater detects a collision on one port, it puts out a jam
on all other ports, causing a collision to occur on those lines
that are transmitting, and causing any non-transmitting stations to
wait to transmit.
05.15Q: What is a broadcast storm?
A: An overloaded term that describes an overloaded protocol. :-).
Basically it describes a condition where devices on the network are
generating traffic that by its nature causes the generation of even
more traffic. The inevitable result is a huge degradation of
performance or complete loss of the network as the devices continue
to generate more and more traffic. This can be related to the
physical transmission or to very high level protocols.