Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Ethernet Interfaces

Learn about Ethernet technology used to broadcast traffic on security devices, static ARP entries, creating and deleting the Ethernet interface, and enabling and disabling the promiscuous mode on these interfaces. Also learn about Aggregated Ethernet Interfaces

Ethernet Interfaces Overview

Ethernet is a Layer 2, point-to multipoint technology that operates in a shared bus topology, supports broadcast transmission, and has distributed access control.

In a shared bus topology, all devices connect to a single, shared physical link through which all data transmissions are sent. The devices within a single Ethernet topology make up a broadcast domain.

The physical hardware does not provide information to the sender about incoming and lost traffic. Higher layer protocols such as TCP/IP can provide this type of notification.

Table 1: Types of Ethernet Interfaces
Types Description

Ethernet Access Control and Transmission

  • Ethernet’s access control is distributed.

  • Uses carrier-sense multiple access with collision detection (CSMA/CD) mechanism.

  • If there is no transmission host begins transmitting its own data.

  • Length of each transmission is determined by fixed Ethernet packet size.

  • Enforces a minimum idle time between transmissions.

  • Ensures there is no interruption in sending and receiving traffic.

Collisions and Detection

  • Delay, or latency, in transmitting traffic results in collision of two electrical signals.

  • Signals are scrambled so that both transmissions are effectively lost

    .

  • Two types include: Collision detection and Backoff Algorithm

    • Collision detection refers to link monitoring while the devices are transmitting data. The device transmits data during the idle state on the wire.

    • Binary exponential backoff algorithm helps each device, sending a colliding transmission randomly, select a value within a range. The value represents the number of transmission times that the device must wait before retransmitting its data. Each time a collision occurs, the range of values doubles.

Collision Domains and LAN Segments

  • Multiple collision domains can be interconnected by repeaters, bridges, and switches if the length of an Ethernet cable restrict the length of a LAN segment.

  • Repeaters are electronic devices that act on analog signals and relay all electronic signals. Ethernet specification restricts the number of repeaters to two. A single repeater can double the distance between two devices on an Ethernet network.

  • Bridges and switches combine LAN segments into a single Ethernet network by using multiple ports to connect the physical wires in each segment.

  • Bridges provide more management and interface ports.

  • Bridge tracks the source MAC address of the packets and stores the addresses and their associated input ports in an interface table.

  • The bridge examines its interface table and takes one of the following actions:

    • If the destination address does not match an interface table address, the bridge transmits the packet to all hosts on the network using the Ethernet broadcast address.

    • If the destination address matches the port with receiving packet, the bridge or switch discards the packet. The bridge does not need to retransmit it.

    • If the destination address maps to a port other than the one through which the packet was received, the bridge transmits the packet through the appropriate port to the corresponding LAN segment.

  • Combination of all the LAN segments within an Ethernet network is called broadcast domain.

  • When you use a bridge or switch, the broadcast domain consists of the entire LAN.

Table 2

Table 2: Collision Backoff Algorithm Rounds

Round

Size of Set

Elements in the Set

1

2

{0,1}

2

4

{0,1,2,3}

3

8

{0,1,2,3,...,7}

4

16

{0,1,2,3,4,...,15}

5

32

{0,1,2,3,4,5,...,31}

6

64

{0,1,2,3,4,5,6,...,63}

7

128

{0,1,2,3,4,5,6,7,...,127}

8

256

{0,1,2,3,4,5,6,7,8,...,255}

9

512

{0,1,2,3,4,5,6,7,8,9,...,511}

10

1024

{0,1,2,3,4,5,6,7,8,9,10,...,1023}

Ethernet Frames

Data is transmitted through an Ethernet network in frames. The frames are of variable length, ranging from 64 octets to 1518 octets, including the header, payload, and cyclic redundancy check (CRC) value.Figure 1 shows the Ethernet frame format.

Figure 1: Ethernet Frame FormatEthernet Frame Format

Ethernet frames have the following fields:

  • The preamble (PRE) field is 7 octets of alternating 0s and 1s. The predictable format in the preamble allows receiving interfaces to synchronize themselves to the data being sent. The preamble is followed by a 1-octet start-of-frame delimiter (SFD).

  • The destination address (DA) and source address (SA) fields contain the 6-octet (48-bit) MAC addresses for the destination and source ports on the network. These Layer 2 addresses uniquely identify the devices on the LAN.

  • The Length/Type field is a 2-octet field that either indicates the length of the frame's data field or identifies the protocol stack associated with the frame. Here are some common frame types:

    • AppleTalk—0x809B

    • AppleTalk ARP—0x80F3

    • DECnet—0x6003

    • IP—0x0800

    • IPX—0x8137

    • Loopback—0x9000

    • XNS—0x0600

  • The Data field contains the packet payload.

  • The frame check sequence (FCS) is a 4-octet field that contains the calculated CRC value. This value is calculated by the originating host and appended to the frame. When it receives the frames, the receiving host calculates the CRC and checks it against this appended value to verify the integrity of the received frame.

  • On SRX650 devices, MAC pause frame and FCS error frame counters are not supported for the interfaces ge-0/0/0 through ge-0/0/3. (Platform support depends on the Junos OS Release in your installation.)

Promiscuous Mode

  • When you enable promiscuous mode on a Layer 3 Ethernet interface, all received packets on are sent to the central point or Services Processing Unit (SPU) regardless of the destination MAC address of the packet.

  • You can also enable promiscuous mode on chassis cluster redundant Ethernet interfaces and aggregated Ethernet interfaces.

  • If you enable promiscuous mode on a redundant Ethernet interface, it is enabled on any child physical interfaces. If you enable promiscuous mode on an aggregated Ethernet interface, it is enabled on all member interfaces.

  • Promiscuous mode function is supported on 1-Gigabit, 10-Gigabit, 40-Gigabit, and 100-Gigabit Ethernet interfaces on the I/O cards (IOCs) and the SRX5000 line Module Port Concentrator (SRX5K-MPC).

  • By default, an interface enables MAC filtering. You can configure promiscuous mode on the interface to disable MAC filtering. When you delete the configuration, the interface will perform MAC filtering again.

  • You can change the interface MAC address when the interface is operating in promiscuous mode. When the interface is operating in normal mode, the MAC filtering function on the IOC uses the new MAC address to filter the packets.

Example: Configure Ethernet Interface

Overview

Table describes the steps to create and (optional) delete Ethernet interfaces on your routing device.

Table 3: Ethernet Interfaces Configuration

Configuration Step

Command

Step 1: Create the Ethernet interface and set the logical interface.

 
[edit]
user@host# edit interfaces ge-1/0/0 unit 0

Step 2: If you are done configuring the device, commit the configuration.

 
[edit]
user@host# commit

Step 3: (Optional) Specify the interface you want to delete.

 
[edit]
user@host# delete interfaces ge-1/0/0

Step 4: If you are done configuring the device, commit the configuration. 

[edit]
user@host# commit

Example: Configuring Promiscuous Mode on the SRX5K-MPC

This example shows how to configure promiscuous mode on an SRX5K-MPC interface in an SRX5600 to disable MAC address filtering.

CLI Quick Configuration

Below table specifies the CLI quick configuration commands used for configuring and disabling promiscuous mode on SRX5K-MPC interface .

Table 4: CLI Quick Configuration

Configuration Step

CLI Quick Configuration Commands
Configure promiscuous mode on the interface 
set interfaces et-4/0/0 unit 0 family inet address 10.1.1.1/24
set interfaces et-4/0/0 promiscuous-mode
Disable promiscuous mode on an interface 
user@host# delete interfaces et-4/0/0 promiscuous-mode

Configure Promiscuous Mode on an Interface

Below table describes the step-by-step to configure promiscuous mode on an interface on your security device.

Table 5: Promiscuous Mode Configuration

Configuration Step

Command

Step 1: Configure the ingress interface.

 
[edit interfaces]
user@host# set et-4/0/0 unit 0 family inet address 10.1.1.1/24

Step 2: Enable promiscuous mode on the interface.

 
[edit interfaces]
user@host# set et-4/0/0 promiscuous-mode

Step 3: (Optional) Disable promiscuous mode on the interface.

 
[edit]
user@host# delete interfaces et-4/0/0 promiscuous-mode

Use the show interfaces command to see the output of the configuration.

Verification

Purpose

Verify that promiscuous mode is enabled, its status, on the interface and disabled on the interface.

Action

  • To display information about the parameters configured on promiscuous mode Interface.

    The Interface flags: Promiscuous field shows that promiscuous mode is enabled on the interface.

  • Verify that promiscuous mode works on the et-4/0/0 interface. Send traffic into the et-4/0/0 interface with a MAC address that is different from the interface MAC address and turn on promiscuous mode. From operational mode, enter the monitor interface traffic command.

    The input packets and pps fields show that traffic is passing through the et-4/0/0 interface as expected after promiscuous mode is enabled.

  • Verify that disabled promiscuous mode works on the et-4/0/0 interface. Send traffic and turn off the promiscuous mode.

    The pps field shows that the traffic is not passing through the et-4/0/0 interface after promiscuous mode is disabled.

Related Documentation