Unicasts, Multicasts, and Broadcasts

When traffic is passed between hosts on a network, three different transmission mechanisms are possible. These include unicasts, multicasts, and broadcasts.


A unicast is the most simple network transmission. As the name suggests, it is a direct transmission from one system to one other system only. As such, the destination address will always uniquely identify a single host for whom the data is meant. In a shared Ethernet environment (where a system might be exposed to all frames), systems would check to see whether the destination MAC address matched their own. If it did, it would process the frame. If not, it would discard the frame. On an IP-based network, the address represents a unicast address.


Unlike unicasts, which are meant for a single host, a multicast is meant for a group of systems. Think of multicasts as a one-to-many transmission method. Multicasts are generally used when traffic such as video needs to be passed to many hosts at the same time. In this way, a sender would transmit a single stream of data, which would in turn be picked up by many different hosts. On IP networks, a special group of addresses is reserved for multicasting, those in the Class D range. When multiple hosts need to receive a multicast, they are all configured with an identical multicast IP address. When they receive traffic destined for this shared address, they process it. Do not confuse a multicast address with a regular IP address. In this example, all systems still have a unique IP address, but also “listen in” on a configured multicast address.


The final type of network transmission is a broadcast. Quite simply, a broadcast is a transmission destined for all hosts. A special destination address designates a broadcast – in Ethernet, the broadcast address is FF-FF-FF-FF-FF-FF. When a host sees frames with this destination MAC address, it knows it has to process the frames. While excessive broadcasts on a network are generally undesirable, many network services depend on this type of transmission.

Network Routers

The main function of a router is to determine the path that packets should take in attempting to get from one network to another. A router will always have at least two physical interfaces, but depending on the model may have many more. For example, a router may have one Ethernet, one Token Ring, and one serial interface – each of which connects to a different network. By default, a router will know about the networks on which it has a configured interface, and will be able to forward packets between them. When a router doesn’t connect directly to a network, it needs to know where to forward a packet next – this would be another router, referred to as the next hop. Consider the very basic routing table shown below.

Basic routing table:

Network Interface / Next Hop E0 T0 S0

In the table above, we can see the following:

  • Network is connected to the Ethernet interface
  • Network is connected to the Token Ring interface
  • Network is connected to the Serial interface
  • Network can be reached by sending packets to IP address, the next router in the path to that network.

This doesn’t mean that network is directly connected to the next router – in fact, a packet may be forwarded to many other routers on its journey. The only thing this particular router knows is that the next place to send the packet is the address – once there, it’s up to that router to figure out where the packet gets forwarded to next.

Note that since it exists at Layer 3, a router is concerned with network (or logical) addressing. As such, a router doesn’t forward packets based on MAC address, but instead on the addressing of the routed protocol in use – for example IP, IPX, or AppleTalk. When a router receives a packet, it inspects the destination network address, and forwards the packet according to information found in its routing table. Ultimately the packet should reach the router that is connected to the destination network, where it will be forwarded to the destination host.

The actual communication process that takes place when two systems communicate over a network with routers is a bit more complex. Consider the figure below, where two hosts communicate through a single router.

Figure: Hosts communicating via router.

In the example, Computer A needs to send a packet to Computer B using TCP/IP. Notice that Router 1 is connected to the two networks on which these hosts reside. The following steps outline the basic process that will take place in getting the packet from A to B.

  1. Computer A will first determine that Computer B is on a different network, based on the destination address. At the Network layer, it will add source and destination IP addresses to the packet. In this case, the source is the IP address of A, while the destination is the IP address of B.
  2. Given that Computer B is on a remote network, Computer A will need to forward the packet to the router, its configured default gateway. Before it can send the data to the router, it still needs to frame the packet. As such, source and destination MAC addresses need to be added. In this case, the source MAC address will be that of Computer A, while the destination address will be that of interface X on the router.
  3. Once the frame has reached the router, it will strip away the MAC addressing and pass the packet up to the network layer. At this point, the router will determine the route to the destination network using its routing table.
  4. Before sending the packet out interface Y, it will need to be reframed. The new source and destination MAC addresses must still be added. In this case, the source MAC address will now be that of router interface Y, while the destination MAC address will be that of Computer B.

Note that the source and destination IP addresses never changed in the example above. Striping away and recreating the MAC framing would have happened at each router had there been many in the path between Computers A and B. The process of route determination and reframing at each router is what makes routing approximately 30-40% slower than switching.

On a small network, you might manually define the next hop to each network in a router’s routing table. However, as an internetwork grows, this gets much more complex and also does nothing to account for network failures. On a large network, you’ll want routers to communicate with each other using routing protocols. Routing protocols allow routers to communicate with each other by dynamically exchanging information about the networks that they know about. In this way, routers ‘learn’ from one another. Examples of routing protocols include Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Routing protocols are particularly helpful when a network error occurs. If a network path becomes unavailable (say due to a router failure), a router will find out about it via routing protocol updates (or lack of) and will switch to using a redundant path if one exists. The details of how routing protocols function will be looked at in Chapter 8.

Routers are best known for providing multiple paths to different networks and connecting networks that use different technologies. However, they are also capable of controlling network traffic using features such as access lists. Access lists allow you to control which hosts can communicate with different networks, as well as the types of traffic that can move between networks. Access lists will be looked at in detail in Chapter 9.

Another important responsibility of a router is to act as a demarcation point between broadcast domains. By default routers do not pass broadcasts, thus acting as a barrier that stops broadcasts from overwhelming an internetwork. What is a broadcast domain? A broadcast domain defines the group of computers to which a broadcast will travel. In the figure below, a broadcast sent by Computer A will go to all computers in its broadcast domain. Computer B, who is part of a completely separate broadcast domain, will never see it. Notice that the router in the diagram is what separates the broadcast domains.

Figure: Broadcast domains.

Tip: Remember that a router acts as a boundary between broadcast domains.

Network Switches

When you think of a switch, simply consider it to be a bridge with more ports. Their higher port density helps to make switches a practical and powerful performance replacement for hubs, though more expensive. Much like a bridge, ports on a switch define different collision domains. In this way, a network can be microsegmented into many very small collision domains, especially if each device is connected to its own dedicated port. If multiple systems are connected to a switch port via a hub, the hub-connected systems exist in the same collision domain. Note that while the switch helps to create a number of smaller collision domains, broadcasts and multicasts are still forwarded to all ports. The process by which a switch or bridge forwards broadcast or multicast traffic to all ports is sometimes referred to as “flooding”.

Figure: Switch collision domains.

When a frame enters a switch, the switch looks up the destination hardware address in its MAC table, and will only forward the frame to the port where the destination MAC address exists. If the switch doesn’t yet know about the destination address (perhaps because a system was just recently turned on), the switch will forward the frame to all ports, a concept referred to as flooding. Switching is usually handled by hardware referred to as Application Specific Integrated Circuits (ASICs). These special chips allow switching to take place at what is sometimes referred to as wire-speed. This offers significantly faster performance than a bridge, which usually stores its forwarding logic in software. Much like a bridge, a switch will also calculate the CRC on a frame to be sure it isn’t corrupt, though different configurations are possible. We’ll look at different switching methods in Chapter 3.

Tip: Remember that a bridge or switch segments a network into a greater number of smaller collision domains.

Switching significantly increases performance on a LAN, and replacing hubs with switches should be a primary consideration when attempting to improve network performance. In fact, if every device is connected to its own switch port, collisions will not occur, since every device will be in its own collision domain. The absence of collisions gives you the ability to make use of 100% of the available bandwidth. Consider the figure below. In it, users are connected directly to their own 10 Mbps switch port. The server is connected to a 100 Mbps port. In this scenario, each user has access to a full 10 Mbps of bandwidth to the server, collision free.

Figure: Switch with 10 and 100 Mbps ports.

You may have noticed that switches are often described according to an OSI layer – for example Layer 2 or Layer 3. A Layer 2 switch performs switching based on MAC addresses, as previously described. A Layer 3 switch does this as well, but also includes integrated routing functionality. Layer 3 switching concepts are looked at in detail in Chapter 8.

Tip: An Ethernet switch functions in a manner similar to a transparent bridge.

Network Bridges

As the size of LANs grow and the amount of traffic on a network begins to have a noticeable effect on performance, a new way is needed to help separate or segment traffic. A bridge is a Layer 2 device that acts as an intermediary to which different network segments (or sections) are attached. Used to separate traffic, the role of a bridge is to inspect all frames as they reach one of its interfaces, and make a decision on whether to forward these frames to other connected segments. It does this by examining the destination MAC or BIA (Burned In Address) address of frames that it encounters. MAC Addresses are also known as Physical addresses. If the destination MAC address is connected to the same segment as the sender, the bridge will not forward the frame, thus helping to reduce unnecessary traffic on other segments. Note that the bridge doesn’t change the frames; it simply makes forwarding decisions based on the destination MAC address. However, a bridge does do error checking on frames – it will calculate a value in the frame called the Cyclic Redundancy Check (CRC). The CRC is a calculation added to the frame by the sender and recomputed by bridges as well as the destination system. If the value is always the same, the frame is valid. If not, the frame is corrupt and will be discarded.

A bridge keeps track of all systems on its connected segments in something referred to as its MAC address table. This table specifies the segment on which a system with a given MAC address is located. On older bridges, these tables needed to be created manually by inputting MAC addresses. On more recent bridges, this table is created dynamically as the bridge inspects frames that it receives. It does this by also looking at the source MAC address of frames, and adding them to its table according to the interface on which they were received. The table below provides a basic example of a bridging table.

Example MAC address (bridging) table:

Interface MAC Address
E0 010123E4A201
E1 010123E5AB07
E1 010123F4121A
E2 010123C14298

Note in the example above that there are 3 active interfaces on the bridge, and that interface E1 (Ethernet 1) has two connected systems that the bridge currently knows about.

There are limitations to the magic of a bridge. Some traffic will be destined for all computers, while other traffic will be meant for a select group of computers (referred to as broadcasts and multicasts respectively); a bridge will always forward these types of traffic to all connected segments. To that end, it can be said that a bridge segments the network into different collision domains, while all systems remain part of the same broadcast domain.

What is a collision domain? The answer is incredibly simple. A collision domain is the group of network systems between which data collisions can occur. On an Ethernet network, for example, a collision can occur if two systems attempt to communicate at the same time. Obviously the higher the number of collisions, the worse a network will perform.

Consider the figure below, which shows a bridge separating two collision domains. Computers A and B are susceptible to having their data collide with each other. However, this will not affect Computer C, since frames between A and B will not be forwarded to other segments by the bridge. Computers A and B exist in one collision domain, while C exists in another. When a network is segmented into a number of smaller collision domains, performance can increase dramatically.

Figure: Collision domain diagram.

A number of different types of bridges exist, in order to meet different network requirements:

Transparent Bridge. This is by far the most common type of bridge. It is referred to as transparent because it simply inspects frames for the purpose of making forwarding decisions, but doesn’t change them. When started, a transparent bridge learns about the computers on its connected segments (and builds its MAC table) by inspecting the source MAC addresses of systems as frames are sent.

Translational Bridge. This type of bridge is used to connect segments that use different network technologies, such as Ethernet and Token Ring. A translational bridge will not only forward frames as necessary, but will also reframe packets for the underlying network when moving between segments using different technologies. On most networks today, however, segments with dissimilar technologies are usually connected using routers rather than bridges.

Remote Bridge. In cases where large geographic distances separate LANs, a dial-up or wireless link might be used to connect segments. This can be accomplished with remote bridges, which use the connection as a type of extension between LAN segments. Remember that because the device is only a bridge, broadcasts and multicasts will still be forwarded across this (relatively) slow link, and may adversely affect performance. Again, routers are more commonly used to connect remote locations.

Network Repeaters and Hubs

On any LAN or WAN you’re likely to come across a variety of different hardware devices. Examples include hubs, switches, and routers to name but a few. When considering any given piece of network equipment, it’s important to understand both the role it plays in the communication process, as well as how it relates to the OSI model. Furthermore, you should be able to explain why you might choose one piece of hardware over another. For example, you should be able to outline the reasons why a switch provides performance advantages over a hub. The equipment that we’re going to look at in this section includes repeaters, hubs, bridges, switches and routers.


Although you’re not likely to run into too many traditional LAN repeaters any more, they once served an important purpose. A repeater is a powered network device that exists for the purpose of regenerating a signal as it travels along the network, allowing longer distances to be spanned. As data travels over a network, signal strength tends to degrade as it moves farther along its path, a concept referred to as attenuation. When signals enter a repeater, the device boosts their strength, but doesn’t actually modify the data. Most commonly found on Ethernet bus networks using coaxial cable, repeaters are considered to exist at the Physical Layer of the OSI model.


A hub is a network connectivity device that you’re almost certainly familiar with. In the most basic sense, a hub is really nothing more than a multiport repeater. As signals are sent between systems connected to a hub, they are not only regenerated, but also forwarded out each port. In this way, all devices plugged into a hub are exposed to all traffic passing between systems, regardless of whether that traffic is actually relevant to them. Like repeaters, hubs are also considered to exist at the Physical Layer of the OSI model – they neither modify the data stream nor make any decisions. Instead, they act as a conduit by which systems can interconnect and communicate.

The limitations of a hub become evident as a network grows. While providing basic connectivity, a hub does nothing to prevent network collisions or broadcasts from reaching all connected systems. For this reason, all devices connected to a hub are considered to be part of the same broadcast domain and the same collision domain – concepts we’ll look at shortly. In order to be able to control traffic to a greater degree, you would need to implement devices capable of making forwarding decisions based on source or destination addresses. Examples of such devices include switches, bridges, and routers.

While you’re probably familiar with Ethernet hubs, there are a variety of hubs that exist for different network technologies, including Token Ring. In a Token Ring environment, systems are connected to something that looks similar to a hub, but is properly referred to as a Multi-Station Access Unit (MSAU). We’ll discuss the details of how an MSAU works in the Token Ring section. For now it is enough to understand that it is also a Physical Layer device.

Tip: Hubs and repeaters exist at the Physical Layer of the OSI model.

LANs and WANs

The most basic concept that you’ll need to understand before going any further is the difference between LANs and WANs. A Local Area Network represents a group of connected computers, usually within a given office or building. For the most part, LANs are distinguished by their limited geographic distance and relatively high transmission speeds – anywhere from less than ten and up to hundreds of megabits (millions of bits) per second. Common LAN technologies include Ethernet, Token Ring, and FDDI, each of which we’ll look at in this chapter.

Wide Area Networks interconnect LANs over great geographic distances, sometimes spanning the globe. WAN technologies differ from those found on a LAN, and are mainly characterized based on their ability to span large distances and lower relative speeds. For the most part, WANs rely on the infrastructure of telecommunications service providers to deliver connectivity over these long distances. Common speeds found on WANs vary widely, ranging anywhere from a few kilobits (thousands of bits) per second, up to multiple megabits (millions of bits) per second and higher. Examples of WAN technologies include simple dial-up modem connections, Frame Relay, ISDN, ATM, and others. WAN technologies and protocols will be looked at in detail in Chapter 11.

Networking Fundamentals

Whether you’re preparing for the CCNA or CCDA, the most critical requirement is a solid understanding of networking theory. While you personally may be more worried about router configuration or the related commands, do not underestimate the emphasis placed on general networking concepts. For all intents and purposes, your knowledge of these concepts will likely be the difference between passing and failing the exams, so be prepared.

There are a variety of elements involved in how communication happens between systems across an internetwork. These not only include equipment and cabling, but also topologies, transmission methods, and technologies. Take the time to understand these different elements and their responsibilities, and you’ll find both exams much less challenging, hopefully even simple.

The material to be covered in this chapter includes:

  • An overview of LANs versus WANs
  • An overview of basic network equipment including repeaters, hubs, bridges, switches, and routers
  • Network transmission methods
  • Network cable types and wiring standards
  • Media access methods
  • Network topologies
  • Ethernet