Four different frame types exist in the world of Ethernet, mainly a result of different implementations created for different purposes at different times. Ethernet frame types include Ethernet 802.3, Ethernet 802.2, Ethernet II, and Ethernet SNAP. When two systems need to communicate on an Ethernet network, they must be using a common frame format. The confusion as to when a given Ethernet frame type is used is generally a result of different vendors and standards bodies moving in different directions. So how do you know which frame type will be used on a given network? That depends. Sometimes you can configure the interface to use a certain frame type with a certain upper-layer protocol (such as IPX). In other cases, a vendor or organization will choose the frame type to be used with a particular upper level protocol. For example, TCP/IP will always attempt to use Ethernet II, as defined by the Internet Engineering Task Force (IETF). For their Cisco Discovery Protocol (CDP), Cisco uses Ethernet SNAP framing. For the most part, network equipment will be able to handle multiple frame types on a single interface. In all cases, the minimum Ethernet frame size is 64 bytes, while the maximum size is 1518 bytes. Anything smaller than 64 bytes is invalid and referred to as a “runt”, while frames over 1518 bytes are also invalid and considered “giants”.
What’s the difference between the various frame types? Different frame types may include header fields that were created to address different technical challenges. In all Ethernet frame types you’ll find five main elements – a preamble, start of frame delimiter, header, data, and trailer. Each of these is described below:
- Preamble. The purpose of the 7-byte preamble is to mark the beginning of a frame and to enable synchronization between a sender and receiver.
- Start of Frame Delimiter. The 1-byte SOF field always ends in binary 11 to notify that the next bits represent the beginning of the destination MAC address.
- Header. At a minimum, the header will contain the source and destination MAC addresses (6 bytes each), as well as an extra 2-byte field. Various frame types use this extra field differently, as we’ll discuss shortly.
- Data. The data portion houses everything that was encapsulated by the upper-layer protocols prior to being passed down for framing.
- Trailer. An Ethernet trailer consists of a Frame Check Sequence (FCS). This is where the Cyclic Redundancy Check (CRC) value is held that will be used to confirm that the frame has not been corrupted when it reaches its destination.
Now that we know the elements that are common to every frame, you need to be able to recognize the differences between the four main types.
The Ethernet II frame type is by far the most simple. Those extra 2 bytes in the Ethernet header described earlier are used for a Type field in Ethernet II. The Type field simply identifies the upper layer protocol to which data should be passed. For example, a Type field of hex 0800 represents IP, while 8137 means that data is meant for IPX.
Figure: Ethernet II frame.
The Ethernet 802.3 frame was originally created by Novell for use with the IPX protocol, and was later standardized by the IEEE. Because these frames don’t contain any LLC information, they are sometimes referred to as Ethernet RAW. These frames contain a 2-byte Length field instead of a Type field – they automatically assume that the upper-layer protocol is IPX, and do not work with other upper layer protocols.
Figure: Ethernet 802.3 frame.
Ethernet 802.2 (SAP)
In order to provide a greater deal of flexibility with Ethernet framing, the IEEE defined what is known as the 802.2 Logical Link Control (LLC), the upper sub-layer of the Data Link Layer. At first glance an 802.2 frame may look like an 802.3 frame, since it has a length field. However, the first part of the data portion of an 802.2 Ethernet frame actually contains LLC information in the form of Source Service Access Point (SSAP), Destination Service Access Point (DSAP), and Control information.
Figure: Ethernet 802.2 frame.
As you’ll recall, the Logical Link Control SSAP and DSAP fields are used by the LLC sub-layer to interact with Network layer protocols. Examples of SAP codes include F0 for NetBIOS, 06 for IP, and E0 for IPX – again, all codes are represented in hexadecimal.
The final Ethernet frame type, Ethernet SNAP (which stands for Sub Network Access Protocol) was developed as a result of compatibility issues. Given that many vendors had been using the Ethernet II frame types for their upper layer protocols before 802.2 was standardized, they were left with a 1-byte SAP field where they had previously used a 2-byte Type field. This made moving to the new standard difficult, so the IEEE came up with the Ethernet SNAP frame type. Ethernet SNAP allows a higher degree of flexibility for proprietary protocols. The Ethernet SNAP frame type is commonly used with AppleTalk.
If you look at an Ethernet SNAP frame, you’ll notice that the SSAP and DSAP fields are always set to AA. These codes identify it as a SNAP frame. The command field always has a value of three, which specifies connectionless LLC service. Following this is the Organizationally Unique Identifier (OUI) field, which is used to define the organization that created the upper layer protocol. The Type field provides the same function as the Type field in an Ethernet II frame. When all is said and done, the SNAP information uses up 5 extra bytes of the data portion of an Ethernet frame.
Figure: Ethernet SNAP frame.