Collision Domains and Broadcast Domains 299
Table 5-7 lists the average number of broadcast and multicasts for IP networks.
Although the numbers in Table 5-7 might appear low, they represent an average, well-
designed IP network that is not running the Routing Information Protocol (RIP). When
broadcast and multicast traffic peak because of storm behavior, peak CPU loss can be
orders of magnitude greater than average. Broadcast storms can be caused by a device
requesting information from a network that has grown too large. So many responses
are sent to the original request that the device cannot process them, or the first request
triggers similar requests from other devices that effectively block normal traffic flow
on the network.
An IP router is a router or workstation that runs any distance vector routing protocol.
Some administrators configure all workstations to run RIP (a routing protocol) as a
redundancy and reachability policy. Every 30 seconds, RIP uses broadcasts to retrans-
mit the entire RIP routing table to other RIP routers. If a large number of routers were
configured to run RIP and, on average, 50 packets were required to transmit the routing
table, the routers would generate 3333 broadcasts per second. Most network adminis-
trators configure only a small number of routers—usually five to ten—to run RIP. For
a routing table that has a size of 50 packets, 10 RIP routers would generate about 16
broadcasts per second. (Routing protocols and routing table are discussed in Chapter 8,
“Routing Fundamentals and Subnets.”)
IP multicast applications adversely can affect the performance of large, scaled, switched
networks. Although multicasting is an efficient way to send a stream of multimedia
data to many users on a shared-media hub, it affects every user on a flat-switched net-
work. A flat-switched network is a network of interconnected switches that does not
utilize Layer 3 routing or something similar. A particular packet video application
can generate a 7-megabyte (MB) stream of multicast data that, in a switched network,
would be sent to every segment, resulting in severe congestion.
Table 5-7 Average Number of Broadcast and Multicasts for IP Networks
Number of Hosts
Average Percentage of
CPU Loss Per Host

100 0.14
1000 0.96
10,000 9.15
1102.book Page 299 Tuesday, May 20, 2003 2:53 PM
300 Chapter 5: Ethernet Fundamentals
Broadcast Domains
A broadcast domain is a grouping of collision domains that are connected by Layer 2
devices. Breaking up a LAN into multiple collision domains improves network efficiency
by allowing multiple transmissions of data simultaneously on separate collision domains.
But broadcasts travel across the Layer 2 devices and, if excessive, can reduce the effi-
ciency of the overall LAN. Broadcasts must be controlled at Layer 3 because Layer 1
and 2 devices have no way of controlling them. The total size of a broadcast domain
can be identified by looking at all of the collision domains that the same broadcast frame
is processed by. In other words, all the nodes are a part of that network segment bounded
by a Layer 3 device. Broadcast domains are controlled at Layer 3 because routers do not
forward broadcasts. In Figure 5-34, the router will not forward the broadcast from the
blue-highlighted workstation in the left side to the hosts on the right.
Routers actually work at Layers 1, 2, and 3. Like all Layer 1 devices, they have a phys-
ical connection to and transmit data onto the medium. They have a Layer 2 encapsula-
tion on all interfaces and perform just like any other Layer 2 device. Layer 3 allows the
router to segment broadcast domains.
For a packet to be forwarded through a router, it must have been processed already by
Layer 2, and the frame information must have been stripped off. Layer 3 forwarding is
based on the destination IP address, not the MAC address. For a packet to be forwarded,
it must contain an IP address that is outside the range of addresses assigned to the LAN
segment, and the router must have a destination to send the specific packet to in its
routing table.
Introduction to Data Flow
Data flow in the context of collision and broadcast domains focuses on how data frames
propagate through a network. It refers to the movement of data through Layer 1, 2, and

3 devices, as well as how data must be encapsulated to effectively make that journey.
Remember that data is encapsulated at the network layer with an IP source and destina-
tion address, and at the data link layer with a MAC source and destination address.
The basic rule to follow here is that a Layer 1 device always forwards the frame, a
Layer 2 device wants to forward the frame (in other words, it forwards unless some-
thing prevents it), and a Layer 3 device does not forward unless it has to. Using this
rule helps identify how data flows through a network.
1102.book Page 300 Tuesday, May 20, 2003 2:53 PM
Collision Domains and Broadcast Domains 301
Figure 5-34 Broadcast Domain Segmentation
Layer 1 devices (repeaters and hubs) do no filtering, so everything that is received is
passed on to the next segment. The frame simply is regenerated and retimed. and thus
returned to its original transmission quality. Any segments connected by Layer 1 devices
are part of the same domain, both collision and broadcast.
Layer 2 devices (bridges and switches) filter data frames based on the destination MAC
address. A frame is forwarded if it is going to an unknown destination (outside the col-
lision domain). The frame also is forwarded if it is a broadcast, multicast, or unicast
going outside the local collision domain. The only time that a frame is not forwarded
is when the Layer 2 device finds that the sending host and the receiving host are in the
same collision domain. A bridging device (Layer 2) creates multiple collision domains
but maintains only one broadcast domain.
Layer 3 devices (routers and some high-end switches) filter data packets based on
IP destination address. The only way that a packet is forwarded is if its destination IP
chpt_05.fm Page 301 Tuesday, May 27, 2003 9:09 AM
302 Chapter 5: Ethernet Fundamentals
address is outside the broadcast domain and the router has an identified location to
send the packet. A Layer 3 device creates multiple collision and broadcast domains.
Data flow through a routed IP-based network involves data moving across traffic-
management devices at Layers 1, 2, and 3 of the OSI model Layer 1 is used for trans-
mission across the physical medium, Layer 2 is used for collision domain management,

and Layer 3 is used for broadcast domain management. Figure 5-35 shows data flowing
from Workstation X through Routers A, B, and C to Workstation Y.
Figure 5-35 Data Flow Through a Network
Network Segment
As with many terms and acronyms, segment has multiple meanings. The dictionary
definition of the term is as follows:
■ A separate piece of something
■ One of the parts into which an entity or quantity is divided or marked off by,
or as if by natural boundaries
In the context of data communication, the following definitions are used:
■ Section of a network that is bounded by bridges, routers, or switches.
■ In a LAN using a bus topology, a continuous electrical circuit that is often
connected to other such segments with repeaters.
1102.book Page 302 Tuesday, May 20, 2003 2:53 PM
Collision Domains and Broadcast Domains 303
■ Term used in the TCP specification to describe a single transport layer unit of
information. The terms datagram, frame, message, and packet also are used to
describe logical information groupings at various layers of the OSI reference
model and in various technology circles.
Figure 5-36 illustrates the three definitions of the term segment within the content of
the data communication.
Figure 5-36 Segments
To define the term segment properly, the context of the usage must be presented with
the word. If segment is used in the context of TCP, it is defined as a separate piece of
the data. If segment is being used in the context of physical networking media in a
routed network, it is seen as one of the parts or sections of the total network.
1102.book Page 303 Tuesday, May 20, 2003 2:53 PM
304 Chapter 5: Ethernet Fundamentals
Summary
The following key points were presented in this section:

■ The Institute of Electrical and Electronic Engineers (IEEE) is a professional
organization that defines network standards. IEEE LAN standards are the best-
known IEEE communication standards and are the predominant LAN standards
in the world today.
■ The IEEE divides the OSI data link layer into two separate sublayers: Media
Access Control (MAC) and Logical Link Control (LLC).
■ Ethernet uses the MAC address, which is the physical address located on a NIC.
■ Framing helps obtain essential information that could not otherwise be obtained
with coded bit streams alone.
■ Two broad categories of Media Access Control exist: deterministic (taking turns)
and nondeterministic (first come, first served).
■ Ethernet uses carrier sense multiple access collision detect (CSMA/CD).
■ Half-duplex transmission enables signals to travel in either direction, but not in
both directions simultaneously. Full-duplex transmission enables data to be sent
and received at the same time.
■ Using a shared-media environment can cause traffic congestion that leads to
network inefficiency.
■ The most common (and usually benign) error condition on an Ethernet is the
collision.
■ The main Ethernet frame error types that can be captured through a protocol-
analysis session are local collision, remote collision, and late collision.
■ Situations that are considered Ethernet errors are jabber, long frame, short frame,
runts, FCS errors, alignment error, and range error.
■ The fundamental grouping of devices in a shared-media environment is a
collision domain.
■ Collision domains can be segmented to reduce congestion and improve network
efficiency.
■ Collision domains are segmented by both Layer 2 and Layer 3 devices.
■ Broadcasts are designed to travel throughout collision domains and can cause
network inefficiency.

■ Broadcast domains can be segmented by using Layer 3 devices.
1102.book Page 304 Tuesday, May 20, 2003 2:53 PM
Summary 305
■ Data flow is controlled by data encapsulation in conjunction with Layer 2 and
Layer 3 devices.
■ Definitions of networking terms and acronyms must be defined in context, not
as isolated terms.
To supplement all that you’ve learned in this chapter, refer to the chapter-specific Videos,
PhotoZooms, and e-Lab Activities on the CD-ROM accompanying this book.
1102.book Page 305 Tuesday, May 20, 2003 2:53 PM
306 Chapter 5: Ethernet Fundamentals
Key Terms
10-Gb Ethernet Built on the Ethernet technology used in most of today’s LANs, 10-Gb
Ethernet is described as a technology that offers a more efficient and less expensive
approach to moving data on backbone connections between networks, while also
providing a consistent technology end to end. Ethernet now can step up to offering
data speeds at 10 Gbps.
alignment error A message that does not end on an octet boundary.
backoff The retransmission delay enforced when a collision occurs.
broadcast A data packet that is sent to all nodes on a network. Broadcasts are
identified by a broadcast address.
broadcast domain A set of all devices that will receive broadcast frames originating
from any device within the set. Broadcast domains typically are bounded by routers
(or, in a switched network, by VLANs) because routers do not forward broadcast
frames.
collision In Ethernet, the result of two nodes transmitting simultaneously. The
frames from each device impact and are damaged when they meet on the physical
media. See also collision domain.
collision domain In Ethernet, the network area within which frames that have
collided are propagated. Repeaters and hubs propagate collisions; LAN switches,

bridges, and routers do not.
connectionless Data transfer without the existence of a virtual circuit.
CSMA/CD (carrier sense multiple access collision detect) A media-access mecha-
nism wherein devices ready to transmit data first check the channel for a carrier. If
no carrier is sensed for a specific period of time, a device can transmit. If two devices
transmit at once, a collision occurs and is detected by all colliding devices. This colli-
sion subsequently delays retransmissions from those devices for some random length
of time. CSMA/CD access is used by Ethernet and IEEE 802.3.
encapsulation Wrapping of data in a particular protocol header. For example, upper-
layer data is wrapped in a specific Ethernet header before network transit. Also, when
bridging dissimilar networks, the entire frame from one network simply can be placed
behind the header used by the data link layer protocol of the other network.
Ethernet A baseband LAN specification invented by Xerox Corporation and devel-
oped jointly by Xerox, Intel, and Digital Equipment Corporation. Ethernet networks
use CSMA/CD and run over a variety of cable types at 10, 100, and 1000 Mbps. Ether-
net is similar to the IEEE 802.3 series of standards.
1102.book Page 306 Tuesday, May 20, 2003 2:53 PM
Key Terms 307
Fast Ethernet Any of a number of 100-Mbps Ethernet specifications. Fast Ethernet
offers a speed increase 10 times that of the 10BASE-T Ethernet specification, while
preserving such qualities as frame format, MAC mechanisms, and MTU. Such similar-
ities allow the use of existing 10BASE-T applications and network-management tools
on Fast Ethernet networks. Fast Ethernet is based on an extension to the IEEE 802.3
specification.
FDDI (Fiber Distributed Data Interface) A LAN standard, defined by American
National Standards Institute (ANSI) 3T9.5, specifying a 100-Mbps token-passing
network using fiber-optic cable, with transmission distances of up to 2 km. FDDI
uses a dual-ring architecture to provide redundancy.
full duplex The capability for simultaneous data transmission between a sending
station and a receiving station.

ghost Fluke Networks coined this new term to mean energy (noise) detected on the
cable that appears to be a frame but that lacks a valid SFD. To qualify as a ghost, this
“frame” must be at least 72 octets long (including preamble); otherwise, it is classified
as a remote collision.
Gigabit Ethernet Standard for a high-speed Ethernet, approved by the IEEE 802.3z
standards committee in 1996.
half duplex A capability for data transmission in only one direction at a time
between a sending station and a receiving station.
header Control information placed before data when encapsulating that data for
network transmission.
IEEE 802.2 An IEEE LAN protocol that specifies an implementation of the LLC sub-
layer of the data link layer. IEEE 802.2 handles errors, framing, flow control, and the
network layer (Layer 3) service interface.
IEEE (Institute of Electrical and Electronic Engineers) A professional organization
whose activities include the development of communications and network standards.
IEEE LAN standards are the predominant LAN standards today.
IEEE 802.3 An IEEE LAN protocol that specifies an implementation of the physical
layer and the MAC sublayer of the data link layer. IEEE 802.3 uses CSMA/CD access
at a variety of speeds over a variety of physical media. Extensions to the IEEE 802.3
standard specify implementations for Fast Ethernet. Physical variations of the original
IEEE 802.3 specification include 10BASE2, 10BASE5, 10BASE-F, 10BASE-T, and
10BROAD36. Physical variations for Fast Ethernet include 100BASE-TX and
100BASE-FX.
1102.book Page 307 Tuesday, May 20, 2003 2:53 PM
308 Chapter 5: Ethernet Fundamentals
jabber Defined several places in the 802.3 standard as being a transmission of at least
20,000 to 50,000 bit-times in duration. However, most diagnostic tools report jabber
whenever a detected transmission exceeds the maximum legal frame size—which is
considerably smaller than 20,000 to 50,000 bit-times.
LLC (Logical Link Control) The higher of the two data link layer sublayers defined

by the IEEE. The LLC sublayer handles error control, flow control, framing, and
MAC-sublayer addressing. The most prevalent LLC protocol is IEEE 802.2, which
includes both connectionless and connection-oriented variants.
long frame A frame that is longer than the maximum legal size and that takes into
consideration whether the frame was tagged.
MAC (Media Access Control) The lower of the two sublayers of the data link layer
defined by the IEEE. The MAC sublayer handles access to shared media, such as
whether token passing or contention will be used. See also LLC.
MAC address A standardized data link layer address that is required for every device
that connects to a LAN. Other devices in the network use these addresses to locate
specific devices in the network and to create and update routing tables and data struc-
tures. MAC addresses are 6 bytes long and are controlled by the IEEE. Also known as
a hardware address, a MAC-layer address, or a physical address.
MTU (Maximum Transmission Unit) The maximum packet size, in bytes, that a
particular interface can handle.
OUI (organizationally unique identifier) Three octets assigned by the IEEE in a
block of 48-bit LAN addresses.
propagation delay The time required for data to travel over a network from its
source to its ultimate destination.
range error A frame that had a legal-size value in the Length field but that did not
match the actual number of octets counted in the Data field of the received frame.
segment A section of a network that is bounded by bridges, routers, or switches.
simplex The capability for transmission in only one direction between a sending
station and a receiving station. Broadcast television is an example of a simplex
technology.
SNMP (Simple Network Management Protocol) A network-management protocol
used almost exclusively in TCP/IP networks. SNMP provides a means of monitoring
and controlling network devices and managing configurations, statistics collection,
performance, and security.
1102.book Page 308 Tuesday, May 20, 2003 2:53 PM