Ethernet – Is a Datagram from Upper Network Layer Converted 1:1 to Lower Layer?

ethernetlayer2layer3layer4tcp

I know datagrams from upper layers are converted to those of lower layers by adding metadata, but I cannot seem to find this information anywhere. Which one of the below is correct?

A single TCP segment is always converted to a single IP packet by adding IP header, which is in turn converted to a single Ethernet frame by adding Ethernet header (and footer). In other word, a datagram of an upper layer is converted to the payload of the datagram of the lower layer as a whole.
The network software groups all datagrams of an upper layer as a a bundle of binary (eg: 3 IP packets of size 1000, 800, and 1200 bytes to a bundle of 3000 bytes) then cut that bundle anywhere it feels best to make the payloads for datagrams of lower layer (e.g: to 2 Ethernet frames with payload of 1500 bytes each). The receiving device can always get 3 original IP packets from 2 Ethernet frames.

Best Answer

A single TCP segment is always converted to a single IP packet by adding IP header, which is in turn converted to a single Ethernet frame by adding Ethernet header (and footer). In other word, a datagram of an upper layer is converted to the payload of the datagram of the lower layer as a whole.

That depends. For example, TCP receives a stream of data from an application-layer protocol, e.g. HTTP, and it will segment it. That is a lower protocol chopping up a higher protocol. TCP itself uses the MSS to determine the segment size, which should fit the MTU, but I have seen people do stupid things like set the MSS to much larger than the MTU (thinking it will increase the speed, but the effect is the opposite). That forces IP to create fragments prior to sending. Also, if the MTU shrinks along the path, that can cause IPv4 fragmentation (IPv6 does not have path fragmentation). IP fragmentation and reassembly is resource expensive. We have PMTUD to discover the smallest MTU in the path so that the MTU, and by extension the MSS, can be automatically set prior to sending.

By the way, it is a mistake to simply assume ethernet, which has been dethroned as the King of the LAN by Wi-Fi. Also, you really do not know what layer-2 protocols will be encountered along the path, For example, many DSL connections use PPPoA (PPP over ATM) instead of ethernet.

The network software groups all datagrams of an upper layer as a a bundle of binary (eg: 3 IP packets of size 1000, 800, and 1200 bytes to a bundle of 3000 bytes) then cut that bundle anywhere it feels best to make the payloads for datagrams of lower layer (e.g: to 2 Ethernet frames with payload of 1500 bytes each). The receiving device can always get 3 original IP packets from 2 Ethernet frames.

The lower-layer network protocols do not bundle datagrams of the upper-layer network protocols. TCP, because it is a stream protocol, may bundle application-layer datagrams and chop the datagrams into proper TCP segments.

Regarding Path MTU Discovery

Ideally i would be relying on Path MTU discovery. But since the ethernet packets being generated are too large for any other machine to receive, there is no opportunity for IP Packet too big fragmentation messages to be returned

Based on your diagram, I agree that PMTUD cannot function between two different PCs in the same LAN segment; PCs do not generate ICMP Error messages required by PMTUD.

Jumbo frames

Some vendors (such as Cisco) have switch models which support ethernet payloads larger than 1500 bytes. Officially IEEE does not endorse this configuration, but the industry has valid needs to judiciously deviate from the original 1500 byte MTU. I have storage LAN / backup networks which leverage jumbo frame for good reason; however, I made sure that all MTUs matched inside the same vlan when I deployed jumbo frames.

Mismatched MTUs within a broadcast domain

The bottom line is that you should never have mismatched ethernet MTUs inside the same ethernet broadcast domain; if you do, it's a bug or configuration error. Regardless of bug or error, you have to solve these problems, sometimes manually.

All that discussion leads to the next question...

Why is there a spec that intentionally creates invalid ethernet frames?

I'm not sure that I agree... I don't see how the IEEE 802.3 series, or RFC 894 create invalid frames. Host implementations or host misconfigurations create invalid frames. To understand whether your implementation is following the spec, we need a lot more evidence...

This diagram is at least prima facie evidence that your MTUs are mismatched inside a broadcast domain...

+------------------+      +----------------+     +------------------+
| Realtek PCIe GBe |      | NetGear 10/100 |     | Realtek 10/100   |
|       (on-board) |      |     Switch     |     |     (on-board)   |
|                  |      +----------------+     |                  |
| Windows 7        |           ^    ^            |                  |
|                  |           |    |            |                  |
| 192.168.1.98/24  |-----------+    +------------| 192.168.1.10/24  |
| MTU = 1504 bytes |                             | MTU = 1500 bytes |
+------------------+                             +------------------+

How should an 802.3-compliant implementation respond to MTU mismatches?

What was it they [the writers of 'the spec'] expected people to do with devices that generate these too large packets?

MTU 1504 and MTU 1500 within the same broadcast domain is simply a misconfiguration; it should never be expected to work any more than mismatched IP netmasks, or mismatched IP subnets can be expected to work. Your company will have to knuckle-down and fix the root-cause of the MTU mismatches... at this time it's hard to say whether the root cause is user error, an implementation bug, or some combination of the above.

If the affected Windows machines are successfully logging into to an Active Directory Domain, one could write Windows login scripts to automatically fix MTU issues based on some well-constructed tests inside the domain login scripts (assuming the Domain Controller isn't part of the MTU issues).

If the machines are not logging into a domain, manual labor is another option.

Other possibilities to contain the damage

Use a layer3 switch^{Note 1} to build a custom vlan for anything that has broken MTUs and set the layer3 switch's ethernet MTU to match the broken machines; this relies on PMTUD to resolve MTU issues at the IP layer. Layer3 switches generate the ICMP errors required by PMTUD.

This option works best if you can re-address the broken machines with DHCP; and you can identify the broken machines by mac-address.

... why did they bump it up to 1504 bytes, and create invalid packets, in the first place?

Hard to say at this point

802.1ad vs 802.1q

How is IEEE 802.1ad (aka VLAN Tagging, QinQ) valid, when the packets are too large?

I haven't seen evidence so far that you're using QinQ; from the limited evidence I have seen so far, you're using simple 802.1q encapsulation, which should work correctly in Windows, assuming the NIC driver supports 802.1q encap.

End Notes:

^{Note 1}_{Any layer 3 switch should do... Cisco, Juniper, and Brocades all could perform this kind of function.}

Calculating Exact TCP Overhead Cost

Ethernet packets 1.5k

1500 - 20 B (IPv4) - 20 B (TCP+checksum) = 1460 B DATA (and 40 B Overhead)

Add 40 B + 14 B (Ethernet) + 4 B (FCS) + 12 B (Interframe gap) + 8 B (preamble) = 78 B Overhead

78 / 1460 * 100 = 5.34% overhead

1460 / ( 1460 + 78) * 100 = 94.93% Throughput/Goodput

1,000,000,000(1Gbit) * 94.93% = 949Mbit/s(0.949Gbit/s)

you measured 941Mbit/s that gives (949 - 941) / 949 * 100 = 0.84 % error between theoretical and actual.

Jumbo packets 9k - Theoretical max

(9000-40) / ( 9000 - 40 + 78 ) *100 = 99.14%  (Overhead 0.86%)

1,000,000,000(1Gbit) * 99.14% = 991Mbit/s(0.99Gbit/s)