Questions[ethernet](server)

I am about to use Wireshark for some traffic monitoring on my Windows computer. While working on it, I was wondering how Wireshark manages to catch low level network packets before Windows does.

First of all, a network interface on my NIC receives a packet. The NIC then does some initial checks (CRC, right MAC address, ... etc. ). Assuming that the verification was successful, the NIC forwards the packet. But how and where?

I understand that drivers are the glue between the NIC and the OS or any other application. I further guess that there's a separate driver for Windows and Wireshark (WinPcap?). Otherwise, Wireshark wouldn't be able to receive Ethernet frames. Are there two or more NIC drivers coexisting at the same time? How does the NIC know, which one to use?

As I understand, a 10Gb Ethernet card is capable of putting 10Gb every second on (say) a fibre optics cable. Now naively, for this to happen in hardware, one will need a 10GHz clock running the network card.

It is possible to half that frequency by clocking on both edges, but 5GHz is still awefully high for transistors to support. For 100Gb Ethernet, 50GHz seems completely unreasonable.

What is the clock frequency of clocks running (say) a 10Gb Ethernet card? Are there tricks used to cut down this frequency from the "naive" 10GHz frequency?

What are VLANs? What problems do they solve?

I'm helping a friend learn basic networking, as he's just become the sole sysadmin at a small company. I've been pointing him at various questions/answers on Serverfault relating to various networking topics, and noticed a gap - there doesn't appear to be an answer which explains from first principles what VLANs are. In the spirit of How does Subnetting Work, I thought it would be useful to have a question with a canonical answer here.

Some potential topics to cover in an answer:

• What are VLANs?
• What problems were they intended to solve?
• How did things work before VLANs?
• How do VLANs relate to subnets?
• What are SVIs?
• What are trunk ports and access ports?
• What is VTP?

EDIT: to be clear, I already know how VLANs work - I just think that Serverfault should have an answer that covers these questions. Time permitting, I'll be submitting my own answer as well.

We recently had a little problem with networking where multiple servers would intermittently lose network connectivity in a fairly painful-to-resolve way (required hard reboot). This has been going on for about two weeks, seemingly at random, on different servers. No particular pattern that we could discern to it.

After some digging into it, we saw that the switch was reporting 100 Mbps for the problem port:

This sounds remarkably like what happened in the Joel Spolsky article Five Whys

Michael spent some time doing a post-mortem, and discovered that the problem was a simple configuration problem on the switch. There are several possible speeds that a switch can use to communicate (10, 100, or 1000 megabits/second). You can either set the speed manually, or you can let the switch automatically negotiate the highest speed that both sides can work with. The switch that failed had been set to autonegotiate. This usually works, but not always, and on the morning of January 10th, it didn’t.

We have now disabled auto-negotiate on our network hardware and set it to a fixed rate of 1000 Mbps (gigabit).

My questions to those with more server hardware networking expertise:

1. How common are auto-negotiate problems with modern networking hardware?
2. Is it considered good, standard networking practice to disable auto-negotiate and set fixed speeds when setting up networking?

I want to check if a specified ethX is physically up or down. How do I do that with the command line?