Ccent notes part 1


Published on

Published in: Technology, Education
1 Comment
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ccent notes part 1

  1. 1. CCENT Notes Part 1 – Networking Fundamentals Ref : CCENT/CCNA ICND1 Official Exam Certification Guide, Second Edition by Wendell OdomIt is highly recommended that you read at least once the above study guide to make fulluse of this notes, it is expected that there may he minor errors in this notes, pleasealways refer the study guide for accurate information. (Jojo Jacob - CCENT)
  2. 2. TABLE OF CONTENTSChapter 2 - The TCP/IP and OSI Networking Models........................................................3Chapter 3 - Fundamentals of LANs.....................................................................................8Chapter 4 - Fundamentals of WAN’s................................................................................20Chapter 5 - Fundamentals of IP Addressing and Routing.................................................29Chapter 6 - Fundamentals of TCP/IP Transport, Applications and Security.....................41 2
  3. 3. Chapter 2 - The TCP/IP and OSI Networking ModelsTCP/IP : Transmission Control Protocol/Internet ProtocolOSI : Open System InterconnectionRFC – Request for CommentsTCP/IP Architecture LayersApplication : HTTP, POP3, SMTPTransport : TCP, UDPInternet : IPNetwork Access : Ethernet, Frame Relay, PPP (WAN)Application Layer : Provides interface between application software and the network,Provides network services to the applications.Transport Layer : (TCP/UDP) Guarantees the delivery of data across the network. TCPuses the mechanism of acknowledgements to guaranty the transmission of data across thenetwork.Transport Layer header and its encapsulated data is called a SEGMENTInternet Layer : (IP) defines the IP Addressing and Routing.(the process of how arouter should forward or route data packets)Internet Layer header and its encapsulated data, which includes Transport Layer,Application Layer header and any data is called IP Packet.Network Access Layer : defines the protocols and hardwares required to deliver dataacross some physical network.Internet Layer (IP) uses the service of the Network Access Layer (Ethernet) to deliver IPPackets over a physical network.Network Access Layer’s encapsulated data are called FRAMES which includes networkaccess layer (Ethernet, PPP) header, trailer and their encapsulated data.IP uses network access layer protocols (Ethernet. PPP) to deliver packets to next router orhost, in which IP packets will be encapsulated between Ethernet or PPP header and trailerfor transmission over the physical medium as frames. 3
  4. 4. Ethernet header and trailer may be striped and IP Packet may be encapsulated with PPPheader and trailer during transmission depending on the network access protocol betweenthe routers in the network.Same layer Interaction (different computers) : When a particular layer in onecomputer wants to communicate with the same layer in another computer, and this isdone using headers which are transmitted between the computers.Adjacent Layer Interaction (same computer) : In a single computer one layer providesservices to a higher layer. The software or hardware that implements the higher layerrequests the lower layer to perform the task needed.Five Step Process of TCP/IP host sending data in a network.Step 1 : application data with application layer header. http ok message returned in a httpheader followed by content of the web page.Step 2 : encapsulate application layer data in a transport layer (tcp/udp) headerStep 3 : encapsulate the transport layer data in a internet (IP) layer headerStep 4 : encapsulate the data supplied by the internet layer into network access layerheader and trailer.Step 5 : transmit the bits, physical layer encodes the signal onto a medium to transmit theframesEncapsulation : is the process of adding headers and trailers around data supplied by ahigher level in the network model.Decapsulation : is the process of stripping (removing) the header and trailer from anencapsulated data.Networking Model defines a set of network layers and how they interact each other, twomost important networking models are TCP/IP and OSI. 4
  5. 5. OSI Reference ModelOSI Layers TCP/IPApplication Layer 7Presentation Application Layer 6Session Layer 5Transport Transport Layer 4Network Internet Layer 3Datalink Layer 2Physical Network Access Layer 1All People Seem to Need Data Processing (Layer 7 – Layer 1)Layer 7 – Layer 5 focuses on applicationLayer 4 – Layer 1 focuses on end to end delivery of the data over the networkApplication Layer : Interfaces between application software and network also includesauthentication services.Presentation Layer : Defines format and organization of data and includes encryptionSession Layer : Establishes and maintains end-to-end bi-directional flow between endpoints. Includes managing transaction flows.Transport Layer : Provides a variety of services between two hosts, connectionestablishment and termination, flow control, error recovery, and segmentation of largeblock of data into smaller parts for transmission.Network Layer : logical addressing, routing (forwarding) and path determination.Datalink Layer : format the data into frames for transmission onto physical medium,defines the rule for, when the data can be send, defines the means by which to determinetransmission errors (FCS : Frame Check Sequence).Physical Layer : refers to standards for physical characteristics of the transmissionmedium, including connectors, pins, use of pins, electrical currents, encoding, lightmodulation, and rules for how to activate and deactivate the use of physical medium. 5
  6. 6. Layer Name Protocols and Specification DevicesApplication, Presentation, Firewall, Intrusion detection Telent, HTTP, FTP, SMTP,Session (Layer 7 – 5) systems. POP3, VoIP, SNMPTransport (Layer 4) TCP, UDPNetwork (Layer 3) IP RoutersDataLink (Layer 2) Ethernet (IEEE 802.3), Lan Switches, wireless HDLC, Frame Relay, PPP access points, cable modem, dsl modemPhysical (Layer 1) RJ-45, EIA/TIA -232, V.35, Lan Hub, repeater Ethernet (IEEE 802.3)Benefits of Layered Protocol SpecificationsLess Complex : Layered protocol network model breaks the functions and tasks of thenetworking into smaller chunksStandard Interfaces : standard interfaces definition between the layers enables multiplevendors to develop products on specific layersEasier to develop : reduced complexity mean easier program changes and faster productdevelopmentEasier to learn : easier to learn more details of a protocol specificationMulti-vendor interoperability : creating products meeting same networking standardsmeans, computers and network gears from different vendors can work togetherModular engineering : vendors can concentrate on developing modular products inspecific layersA software or a hardware device in a layer does not have to worry, or can assume that thesoftware and hardware devices in other layers will perform functions defined for thatlayer. 6
  7. 7. OSI EncapsulationOSI model uses PDU – Protocol Data Unit to refer to its encapsulated data in each layers.L7PDU : Application(L7)H + DataL6PDU : Presentation(L6)H + DataL5PDU : Session(L5)H + DataL4PDU : Transport(L4)H + DataL3PDU : Network(L3)H + DataL2PDU : Data Link(L2)H + Data + L2TL2PDU is transmitted into the physical link.Please go to ……Do I know this Already –QUIZ. – Chapter 2. :- Page 18. 7
  8. 8. Chapter 3 - Fundamentals of LANsEthernet – refers to standards that define physical and data link layer for LAN.Variables for Ethernet Standards are : Speed, type of cable, length of cable etc.IEEE – Institute of Electrical and Electronics EngineersIEEE seperates the Ethernet Data link layer functions into two sub layers: 802.3 Media Access Control (MAC) sublayer (Lower layer) 802.2 Logical Link Control (LLC) sublayer (Higher Layer)Common Name Speed Alternate Name IEEE Cable type, Standard Maximum LengthEthernet 10 Mbps 10BASE-T IEEE 802.3 Copper, 100 mFast Ethernet 100 Mbps 100BASE-TX IEEE 802.3u Copper, 100 mGigabit Ethernet 1000 Mbps 1000BASE-SX IEEE 802.3z Fibre, 500 m (SX) 1000BASE-LX 5 km (LX)Gigabit Ethernet 1000 Mbps 1000BASE-T IEEE 802.3ab Copper, 100 mAlternate Name always list speed in MbpsT – in the alternate name means twisted pair (UTP)Functions of LAN : File sharing, Printer sharing, File transfer and gaming10BASE2 and 10BASE5 – early Ethernets, consisted of series of co-axial cablesconnecting computer and their NIC. Sending computer sends electrical signals throughthe bus (collection of cables forming electrical circuit).CSMA/CD – Carries Sense Multiple Access with Collision Detection , ensures that onlyone devices sends traffic in Ethernet at one time. Avoids collision and takes action whencollision occurs. Algorithm:- A device that wants to send a frame waits until LAN is silent, ie no frame is currently being send, before attempting to send an electrical signal If a collision still occurs, the devices that caused the collision wait a random amount of time and try againCSMA/CD : Carrier Sense Multiple Access with Collision detection, a device accessmechanism in which devices ready to transmit data first check the channel for a carrier. Ifno carrier is sensed for a specific period of time, a device can transmit. If two devices 8
  9. 9. transmit at once, a collision occurs and is detected by all colliding devices. This collisionsubsequently delays re-transmission from those devices for a random length of time.10BASE2 – maximum cable length 185m10BASE5 – maximum cable length 500 mAttenuation :- weakening of electrical signals as it traverse farther through a cableRepeaters – connects multiple cable segments, receive electrical signal on one cable,interpret the bits as 1s and 0s and generates brand new, clean, strong electrical signal outthe other cable. But does not interpret the meaning of the electrical signal (bits) and is aLayer 1 device.Repeater does not simply amplify the signal, because amplifying the signal might alsoamplify any noise picked up along the way, but it re-generates brand new electricalsignals.Ethernet Hubs : hubs are essentially repeaters but with multiple physical ports, it re-generates the electrical signals that comes in one port and sends to every other ports andcreates an electrical bus.• Origianl Ethernet LANs created an electrical bus to which devices were connected• 10BASE5 and 10BASE2 repeaters extended the length of the LAN by cleaning up the electrical signals and repeating it – a layer 1 function – without interpreting the meaning of the signals.• Hubs are repeaters that provide a centralised connection point for the UTP, cabling, but still creates a single electrical bus shared by various devices, just like 10BASE2 and 10BASE5.• Because collision could occur in any of these cases, Ethernet defines CSMA/CD algorithm, which tells devices how to avoid collision and also action to take when it occurs.Ethernet UTP Cabling10BASE-T (Ethernet) , 100BASE-T (fast Ethernet – FE) , 1000BASE-T (gigabit ethernet – GE) use UTP (unshielded twisted pair) cablingUTP cables – two pairs or four pairs of wires.RJ-45 connectors – connect to end points of utp cables and has pins (8) to which each ofthe coloured wires are connected to. RJ-45 connectors are inserted into RJ-45 ports incomputers of switches.RJ11 – commonly used for telephone cables in North America 9
  10. 10. RJ11 is a physical interface often used for terminating telephone wires. It is probably themost familiar of the registered jacks, being used for single line POTS telephone jacks inmost homes across the world.RJ14 is similar, but for two lines, and RJ25 is for three lines. RJ61 is a similar registeredjack for four lines. The telephone line cord and its plug are more often a true RJ11 withonly two conductors.Phone generates analog signals at the rate of 0 – 4000 Hz, and the DSL modem usesfrequencies higher than 4000 Hz, so that the phone and the DSL signals interfere verymuch, still need to use a filter.The DSLAM directs (multiplexes) the analog voice signals – frequency range between 0Hz and 4000 Hz, to a voice switch.Two views of an RJ25 6P6C crimp-on style connector. .RJ11 is a physical interface often used for terminating telephone wires. It is probably themost familiar of the registered jacks, being used for single line POTS telephone jacks in 10
  11. 11. BS6312 431A plug; colloquially, a British Telecom plug. Used in NZ.Cisco switches uses GBIC (gigabit interface converter) or Small form Pluggables (SFP)so that switch can use a variety of cable connectors, type of cabling and support differentcable lengths.Cisco switches can easily alternate between 1000BASE-T GBIC and 1000BASE-LXinterface cards depending on the situations, like if the cabling need to cover a longerdistance.Twisted pair copper wire cancels out the magnetic field when transmitting electricity. Bytwisting together wires in the same pair, with the current running in opposite direction oneach wire, the magnetic field created by one wire mostly cancels out the magnetic fieldcreated by the other wire.Networking devices create an electric circuit using twisted wire pair and vary the signalsas defined by the encoding scheme, to send bits over wire pair.Encoding scheme defines how the electrical signal should vary, over time, to mean eithera binary 0 or 1.Twisted Pair : Transmission medium consisting of two insulated wires, with wirestwisted around each other in spiral. An electrical circuit flows over the wire pair, with thecurrent in opposite direction on each wire, which significantly reduces the interfenecebetween two wires.UTP Cabling Pinouts for 10BAST-T and 100BAST-TXTelecommuncations Industry Association (TIA) and Electronics Industry Alliance (EIA)defines the standards for UTP cabling, colour coding for wires and standard pinouts onthe cable.Two EIA/TIA pinout standards are T568A and T568B.T568A pinout standard 11
  12. 12. RJ-45pair 3 3 2 1 1 2 4 4pins 1 2 3 4 5 6 7 8Pinouts1- G/W2- Green3- O/W4- Blue5- B/W6- Orange7- Brown/W8- BrownPair 1 Pair 2 Pair 3 Pair 4Blue/Blue W Orange W/ Orange Green W/Green Brown W / BrownT568B pinout standardRJ-45pair 2 2 3 1 1 3 4 4pins 1 2 3 4 5 6 7 8Pinouts1- O/W2- Orange3- G/W4- Blue5- B/W6- Green7- Brown/W8- BrownPair 1 Pair 2 Pair 3 Pair 4Blue/Blue W O W/Orange Green W/Green Brown W / BrownPinout : Documentation and Implementation of which wires inside a cable connect toeach pin positions in side any connectorUTP cable requires two pairs of wire for 10BASE-T and 100BASE-TX and four pairs ofwire for 1000BASE-T. 12
  13. 13. Ethernet NIC send data using the wire pair connected to Pins 1 and 2. (pair 3, T568Astandard)Ethernet NIC receives data using the wire pair connected to Pins 3 and 6. (pair 2, T568Astandard)Hubs and switches send data using the wire pair connected to Pins 3 and 6. (pair 2,T568A standard)Hubs and switches receives data using the wire pair connected to Pins 1 and 2. (pair 3,T568 standardStraight Through Cable : connects two devices (NIC and switch) which uses oppositepinout pairs to transmit and receive data.Straight through cable connects wire at pin 1 on one end of the cable to pin 1 on otherend of the cable, wire at pin 2 on one end of the cable to pin 2 on other end of the cableand so on.But will not work for connecting two hubs/switches together as they use the same pinsfor send and receive.A cable that swaps the wire pair in side the cable is called Cross over cable.Cross over cable must be used to connect two switches as both the switches uses pair atpin 3,6 to transmit and pair at pins 1,2 to receive, the cable must swap or cross the pairs.1 ---- 32 ---- 63 --- 16 --- 2Devices on opposite end of the cable using same pair of pins to transmit need crossovercable, devices uses opposite pair of pins to transmit requires straight trough cables.Crossover Cable : An Ethernet cable that swaps the wire pair used for transmission onone device to wire pair used for receiving on a device connected to the other end of thecable. In 10BSAE-T and 100BASE-TX networks, this cable swaps the wire pair at Pin1,2 to Pins 3,6 on other end of the cable, and Pair at Pins 3,6 to Pins 1,2.Straigh-through Cable : An Ethernet cable that connects wire on Pin 1 on one end ofthe cable to Pin 1 on other end of the cable, Pin 2 on one end to Pin 2 on other end and soon. 13
  14. 14. 10BASE-T and 100BASE-TX pin pairs usedDevices that transmit on pin pair 1,2 and Devices that transmit on pin pair 3,6 andreceives on 3,6 receives on 1,2PC NICs HubsRouters SwitchesWireless Access Points (Ethernet Interface)Network Printers (directly connected toLAN)1000BASE-T requires 4 wire pairs also gigabit Ethernet transmit and receives on each ofthe four wire pairs simultaneously.1000BASE-T straight through cables connect wire at pin 1 to pin 1 , pin 2 – pin 2 and soon.1000BASE-T crossover cable crosses wire pairs between pins (1,2 and 3,6) and (4,5 and7,8).Auto-mdix is a cisco switch feature that notices wrong cabling pinouts, and re-adjusts theswitch’s logic and makes the cable work.Hubs to SwitchesFive steps of a hub creating electrical bus.1. NIC sends a frame2. NIC loops the send frame to its receive pair internally on the card3. hub receives the electrical signals, interpret the signals as bits, so that it can clean up and repeat as strong signals4. hubs internal wiring repeats the signal to all other ports, except the port the signals was received from5. the hub repeats the signal to each receiver pair on all other devicesIf two NIC send frames at same time, at step 4, the electrical signals would overlap,frames would collide, and either frames will be completely unintelligible, or full orerrors.CSMA/CD algorithm helps prevent the collision and also defines how to act whencollision occurs, CSMA/CD algorithm work like this; 14
  15. 15. 1. A device with a frame to send listens until Ethernet is not busy2. when the Ethernet is not busy sender(s) begin(s) sending the frame3. the sender(s) listen(s) to make sure that no collision occurred4. if a collision occurs the devices that had been sending, each send a jamming signal to ensure that all stations recognizes the collision5. after the jamming is complete, each sender randomizes a timer and waits that long before trying to resend the collided frame6. when each random timer expires, the process start from step 1Using a hub with CSMA/CD causes performance problems;1. only one device can send at a given point in time2. if a collision occurs, the sending devices waits for a ramdomized time before trying to re-send the collided frameFor devices connected to a hub, only one device can send at any one instant in time. As aresult the devices connected to a hub share the bandwidth available through the hub. Thelogic of waiting for the LAN to be silent before sending, means that a device either sendor receive at a given point in time, but not both , and this is called half duplex.Collision domain : defines the set of devices whose frame could collide. All devices on a10BASE2 and 10BASE5 network and any network using a HUB are said to be in thesame collision domain.Hubs : A LAN device providing a centralized connection point for LAN cabling,repeating any received electrical signals out all other ports, thereby creating a logical bus.Hubs do not interpret the electrical signals as a frame of bits, so Hubs are considered tobe Layer 1 devices.Switches:1. Interprets the bits in the received frame, so that they can typically send the frame out the required one port, rather than all other ports2. If the switch needs to forward multiple frame out the same port, the switch buffers the frames in memory, sending one at a time and thereby avoiding collision.A switch is considered to be a layer 2 device as it need to look at the Ethernet header foraddress.Single devices connected to switch ports does not share the bandwidth, ie a switch with100Mbps port, has 100Mbps for each port. 15
  16. 16. Shared Ethernet : Ethernet using a hub or the original co-axial cabling LAN were theLAN bandwidth is shared among the devices, as each device has to take turn in using theLAN, because of the CSMA/CD algorithm.Switched Ethernet : LANs with switches does not have to share the bandwidth betweendevices connected to a port. Ie a switch with 100 Mbps port has 100Mbps for each port.A hub with 24, 100Mbps devices connected to it all share a theoretical total bandwidth of100Mbps. However a switch with 24, 100 Mbps devices connected to it, support 100Mbps on each of the 24 ports, or 2400 Mbps (2.4 Gbps) theoretical maximum bandwidth.LAN switches with only one devices cabled to each port, can completely eliminatecollision, which allows the use of full-duplex operation. Full-duplex means the Ethernetcards can send and receive concurrently. When full-duplex is implemented CSMA/CDwill be disabled on devices at both end of the cable. And performance will be doubled byallowing simultaneous transmission in both directions.Full Duplex : Any communication in which two communicating devices can send andreceive data concurrently is said to have full duplex communication. In Ethernet LANfull duplex is allowed when the CSMA/CD is disabled on both the communicatingdevices.Half Duplex : Any communication in which only one device can send data at a time. InEthernet LAN normal results of CSMA/CD that enforces the rule that only one deviceshould send at any point in time.Ethernet Data-Link ProtocolsEthernet data-link protocols (small set) is same and applies to almost all of the variationsof Ethernet from 10BASE5 up through to 10 Gbps Ethernet.Ethernet LAN addressing identifies either a individual device (unicast) or a group ofdevices in LAN (broadcast and multicast). Ethernet LAN address is 6 bytes (48 bits)long, usually written as set of 4 digit hex (12 hex digits) values separated by dots.0000.OC12.3456Unicast Ethernet address identifies a single LAN card.Ethernet card manufactures encodes MAC address into the card, usually in a ROM chip,first half identifies the manufactures and is assigned by IEEE and is calledOrganizationally Unique Identifier (OUI), second half is a unique number assigned by themanufacture for each card. It is also called Burned in address (BIA) , also calleduiversally administered address (UAA). 16
  17. 17. Structure of unicast Ethernet address Organizationally Unique Vendor Assigned Identifier NIC Cards, InterfacesSize in bits -----24 Bits------------ -----24 Bits--- --Size in Hex Digits -----6 Hex ------------ -----6 Hex --- --Example ---00 60 2F ------------ ---3A 07 BC-- --Group address – represents more than one LAN interface cards:-Broadcast addresses: represents all the devices on the LAN, and is represented byFFFF.FFFF.FFFF in hexadecimal notation.Multicaset address – allows a subset of devices on the lan to communicate. When IPmulticasts over an Ethernet, the multicast MAC address used by IP follows the format,0105.5exx.xxxx where x can take any value.LAN MAC Address terminologyLAN addressing term or feature DescriptionMAC Media Access Control 802.3 (Ethernet) defines the MAC sublayer of the IEEE Ethernet.Ethernet Address, Other terms for MAC address, and defines 6 bytes (48NIC Address, bits) long address for LAN Interface cards.LAN addressBurned in address (BIA) 6 byte ling address assigned by the NIC vendorUnicast address MAC address representing a single LAN interfaceBroadcast address An address that means all devices that reside on this LAN right nowMulticast address Implies to some subset of all the devices currently on the Ethernet LANEthernet Framing : Defines how a string of binary numbers are interpreted, it definesthe meaning behind the bits that are transmitted across a network.Ethernet Frame (IEEE 802.3 revised 1997).Preamble SFD Destination Source Length/type Data and Pad FCS 7 1 6 6 2 46-1500 4 (Bytes) 17
  18. 18. IEEE 802.3 Ethernet header and trailer fieldsField Field Length DescriptionPreamble 7 SynchronizationStart frame 1 Signifies the next byte begins the destination MACdelimiter (SFD) fieldDestination 6 Destination MACSource 6 Source MACLength 2 Length of the data field of the frame (either length or type is present not both)Type 2 Type of protocol listed inside the frame (either length or type is present not both)Data and pad 46-1500 Holds data from higher layer L3 PDU (generally) mostly IP PacketFrame check 4 Provides a method for the receiving NIC tosequence (FCS) determine if the frame experienced transmission errorsThe IEEE 802.3 specification limit the data portion of the 802.3 frame to maximum of1500 Bytes. The data field was designed to hold the laye 3 IP Packet. The term MaximumTransmission Unit (MTU) refers to the maximum layer 3 packet that can be send over amedium. Because Layer 3 IP Packet resides inside the data portion of an Ethernet frame,1500 bytes is the largest IP MTU that can be send over an Ethernet.Layer 3 protocols like IBM SNA, Novel Netware, AppleTalk, TCP/IP could betransmitted over Ethernet LAN. (layer 2 ethernet frame).Type field in the Ethernet frame header identifies the Layer 3 protocol used, eg . IPpacket means 0800 (decimal 2048) value in the type field.When length/type field in the Ethernet frame header is used to represent the length ofentire Ethernet frame (hex value less than 0600 decimal 1536), in such cases Ethernetframe adds two additional headers after the 802.3 Ethernet header but before he L3Header:-1. an IEEE 802.2 Logical Link Control (LLC) header2. an IEEE subnetwork access protocoal (SNAP) headerLLC HeaderDSAP SSAP CTL 1 1 1 (Bytes) 18
  19. 19. SNAP HeaderOUI Type 3 2 (Bytes)Preamble SFD Destination Source Length/type LLC Header SNAP Header Data and Pad FCS 7 1 6 6 2 3 5 46-1500 4 (BytesLength/Type field will have value less than 1536, meaning it represents the length of the entire Ethernetframe.Protocol Type Field : A field in a LAN header that identifies the type of header thatfollows (Layer 3 PDU) the LAN header, Includes the DIX Ethernet Type Field, IEEE802.2 DSAP field, and the SNAP protocol type field.Error RecoveryEthernet Frame Check sequence is the only field in the Ethernet frame trailer, allows thedevices receiving the frame to detect if the bits have changed during transmission.FCS error detection does not mean error recovery.To detect an error the sending device calculates a complex mathematical function withthe frame contents as input and puts the results into the frames 4 Bytes FCS field. Thereceiving device does the same math on the frame, if its calculation matches the FCSfield in the frame, no errors occurred. If the results doesn’t match an error has occurredand the frame is discarded, Ethernet does not do any thing for error recovery, it takes noaction for re-sending the frame, but is taken care by protocols like TCP.1000BASE-T : A name for IEEE Gigabit Ethernet standard that uses four pair coppercabling, a speed of 1000 Mbps (1 Gbps) and a maximum cable length of 100 meters.100BASE-TX : A name for the IEEE fast Ethernet standard that uses two pair coppercabling, a speed of 100 Mbps and a maximum cable length of 100 meters10BASE –T : The 10 Mbps baseband Ethernet specification using two pairs of twistedpair cabling. (Category 3,4, or 5). One pair transmit and other pair receives data.10BASE T which is part of the IEEE 802.3 specification, has a distance limit ofapproximately 100 meters.Please go to ……Do I know this Already –QUIZ. – Chapter 3. :- Page 42. 19
  20. 20. Chapter 4 - Fundamentals of WAN’sWAN physical and data-link standards and protocols define how to network betweendevices that are far apart in some cases thousands of miles.OSI Layer 1 – for Point to Point WANsPoint to Point WAN is a type of WAN for connecting remote sites.Service Providers (Telcos) provide leased line for companies to have WAN connectivity.Point to Point WAN connection is also called leases circuit and leased line as the line isexclusively available for the devices at the either end of the connection to send andreceive data at any time they want.Ethernet switches has many different types of interfaces, but all the interfaces are someform of Ethernet. Routers provide capability to connect many different types of layer 1and layer 2 technologies and is used commonly when a LAN is connected to a WAN.CO – central office where telco locates devices that creates its own network.Point to Point Leased line componentsR1----CSU/DSU--------WAN Switch TELCO WAN Switch--------CSU/DSU-----R2 NETWORK | | (demar)R1, R2 – routesCSU/DSU – external Channel Service Unit / Data Service UnitWAN switches in the CORouters are connected to CSU/DSU using short cables (max 50ft).A much longer cable connects CSU/DSU to WAN switch in the CORouters and CSU/DSU are CPE (customer premises equipments)Demarcation point (demar) defines the boundaries of responsibilities between telco andcompany (customer) in a PPP Wan. 20
  21. 21. WAN Cabling StandardsPoint to Point WAN uses synchronous point to point serial link interface on its routers.Synchronous serial interface in cisco routers uses physical connector types such as 60 –Pin D-shell connector.CSU/DSU end of the cable uses physical connector standards such as EIA/TIA-232 ,EIA/TIA-449, V.35, X.21, EIA-350Many of the pins in the above connectors are used for control functions, a few are usedfor transmitting data, and some pins are used for clocking.The cable between the CSU/DSU and the telco CO typically uses a RJ-48 connector.When a router has an internally built CSU/DSU, physical line from telco CO is directlyconnected to a port in the router, typically to a RJ-48 port in the router serial interfacecard.Clock Rate, Synchronization, DCE and DTEEvery WAN circuit provided by a service provider runs at one of many possible pre-defined speed. This speed is often referred to as clock rate, bandwidth or link speed.To make a WAN link work, various devices need to synchronize their clock so that theyrun exactly at the same speed, this process is called synchronization.Synchronous circuits imposes time ordering at the link’s sending and receiving ends.Synchronization occurs between two CSU/DSU on a leased line, by having oneCSU/DSU (the slave) adjust its clock to match the clock rate of the other CSU/DSU (themaster). A networking device synchronizes its clock several times per second.In practice clocking concept includes a hierarchy of different clock sources. The telcoprovides clocking information to the CSU/DSUs based on the transitions in the electricalsignal on the circuit. The two CSU/DSUs then adjust their speeds to match the clockingsignals from telco.The CSU/DSUs each supply clocking signals to the routers so that therouters simply react, sending and receiving data at the correct rate. So from the routersperspective, the CSU/DSU is considered to be clocking the link.The device that provides clocking, typically CSU/DSU is considered to be DataCommunication Equipment (DCE) and the device receiving clocking typically the routeris considered to be Data Terminal Equipment (DTE).DTE serial cables (for routers) and DCE serial cable (for CSU/DSU) exists. 21
  22. 22. WAN in the lab, Point to Point serial link, back to back serial connection can be builtusing two routers one acting as DTE and one as DCE and connected together usinginterconnected DTE and DCE serial cables and with a clock rate configuration commandin the DCE router.DTE cable, the cable that typically connects a router (dte) to a csu/dsu does not swap thetransmit and receive pins, however a DCE cable does the swaping of the Transmit andreceive pins. DTE Cable DCE Cable DTE CableR1 ------------------- CSU/DSU ---------------------------CSU/DSU--------------------R2Link Speed offered by telcoPCM – Pulse code modulation – converts analogue signal to digital signaland according to this, 64,000 bits required to represent 1 sec voice and is the baselinetransmission speed (64Kbps). Digital Signal Level 0 (DS0).According to PCM voice analog signals are sampled 8000 times per sec, each samplerequiring 8 bits, so 8000 * 8 = 64000 bits required to represent 1 sec voice.The combination of multiple slower speed lines and channels into a faster speed lines orchannel – for instance combining 24DS0 channels into a single DS1 (T1) line is calledTime division multiplexing (TDM).T1 and T3 are standards used in United StatesE1 and E3 are Japanese and European standardsWAN Speed summaryDS0 64kbpsDS1 (T1) 1.544 Mbps (24 DS0s plus 8kbps overhead)DS3 (T3) 44.736 Mbps (28 DS1s plus management overhead)E1 2.048 Mbps (32 DS0s)E3 34.064 Mbps (16 E1s plus management overhead)J1 (Y1) 2.048 Mbps (32 DS0s : Japanese standard)Type of signalling (DS1, DS3 etc) and signalling specification define the electricalsignals that encode binary 1 and 0 on the line. 22
  23. 23. OSI Layer 2 – for Point to Point WANsTwo most popular data link layer protocols used in Point to point links are High leveldata link control (HDLC), and Point to Point Protocol (PPP).Main objective of HDLC data link layer is the delivery of the data across the link, errorchecking, and identification of data packet type in the frame.Standard HDLC Frame 1 1 1 variable 4 (bytes)Flag Address Control Data FCSCisco proprietary HDLC Frame 1 1 1 2 variable 4 (bytes)Flag Address Control Type Data FCSInternational Telecommunications Union (ITU) defined HDLCInternet Engineering Task Force (IETF) defined PPPPPP works same as HDLC, framing is identical. PPP including the protocol type field, isused in a multi vendor router point to point serial link environment.Pont to Point WAN:Synchronous : the imposition of time ordering on a bit stream, practically a device triesto use the same speed as the other device on other end of the serial link, however byexamining the transition between the voltage states on the link, a device can notice slightvariation in the speed on each end and can adjust its speed accordingly.Clock source : the device to which the other device on the link adjust their speed whenusing a synchronous link.CSU/DSU: Channel service unit/ data service unit, connects the routher to the teleconetwork in a point to point serial link.T1 : A line from telco that allows transmission of data at 1.544 MbpsE1 : Similar to T1, but used in Europe, at the rate of 2.048 Mbps and 32 64Kbps (DS0)channelsPoint to Point Leased line (PPP) is also called : leased line, leased circuit, serial link,serial line, point-to-point link, and circuit. 23
  24. 24. Frame Relay and Packet SwitchingIn packet switching a physical WAN connectivity exists and a company can connect alarge number of routers to the packet switching service, using a single serial link fromeach router to the packet switching service.Two most commonly used Packet Switching services are Frame Relay and AsynchronousTransfer Mode (ATM).For frame relay a leased line is installed from the router to nearby Frame Relay switchand is called access links and runs the same speed and same signalling standards as apoint to point leased line.DTE (DCE) (DCE) DTER1-----------------------Frame Frame---------------------------R2 Access link Relay Relay access link Switch SwitchFrame relay switch in the telco network examines the data frame sent by the router.Frame relay defines its own data link header and trailer, the header holds a field calledData Link Connection Identifier (DLCI), WAN switches forwards the frame based on theDLCI until it reaches the destination router.Frame Relay header and trailer are defined by a protocol called Link Access ProcedureFrame (LAPF).Frame relay uses Frame Switching (Layer 2)as it switches (forwards) incoming frames todevices one by one based on the DLCI.Packet Switching (Layer 3) is a more common term.In Layer 2 Frame Relay,DCE – device providing service (Frame Relay Switch)DTE – device needing frame switching service (Router at customer site)But from a Layer 1 perspective CSU/DSU provides clocking to the Router,CSU/DSU is still the DCE andRouter is still the DTE 24
  25. 25. The logical path a frame travels between each pair of routers is called a frame relayvirtual circuit (VC). Typically a service provided pre-configure all the required details ofa VC, and these VCs are called (permanent) PVC.VCs share the access link, and frame relay network. Frame relay enable you to expandthe WAN with only one access link, multiple VCs and less hard wares. (Eg. One centraloffice router connecting to many branch office routers, CO Router will have just oneaccess link and many VCs to all the branch routers in the Frame relay network).CIR – committed information rate for a VC and it is like a minimum bandwidth, clockrate of a point-to-point circuit. CIR is offered by Service Providers as its customers willbe competing each other for capacity in the providers network.In frame relay The main Central Office Router can have one access link and multipleVCs connecting to more than one branch office DTEs.Frame Relay Topology is…easier for the SP to implement, costs the provider less, and makes better use of the coreof the service providers network.Clocking: is the process of supplying a signal over a cable, either on a separate pin on aserial cable or as part of the signal transitions in the transmitted signal, so that thereceiving device can keep synchronization with the sending device. 25
  26. 26. Typical Frame Relay Network with Three sites and Three Virtual CircuitsDefine:Access links, back-to-back linking, clocking, DTE (layer 1), CSU/DSU, DCE (layer 1),DS0, DS1, Frame Relay, HDLC, leased line, packet switching, PPP, serial cable,synchronous, T1, virtual circuit.Access Link : In Frame Relay the physical serial link that connects Frame Relay DTEdevice, usually a Router to a Frame Relay switch. The access link uses the same physicallayer standard as do point-to-point leased lines.Back-to-Back link : a serial link between two routers, created without CSU/DSUs, byconnecting a DTE cable to one router and a DCE cable to another and connecting the twocables together. Typically used in Labs to create serial links without the expenses of anactual leased line from a telco.Clocking : The process of supplying a signal over a cable, either on a separate pin on aserial cable, or as part of the signal transmission in the transmitted signal, so that thereceiving device can keep synchronization with the sending device. 26
  27. 27. DTE Layer 1 : Data terminal equipment, From a layer 1 perspective DTE synchronizesits clock based on the clocking send by the DCE, from a packet (frame) switchingperspective DTE is a device outside the Service Providers network, typically a router.CSU/DSU : Channel Service Unit / Digital Service Unit. A device that understands theLayer 1 details of the serial link installed by a telco, and how to use a serial cable tocommunicate with networking equipments such as routers.DCE Layer 1 : Data communications equipment, From a physical layer (1) perspective,the device providing clocking on a WAN link, typically a CSU/DSU, is the DCE. From apacket (frame) switching perspective the service providers switch (frame relay switch) towhich the router might connect is considered the DCE.DS0 : Digital signal level 0, a 64 Kbps line or channel, of a faster line, inside a telcowhose origins are to support a single voice call using original voice PCM codec.DS1 :Digital signal level 1, a 1.544 Mbps line from telco, with 24 DS0 channels or 64Kbps each, plus an 8 kbps management and framing channel. Also called a T1.Frame Relay : An international standard data link protocol, that defines the capabilitiesto create a frame (packet) switched, service allowing a DTE device typically a router tosend data to many other devices using a single physical connection to the Frame relayservice.HDLC : High Level Data Link Control. A bit oriented synchronous data link layerprotocol developed by the International Organization for StandardsLeased Line : A serial communication circuit between two end points, provided bysome service provider, typically a telephone company or a telco.Packet (Frame) Switching : A generic reference to network service, typically WANservices, in which the service examines the contents of the transmitted data, to makesome type of forwarding decision. This term is mainly used in contrast with the WANterm circuit switching, in which the provider sets up a Layer 1 circuit between twodevices, and the provider makes no attempt to interpret the meaning of the bits.PPP : Point to Point protocol, a protocol that provides connectivity between router torouter and host to network connection, over synchronous point to point and asynchronouspoint to point circuits.Serial cable : A type of cable with many different styles of connectors used to connect arouter to an external CSU/DSU on a leased line installation.Synchronous : The imposition of time ordering on a bit stream. Particularly a device willtry to use the same speed as the device on the other end of a serial link. However by 27
  28. 28. examining transitions between voltage states on the link, the device can notice slightvariations in the speed on each end and adjust the speed accordingly.T1 : A line from the telco that allows transmission of data at 1.544 Mbps, with the abilityto treat the lines as 24 different 64 Kbps DS0 channels (plus 8kbps overhead).Virtual Circuit : In packet (frame) switched services like Frame Relay, VC refers to theability for two DTE device typically routers to send and receive data directly to eachother, which supplies the same functions as a physical leased line, but doing so without aphysical circuit. This term is meant as a contract with a leased line or leased circuit.Please go to ……Do I know this Already –QUIZ. – Chapter 4. :- Page 71. 28
  29. 29. Chapter 5 - Fundamentals of IP Addressing and RoutingRouting: is the processing of forwarding the packet (L3 PDU)Logical addressing: address that can be used regardless of the physical network used,providing each device at least one address, logical address enables rotting processingidentify a packet’s source and destination.Routing Protocol: a protocol that aids routers by dynamically learning about the groupof addresses in the network, which in turn allows the routing process to work well.Other utilities: DNS, DHCP, ARP, PingPath Selection :- Routing Protocol, some time refer to Routing (forwarding) processesIP is a connectionless protocol, does not require overhead agreements or messages beforesending a packet.Routing (Forwarding) , Network Layer Interaction with Datalink LayerRouting table contains network layer address groupings.Network layer use data-link layer to send data over a physical network, packetencapsulated as frames.Routing process forwards only the packet, end-to-end through the network, discardingdata-link header and trailer along the way, and re-encapsulating as per the data linkprotocol used.Address Resolution Protocol (ARP) is used to dynamically learn about the data-linkaddress of a IP host connected to a LAN.Process of routing forwards Layer 3 packets, L3 PDU, based on the destination layer 3address in the packet.Routing process uses data-link layer to encapsulates the layer 3 packet into layer 2 framesfor transmission across each successive data link. 29
  30. 30. IP Packets and IP HeaderIPv4 header in a packet is 20 bytes long and key fields are1 8 16 24 31----------------------------------------------------------------------------------------------------| Version | Header | DS Field | Packet Length--------------------------- Length----------------------------------------------------------------------------------------------------- Identification-----------------------------Flag (3)- Fragment Offset (16)---------------------------------------------------------------------------------------------------------- Time to Live----Protocol------------- Header checksum-------------------------------------------------------------------------------------------------------------------------------- Source IP Address------------------------------------------------------------------------------------------------------- Destination IP Address-------------------------------------------------------------------------------------------------------Version : Version of IP Protocol – most networks use IPV4 todayHeader Length : IP Header length, defines IP header length including optional fieldsDS Field : Differentiated services field. It is used for marking packets for the purpose ofapplying different Quality-of-service QoS levels to different packets.Packet Length : Identified entire length of the packet including data.Identification : Used by IP packet fragmentation process, all fragments of the originalpackets contain same identifier.Flag : 3 bit flag used by IP fragmentation processFragment Offset : A number used to help hosts reassemble fragmented packets into theoriginal large packetTTL (1 Byte) – time to live, value used to prevent routing loopsProtocol (1 Byte) – idetnfity contents of data portion of the IP packet, Protocol 6 impliesthat a TCP header is the first thing in the IP Packet data fieldHeader checksum for FCSSource IP Address (4 Bytes) : 32 bits IP Address of the sender of the packet 30
  31. 31. Destination IP Address (4 Bytes) : 32 bit IP address of the intended recipient of thepacketNetwork Layer (Layer 3) AddressingLayer 3 addresses are designed to allow logical grouping of addresses.A network or subnet is represented by a ip address which implies a group of ip addresses.The end goal for a routing protocol is to fill the routing table with all know destinationgroups and with the best route to reach each group.Routers build their routing table entries dynamically using a routing protocol.Routing protocol learns the locations of the groups and advertise the group so the routerscan fill their routing table.A routing protocol learns the route and put those routes in a routing table.Routed protocol defines the type of packet forwarded or routed through a network.IP packets are routed in a network, so IP would be the routed protocol, If the routers usedthe Routing Information Protocol to learn about the routes then RIP would be the Routingprotocol.IP is a routed protocol, and RIP- routing information protocol is routing protocol.IP AddressingAny device that can send and receive IP packets is called an IP host.32 bit IP address is represented in dotted decimal, and has 4 octets.Each octect has a range 0 – 255 inclusiveIP address not of the PC but of the NIC.IP Address Groups – IP Networks :(two statements about how ip expects ip addresses to be grouped into networks orsubnets)• All IP addresses in the same group must not be separated by a router.• IP address separated by a router must be in different groupsIP routing relies IP addresses in the same group (network, subnet) to be in the samegeneral location. 31
  32. 32. Classes of IP networksIP defines three different network classes of addresses used by individual host –addresses called unicast addresses , Class A, B and C, TCP/IP uses Class D for multicastand class E for experimental addresses.Size of Network and Host part of the IP addresses with no subnettingNetwork class Network bytes Host bytes Number of addressesA 1 (8 bits) 3 (24 bits) 2 (raised 24) - 2B 2 (16 bits) 2 (16 bits) 2 (raised 16) – 2C 3 (24 bits) 1 (8 bits) 2 (raised 8) – 2Network number (group address) has all binary zeros in the host part of the number.A network number with all binary 1s in the host part is called network broadcast ordirect broadcast address, any packet send to this address will be forwarded to alldevices in that network.Internet corporation for assigned network number (ICANN) is in charge of universal ipaddress assignment formally was done by IANA, the internet assigned numbers authority.All possible valid network numbersclass First octet range Valid network total number for this Total number of numbers class of networks hosts per networkA 1 -126 to 2 (raised 7) – 2 (126) 2 (raised 24 ) -2 16, 777, 214B 128 - 191 to 2 (raised 14) 16,384 2 (raised 16) – 2 65, 534C 192 – 223 to 2 (raised 21) 2 (raised 8) – 2 2, 097, 152 254List of all possible valid network numbers….reference table for the number of network,size of the network part, size of the host part, for Class A,B and C ip networks. Class A Class B Class CFirst Octect range 1 to 126 128 - 191 192 – 223Valid Network Numbers to to of networks in this Class 2^7–2 2 ^ 14 = 2 ^ 21= = 128 16,384 2,097,152Number of hosts per network 2 ^ 24 – 2 = 2 ^ 16 – 2 = 2^8–2= 16,777,214 65,534 254Size of network part of the address 1 2 3(bytes) 32
  33. 33. Size of hosts part of the address 3 2 1(bytes)^ raised to(why it is 7,14, and 21 network bits on CLASS A,B and C networks : explained)CLASS A (7 Network Bits)0 N N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 CLASS B (6 + 8 = 14 Network Bits)1 0 N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8CLASS C (5 + 16 = 21 Network Bits)1 1 0 N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8Class A , B and C network, network and host parts and default maskClass of Size of network part of Size of host part of Default mask forAddress address in bits address in bits each class of networkA 8 24 16 16 24 8 the process of sub dividing the class A, B or C network into smaller groups iscalled subnetting.When subnetting a third part of an IP address appears between the network and host partsof the ip address – namely the subnet part of the ip address. This part is created bystealing or borrowing bits from the host part of the ip address. The size of the networkpart of the address never shrinks. 33
  34. 34. Adders format when Subnetting is used. (Classful)----8--- ----------(24 – X) ----------- -----X------------------------------------------------------------------------------------------- Network Subnet Host CLASS A-------------------------------------------------------------------------------------------16------------ ----(16 – X) ----- ----X-------------------------------------------------------------------------------------- Network Subnet Host CLASS B---------------------------------------------------------------------------------------------------24----------------- --(8 – X) - --X------------------------------------------------------------------------------------ Network Subnet Host CLASS C----------------------------------------------------------------------------------Classful addressing : refers to ip address with three parts, network part (confirming tothe Class A, B and C) rules, subnet part and a host part.Classless Addressing : Instead of three parts as in classful addressing, a classless addresshas two parts , the part on which routing is based, and the host part. The part on whichrouting is based is the combination of network and subnet parts from the classfuladdressing view, the first part is often called subnet part or sometimes the prefix. 32 – x x------------------------------------------------------------------------- Subnet , Prefix Host-------------------------------------------------------------------------IP RoutingHost Routing : Hosts uses the following two step logic when choosing where to send apacket;(two step process of how hosts route packets)If the destination ip address is in the same subnet as the host, it send the packet directly tothe destination host.If the destination ip address is not in the same subnet as the host, sends the packet to thedefault gateway (a routers Ethernet interface on the subnet). 34
  35. 35. A Routers uses the following logic when receiving a data link frame – a Frame that hasan IP packet encapsulated in it.(four step process of how hosts route packets)Step 1 : Use the data link FCS field to ensure that the frame had no errors, if errorsoccurred discard the frameStep 2 : Assuming the frame was not discarded in step 1, discard the old data link headerand trailer leaving the IP PacketStep 3 : Compare the IP packets destination IP address to the routing table and determinethe route that matches the destination address. This route identifies the outgoing interfaceof the router and possibility the next hop router.Step 4 : Encapsulate the IP packet in new data link header and trailer appropriate for theoutgoing interface and forward the frame.With these steps each router forwards the packet until it reaches its destination. 35
  36. 36. PC1 PC11 Default Router A Subnet: R1 Routing Table Subnet Out Interface Next HOP IP Addr S0 Subnet: R1 S0 B R2 Routing Table Subnet Out Interface Next HOP IP Addr S1 S1 Subnet: R2 R3 Routing Table C Subnet Out Interface Next HOP IP Addr E0 N/A R3 E0 Subnet: D PC2 A : PC1 sends a packet to its default gateway. PC1 builds an IP Packet with PC2’sip address ( PC1 needs to send the packet to R1 (PC1’s default gateway)because the destination address is on a different subnet. PC1 send the ip packet asEthernet frame to R1’s MAC address over the Ethernet.Step B : R1 processes the incoming frame and forwards to R2. R1 copies the frame ofthe Ethernet, checks the frame’s FCS and no errors have occurred. Discards the Ethernetheader and trailer, R1 compares the destination address and finds a matching route (S0)from the routing table. R1 forwards the packet to outgoing interface S0 to next hop routerR2, after encapsulating the packet in an HDLC frame.Step C : R2 processes the incoming frame and forwards the packet to R3.R2 does the same steps as that of R1, checks the FCS of the HDLC frame, finds noerrors, discards the HDLC header and trailer, finds a match from the routing table anddetermines the outgoing route as S1 and sends it to next hop address (R3)after encapsulating the packet in a frame relay header.Step D : R3 process the frame and forward the packet to PC2Like R1 and R2, R3 checks the FCS and finds no errors, discards the old data link headerand trailer, R3’s routing table entry shows that the destination ip address is in the same 36
  37. 37. subnet as R3, and outgoing interface is R3’s Ethernet interface. R3 encapsulates thepacket in Ethernet frame and forwards the frame to PC2’s to MAC address over Ethernet.IP Routing ProtocolIP Routing protocols fills the routing table with valid, loop-free routes.Goals of Routing Protocol…• To dynamically learn and fill the routing table with routes to all the subnets in the network• If more than one route to a subnet is available, place the best route in the routing table• To notice when the routes in the routing table are no longer valid and remove them from the routing table• If a route is removed from the routing table, and another route through another neighbouring router is available, add the route to the routing table• To add new routes, and replace lost routes, with best currently available route as soon as possible. The time between loosing a route and finding a working replacement route is called convergence time• To prevent routing loopsRouting protocols follow three general steps in advertising routes in a network…Step 1 : Each router adds a route to its routing table for subnets directly connected to therouterStep 2 : Each router tells its neighbours about all the routes in its routing table, includingdirectly connected routes and routes learned from other routersStep 3 : After learning a new route from a neighbour, the router adds a route to itsrouting table, with the next hop router typically being the neighbour from which the routewas learnedHow each router learns its route to (PC2’s subnet) From the above figure…..Step A. R3 learns a route that refers to its own E0 interface because subnet isdirectly connectedStep B. R3 sends a routing protocol message called a routing update to R2, causing R2to learn about the subnet C. R2 sends similar routing protocol message called a routing update to R1,causing R1 to learn about the subnet 37
  38. 38. Step D. R1’s route to lists R2’s IP address as the next hop address, becauseR1 learned about the route from R2. The route also lists R1’s outgoing interface as S0because R1 learned about the route from the update came through the interface S0.Network Layer UtilitiesARP – Address Resolution Protocol – used to learn MAC address of other computers inthe same LAN subnet.DNS – Domain Name System – used to learn IP addressDNS Name resolution : A pc learns IP address of the DNS server, either pre-configuredor via DHCP, and sends a DNS request to resolve the name of the computer tocommunicate to its IP Address, and DNS server returns the IP address.The ARP Process : Sending pc issues an ARP broadcast, an ARP broadcast is sent to anEthernet broadcast address, so everyone on the LAN receives it, the host in the sameLAN subnet with the IP address as in the ARP broadcast, will respond with its MACaddress.If both sending and destination hosts are in the subnet then ARP will be used to learn theMAC address of the destination host, other wise will be used to learn the MAC address ofthe default router where the IP packet will be forwarded by the host.Any device that uses IP should retain, or cache, the information learned with ARP,placing the information in its ARP cache. Each time a host wants to send a packetencapsulated in Ethernet frame it checks its ARP cache, and uses the MAC address foundthere. If the correct information is not listed in the ARP cache, then the host uses ARP todiscover the MAC address used by the particular IP address. Also a host learns ARPinformation when it receives an ARP as well.Address Assignment and DHCPDHCP defines the protocol used to allow computers to request a lease of an IP address.DHCP uses a server, with the server keeping a list of pools of IP addresses available oneach subnet. DHCP clients can send DHCP server a message asking to borrow or lease anIP address. The server then suggests an IP address, if accepted the server notes that theaddress is no longer available for assignment to any other hosts.DHCP supplies IP addresses to client, and it also supplies other information. For examplehosts need to know their IP address, plus subnet mask to use, plus default gateway to use,as well as IP address of any DNS servers. In most networks today DHCP supplies allthese facts to a typical end user host.Typically a PC used as DHCP server in an enterprise network. Routers can also providerDHCP server functions, dynamically assigning IP addresses to host in a small or home 38
  39. 39. office environment, use DHCP client functions (router can act as DHCP clients as well)to dynamically lease IP address from an ISP.4 typical DHCP messages to acquire an IP address1. DHCP discover message (LAN Broadcast) (from DHCP Client)2. DHCP offer message directed to client (From DHCP Server to broadcasting Client)3. DHCP request message directed to server4. DHCP acknowledgment with information (IP Address, Mask, Default Gateway etc) directed to clientICMP Echo and Ping commandPing – (Packet Internet Groper) a tool for network connectivity testing, uses InternetControl Message Protocol (ICMP), sending a message called ICMP echo request toanother ip address, the computer with that ip address replies with an ICMP echo reply.ICMP just tests the IP connectivity, layer 1,2 and 3 of the OSI network model.ARP : Address resolution protocol – an internet protocol used to map an ip address to aMAC address, defined in RFC 826.Default Gateway/Default Router: On an IP host, the IP address of some router to whichthe host sends packets when the packets destination ip address is on a subnet other thanthe host’s local subnet.DHCP : Dynamic Host Configuration Protocol. A protocol used by hosts to dynamicallydiscover and lease an ip address, and learn the correct subnet mask, default gateway,DNS server ip address.DNS : Domain Name System. An application layer protocol used throughout the internetfor translating host names into their associated IP addresses.Host part : a term used to describe part of an IPV4 address that is used to uniquelyidentify a host inside a subnet. Host part is identified by bits of value 0 in the subnetmask.IP Address : In IP Version 4 (IPv4), a 32 bit address assigned to host using TCP/IP.Each address consists of a network number, optional subnetwork number, and hostnumber. Network number and subnetwork number together are used for routing, and thehost number is used to address an individual host within a network or subnetwork. 39
  40. 40. Logical Address : A generic reference to addresses as defined by layer 3 protocols,which do not have to be concerned with the physical details of the underlying physicalmedia. Used mainly in contrast with the data link addresses which are physical addressesbased on the physical medium used.Network broadcast address : In IPv4 an a special address in each classful network thatcan be used to broadcast a packet to all hosts in the same classful network. Numericallythe address has the same value as the network number in the network part and a value of255 in all the host part.Network Number / Network Address : A number that uses the same decimal notationas that of the IP address, but the number itself represents all the hosts in a single classA,B or C ip network.Network Part : The portion of an IPv4 address, 1,2 or 3 octect/bytes long based onwhether the address is in a Class A,B or C network.Routing Table : A list of routes in a router, with each route listing the destination subnetand mask, router interface out which to forward the packets destined to that subnet, andas needed, the next hop routers IP address.Subnet broadcast address : A special address in each subnet, specifically the largestnumeric address in the subnet, designed so that the packets send to this address should bedelivered to all hosts in that subnet.Subnet number / Subnet Address : In IPv4 a dotted decimal number that represents alladdresses in a single subnet. Numerically the smallest value in the range of number in asubnet, reserved so that it cannot be used as a unicast address by a host.Subnet Part : In a subnetted IPv4 address, interpreted with classful addressing rules, oneof the three parts of the structure of an IP address, with the subnet part uniquelyidentifying different subnets of a classful IP network.Please go to ……Do I know this Already –QUIZ. – Chapter 5. :- Page 94. 40
  41. 41. Chapter 6 - Fundamentals of TCP/IP Transport, Applications and SecurityMajor functions of Layer 4 – Transport layer protocol are error recovery and flowcontrol. Most data link protocols notice errors a process called error detection, but thendiscard frames that have errors. TCP provides for re-transmission (error recovery) andhelps to avoid congestion (flow control).TCP/IP Transport Layer Features, only the first item is supported by UDPFunction DescriptionMultiplexing using ports Functions that allows the receiving hosts to choose the correct application for which the data is destined, based on the port number.Error recovery (reliability) Process of numbering and acknowledging data with sequence and acknowledgement header fields.Flow control using Process that uses window sizes to protect buffer space andwindowing routing devices.Connection establishment Process used to initialize port number, sequence andand termination acknowledgement header fieldsOrdered data transfer and Continuous stream of bytes from an upper layer process thatdata segmentation is ‘segmented’ for transmission and delivered to upper layer process at the receiving device, with the bytes in the same order.TCP provides error recovery but to do so it consumes more bandwidth and use moreprocessing cycles. UDP does not perform error recovery but it takes less bandwidth anduses fewer processing cycles. 41
  42. 42. TCP Header Fields0 16 31----------------------------------------------------------------------------------------------------- Source Port (16) Destination Port (16) Sequence Number (32) Acknowledgment Number (32)Header Reserved(6) Code Bits(6) Window (16)Length(4) Checksum (16) Urgent (16) Options (0 – 32 if any) Data (varies)-----------------------------------------------------------------------------------------------------Multiplexing using TCP port NumbersTCP and UDP multiplexing enables the receiving computer to know which application togive the data to.When two computers communicate between different applications, TCP and UDPsegments use different destination port numbers so that the receiving computer knowswhich application to give the data to.Multiplexing relies on a concept called sockets. A socket consists of three things:• An IP Address• A transport protocol• A port numberFor a webserver application the socket would be (, TCP, Port 80) because, bydefault web servers use the well know port 80. When a client web browser connects to aweb server it also uses a socket possibly like (, TCP, Port 1030), client hoststypically allocate a unique ‘dynamic port numbers’ starting at 1024 because portnumber below 1024 are reserved for well known applications such as web server. 42
  43. 43. Multiplexing based on socket ensures that data is delivered to the correct application. Applications that provide services such as FTP, Telnet and web servers. Open a socket using well-known port and listen for connection requests.Ad Wire Web Ad Wire WebApplication Application Browser Application Application BrowserPort 1025 Port 1028 Port 1030 Port 800 Port 20,100 Port 80UDP TCP UDP TCP IP Address IP Address | | | | | | | |, TCP,1030 --------------, TCP,80 | | |,TCP,1028 -------------------------------,TCP,20,100 |,UDP,1025 -----------------------------,UDP,800 Connection between Sockets 43
  44. 44. Popular applications and their well know portsPort Number Protocol Application20 TCP FTP data21 TCP FTP control22 TCP SSH23 TCP Telnet25 TCP SMTP53 UDP,TCP DNS67,68 UDP DHCP69 UDP TFPT80 TCP HTTP(WWW)110 TCP POP3161 UDP SNMP443 TCP SSL16,384 - 32,767 UDP RTP based Voice (VoIP) and VideoError Recovery (Reliability)To accomplish reliability, TCP numbers data bytes using sequence and acknowledgefields in the TCP header. TCP achieves reliability in both directions, using sequencenumber field of one direction combined with the acknowledgement field in the oppositedirection. TCP Acknowledgement without errors Web Server Web Client 1000 Bytes of data Sequence = 1000 1000 Bytes of data Sequence = 2000 1000 Bytes of data Sequence = 3000 No data Acknowledgement = 4000The acknowledgement field in the TCP header sent by the web client (4000) implies thenext byte to be received, this is called forward acknowledgment. The sequence numberreflects the number of first byte in the segment. In this case each TCP segment is 1000bytes long. 44
  45. 45. TCP Acknowledgement with errors Web Server Web Client 1000 Bytes of data Sequence = 1000 1000 Bytes of data Sequence = 2000 (***LOST***) 1000 Bytes of data Sequence = 3000 No data Acknowledgement = 2000 1000 Bytes of data Sequence = 2000 No data Acknowledgement = 4000The second TCP segment was lost or is in error, web client’s reply has anacknowledgement field = 2000, implying that the web client is expecting byte 2000 next,TCP functions at the web server re-sends the second segment and waits for anACK=4000.Flow Control using WindowingTCP implements flow control by taking advantage of Sequence and Acknowledgmentfields in the TCP header, along with another field called the Window field. Window fieldimplies the maximum number unacknowledged bytes that are allowed at any point intime. The window starts small and grows until error occurs, additionally actual Sequenceand Acknowledgments numbers also grows, so it is called dynamic window, or slidingwindow. When the window is full, the sender does not send, and thereby controls theflow of data.Receiver grants window to the sender, sender send until the window is full, waits for theacknowledgement, if no errors occurred, the receiver grants larger window. 45
  46. 46. TCP Windowing 3000 dow , Win 1000 ACK 1000 Bytes of data Seq uence = 10 00 Web Server 1000 Byte s of data Se Web Client quence = 2000 1000 By tes of data Se quence = 3 000 4000 dow , Win 4000 ACK 1000 Bytes of data Seq uence = 4000 1000 Bytes of data Seq uence = 5000 1000 Byte s of data Seq uence = 60 00 1000 Bytes of data Seq uence = 7000Windowing does not require that sender stops sending in all cases. If anacknowledgement is received before the window is exhausted, a new window begins andsender continues sending data until the current window is exhausted. The term PositiveAcknowledgement and Re-transmission [PAR] is sometimes used to describe errorrecovery and windowing process that TCP uses. 46
  47. 47. Connection establishment and terminationTCP connection establishment refers to the process of initialling sequence andacknowledgement fields and agreeing on the port numbers used.TCP header has no single socket field, of the three parts of the socket, IP address isimplied by the source and destination ip address in the ip header, TCP is implied by theprotocol type field in the ip header and also because TCP header is in use. Only part ofthe socket that needs to be encoded in the TCP header are the port numbers.TCP connection establishment – Three way connection establishment flow must becomplete before data transfer can begin. SEQ = 200 SYN, DPORT = 80, SPORT = 1027 SEQ = 1450, ACK=201 SYN, ACK,, DPORT=1027, SPORT = 80 SEQ=201, ACK=1451 Web Client ACK, DPORT=80, SPORT=1027 Web ServerTCP signals connection establishment using two bits inside the flag field of the TCPheader, called SYN and ACK flags.SYN : Synchronize the Sequence numbersACK : Acknowledgment field is valid in this headerAcknowledgement field cannot be useful until the sequence field is initialized andcontinues to be set until the connection is terminated.TCP Connection Termination : Four way termination flow uses an additional fieldcalled FIN bit (Finished), before sending the third TCP segment, PC on right notifies theapplication connection is coming down, it then waits for an acknowledge from theapplication before sending the third segment in the flow, in case the application takessome time to respond the second flow in the figure is send, acknowledging the PC on theleft that it can take the connection down, otherwise the it will send the first segmentrepeatedly. 47
  48. 48. ACK, FIN SEQ = 1000 ACK ACK = 1001 PC ACK, FIN ACK = 1001, SEQ = 1470 PC ACK ACK = 1471TCP establishes and terminates connection between end-points whereas UDP does not.Connection Oriented Protocol: A protocol that require exchange of messages beforedata transfer begins or that has a required pre-established correlation between two end-points.Connectionless Protocol : A protocol that does not require exchange of messages beforedata transfer beings and that does not require a pre-established correlation between twoend-points.Data Segmentation and Ordered Data TransferMTU – Maximum Transmission Unit – maximum data (Layer 3 (IP) Packet) that can besent inside a data link frame, mostly including Ethernet it is 1500 bytes.TCP segments large amounts of application data into segments, typically into 1460 bytechunks (TCP and IP header are each 20 bytes).TCP receiver does the ordered data transfer by reassembling the data into the originalorder.UDP – User Datagram ProtocolUDP support data transfer and multiplexing using ports numbers, and has fewer bytes ofoverhead and less processing is required compared to TCP.UDP is used by application such as VoIP , DNS, NFS etc, applications where loss of datais tolerant (VoIP) or they have some application mechanism to recover the lost data(DNS). 48
  49. 49. TCP and UDP headersSource Dest- Seq Ack Off Rese Flags Win Check Urg Opt PADPort Port Num Num set rved dow Sum ent ions ber ber Size2 2 4 4 4bits 6bits 2 2 2 3 1TCP HeaderSource Dest- Length ChecksumPort Port2 2 2 2UDP HeaderNotice no Sequence and Acknowledge fields in the UDP header. UDP does not requirewaiting on acknowledgments or holding the data in memory until it is acknowledged, thismeans UDP applications are not artificially slowed by the acknowledgment process, andmemory is freed more quickly.TCP ApplicationsVoIP : An application protocol passes voice traffic over data networks inside IP Packets.A generic Voice Adaptor (VA) converts analog voice signals from the normal telephoneto an IP Packets and sends it over the internet from a home dsl line.VoIP PacketIP UDP RTP Digital Voice BitsA single VoIP call that passes over a WAN typically takes less than 30 kbps ofbandwidth, but it has several other QoS demands on the network before the VoIP trafficwill sound good…Low Delay : VoIP requires a very low delay between sending phone and the receivingphone – typically less than 200 milliseconds (.2 seconds). This is much lower delay thanwhat is required by a typical data application.Lower Jitter : Jitter is the variation in delay. VoIP requires very low jitter as well, whereas data applications can tolerate much higher jitter. For example the jitter for consecutiveVoIP packets should not exceed 30 milliseconds (.03 seconds), or the quality degrades. 49
  50. 50. Loss : If a VoIP packet is lost during transmission, no attempt is made to recover thepacket, as it will be useless by the time it is recovered because of the Delay and Jitterissues. Lost packets can sound like a break in the sound of the VoIP call.Video over IP requires a lot more bandwidth in the range of 300-400 kbps to 3-10 Mbpsper video.Type of Applcation Bandwidth Delay Jitter LossVoIP Low Low Low LowTwo-way Video over IP Medium/High Low Low Low (such as videoconfernceing)One-way Video over IP Medium Medium Medium Low (security camera)Interactive Mission Critical data Medium Medium High High(web based payroll)Interactive Business Data Low/medium Medium High High(online chat with a co-worker)File Transfer High High High High(Backing up disk drive)Non Business Medium High High High(Browsing)To support QoS requirements of various applications, routers and switches can beconfigured with a wide variety of QoS tools. 50
  51. 51. The World Wide Web, HTTP and SSL.DNS resolution and requesting a web page IP Header UDP Header DNS request 1. Type URL Source Source port 1030 What is ip address Dest. Dest. Port 53 of 2. dns name resolution request DNS Server IP Header UDP Header IP Address is Source 192 .31.7.1 Source port 53 Dest. 64.100 .1.1 Dest. Port 1030 3. dns name resolution reply Client PC tup n Se ectio onn CP C 4. T IP Header TCP Header Source Source port 1035 Dest. Dest. Port 80 Web Server198.133.219 .25Multiple HTTP get requests/responses HTTP GET (/go/ccna) User typed Http:// HTTP OK data: /go/ccna HTTP GET /graphics/logo1.gif HTTP OK data: log1.gif Web browser HTTP GET /graphics/ad1.gif Client HTTP OK data: ad1.gif 51
  52. 52. Network SecurityFirewalls : Firewalls are mainly the best known security appliances, sitting betweenenterprise network and the dark cold internet. The firewall mainly looks at the transportlayer port numbers and the application layer headers to prevent certain port andapplications from getting packets into the enterprise.Kind of security attacks…Denial of service attacks : An attack whose purpose is to break things DoS attackscalled Destroyers try to harm the hosts, erasing data and software. DoS attacks calledCrashers cause harm by causing hosts to fail or causing the machine to no longer be ableto connect to the network. Also DoS attacks called Flooders , flood the network withpackets making the network unusable, preventing any useful communication with theserver.Reconnaissance attacks : This kind of attack may be disruptive as a side effect, but itsgoal is gathering information to perform an access attack. An example is learning IPaddress and then try to discover servers, that does not appear to require encryption toconnect to the server.Access Attacks : An attempt to steal data, typically for financial advantage, for acompetitive advantage with another company, or even for international espionage.Computer Viruses are just one tool that can be used to carry out any of these attacks.Virus Signature : Characteristics of virusesCommon Security Issues in an EnterpriseAccess from the Wireless LAN : Wireless radio signals might leave the building, so anunsecured wireless LAN allows the user across the street in a coffee shop to access theenterprise network and rest of the devices in the enterprise network.Infected Mobile Laptops : An employee connected an infected (from home) laptop tothe enterprise network, causing the virus to spread to other vulnerable PCs.Disgruntled Employees : An employee (who is planning to move to a new company)stealing the information from the network into portable devices.Cisco uses the term Security in Depth to refer to a security design that includes securitytools throughout the network, including features in routers and switches. Cisco also usesthe term “Self Defending Network” to refer to automation in which network devicesautomatically react to network problems. 52